freeradius server works only on localhost

Ron Eggler ron.eggler at gmail.com
Thu Jun 24 16:40:30 CEST 2021 

On 2021-06-24 7:27 a.m., Matthew Newton wrote:
>
>
> On 24/06/2021 15:22, Ron Eggler wrote:
>> 6508    13.018560775    192.168.1.87 192.168.1.221 RADIUS    126 
>> Access-Request id=111
>> 7900    18.026087338    192.168.1.87    192.168.1.221    RADIUS 126 
>> Access-Request id=111, Duplicate Request
>> 9210    23.042855784    192.168.1.87    192.168.1.221    RADIUS  126 
>>   Access-Request id=111, Duplicate Request
>>
>> Hence I suspect that the issue may be with the RADIUS server 
>> configuration, rather than with my network setup - is that suspicion 
>> wrong?
>
> What does radiusd -X say?

Oh, that's good!


listen {
         type = "auth"
         ipaddr = 127.0.0.1
         port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 49015
Listening on proxy address :: port 56868
Ready to process requests

and then when I sen the requests:

Ignoring request to auth address * port 1812 bound to server default 
from unknown client 192.168.1.87 port 45044 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default 
from unknown client 192.168.1.87 port 45044 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default 
from unknown client 192.168.1.87 port 45044 proto udp
Ready to process requests

I guess I'll need to configure the client somewhere first....


>
> If the packets are hitting FreeRADIUS then it will tell you that (even 
> if the client is unknown, it will say *something*).
>
> If they are not getting to FreeRADIUS, then they are being 
> blocked/lost elsewhere (e.g. iptables, other firewall, wrong IP/port, 
> etc).
>
> See https://wiki.freeradius.org/list-help for info on getting debug 
> output.
>

More information about the Freeradius-Users mailing list