CoA/DM over RADSEC - FreeRadius server ignores the CoA/DM request as Invalid when receives over TLS
Hi, I am a freeradius use for long time since 2.1.12 releases. . Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part. Already I tested the auhtntication and accounting over RADSEC and it works fine But for CoA/DM over RADSEC, I see some enhancement is required in freeradius server. *[Description]* On receiving the CoA/DM request from one freeradius server over TLS, I see freeradius server is discarding it with the below error. *Error: Invalid packet code 45 sent to a proxy port from home server 10.174.75.66 port 2084 - ID 154 : IGNORED* When I see the code where the error happens, I found like in */src/main/tls_listen.c* under function *dual_tls_recv *we may required to include below two cases to solve this. * case PW_CODE_COA_REQUEST:* FR_STATS_INC(coa, total_requests); fun = rad_coa_recv; break; * case PW_CODE_DISCONNECT_REQUEST:* FR_STATS_INC(dsc, total_requests); fun = rad_coa_recv; break; After I added this above lines in the same place, CoA/DM works fine. My asking is to help to review this changes and check if we can we include this changes in newer release. Waiting for your response as earlist. Thanks, Saurabha Kumar Badhai
On Apr 7, 2020, at 8:15 AM, saurabha badhai <saurabha.badhai@gmail.com> wrote:
I am a freeradius use for long time since 2.1.12 releases.
Thanks!
Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part. Already I tested the auhtntication and accounting over RADSEC and it works fine
But for CoA/DM over RADSEC, I see some enhancement is required in freeradius server.
*[Description]* On receiving the CoA/DM request from one freeradius server over TLS, I see freeradius server is discarding it with the below error.
*Error: Invalid packet code 45 sent to a proxy port from home server 10.174.75.66 port 2084 - ID 154 : IGNORED*
That is a CoA NAK. Yes, it should allow CoA / DM over TLS.
When I see the code where the error happens, I found like in */src/main/tls_listen.c* under function *dual_tls_recv *we may required to include below two cases to solve this.
That's for receiving CoA packets over TLS. Yes, that should be allowed, too.
After I added this above lines in the same place, CoA/DM works fine. My asking is to help to review this changes and check if we can we include this changes in newer release.
I've pushed some patches. That should help. Alan DeKok.
Thanks Alan for quick response.and pushed the fix. !!! -/Saurabha Kumar Badhai On Tue, Apr 7, 2020 at 6:45 PM Alan DeKok <aland@deployingradius.com> wrote:
On Apr 7, 2020, at 8:15 AM, saurabha badhai <saurabha.badhai@gmail.com> wrote:
I am a freeradius use for long time since 2.1.12 releases.
Thanks!
Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part. Already I tested the auhtntication and accounting over RADSEC and it works fine
But for CoA/DM over RADSEC, I see some enhancement is required in freeradius server.
*[Description]* On receiving the CoA/DM request from one freeradius server over TLS, I see freeradius server is discarding it with the below error.
*Error: Invalid packet code 45 sent to a proxy port from home server 10.174.75.66 port 2084 - ID 154 : IGNORED*
That is a CoA NAK. Yes, it should allow CoA / DM over TLS.
When I see the code where the error happens, I found like in */src/main/tls_listen.c* under function *dual_tls_recv *we may required to include below two cases to solve this.
That's for receiving CoA packets over TLS. Yes, that should be allowed, too.
After I added this above lines in the same place, CoA/DM works fine. My asking is to help to review this changes and check if we can we include this changes in newer release.
I've pushed some patches. That should help.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
participants (2)
-
Alan DeKok -
saurabha badhai