FreeRADIUS Version 3.0.20 Copyright (C) 1999-2019 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/3.0/dictionary including configuration file /etc/freeradius/3.0/radiusd.conf including configuration file /etc/freeradius/3.0/proxy.conf including configuration file /etc/freeradius/3.0/clients.conf including files in directory /etc/freeradius/3.0/mods-enabled/ including configuration file /etc/freeradius/3.0/mods-enabled/exec including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth including configuration file /etc/freeradius/3.0/mods-enabled/chap including configuration file /etc/freeradius/3.0/mods-enabled/passwd including configuration file /etc/freeradius/3.0/mods-enabled/digest including configuration file /etc/freeradius/3.0/mods-enabled/unix including configuration file /etc/freeradius/3.0/mods-enabled/realm including configuration file /etc/freeradius/3.0/mods-enabled/detail including configuration file /etc/freeradius/3.0/mods-enabled/soh including configuration file /etc/freeradius/3.0/mods-enabled/preprocess including configuration file /etc/freeradius/3.0/mods-enabled/logintime including configuration file /etc/freeradius/3.0/mods-enabled/pap including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients including configuration file /etc/freeradius/3.0/mods-enabled/always including configuration file /etc/freeradius/3.0/mods-enabled/utf8 including configuration file /etc/freeradius/3.0/mods-enabled/detail.log including configuration file /etc/freeradius/3.0/mods-enabled/radutmp including configuration file /etc/freeradius/3.0/mods-enabled/mschap including configuration file /etc/freeradius/3.0/mods-enabled/expiration including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp including configuration file /etc/freeradius/3.0/mods-enabled/expr including configuration file /etc/freeradius/3.0/mods-enabled/unpack including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap including configuration file /etc/freeradius/3.0/mods-enabled/replicate including configuration file /etc/freeradius/3.0/mods-enabled/linelog including configuration file /etc/freeradius/3.0/mods-enabled/files including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter including configuration file /etc/freeradius/3.0/mods-enabled/echo including files in directory /etc/freeradius/3.0/policy.d/ including configuration file /etc/freeradius/3.0/policy.d/eap including configuration file /etc/freeradius/3.0/policy.d/canonicalization including configuration file /etc/freeradius/3.0/policy.d/dhcp including configuration file /etc/freeradius/3.0/policy.d/debug including configuration file /etc/freeradius/3.0/policy.d/cui including configuration file /etc/freeradius/3.0/policy.d/rfc7542 including configuration file /etc/freeradius/3.0/policy.d/operator-name including configuration file /etc/freeradius/3.0/policy.d/accounting including configuration file /etc/freeradius/3.0/policy.d/filter including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids including configuration file /etc/freeradius/3.0/policy.d/abfab-tr including configuration file /etc/freeradius/3.0/policy.d/control including files in directory /etc/freeradius/3.0/sites-enabled/ including configuration file /etc/freeradius/3.0/sites-enabled/tls including configuration file /etc/freeradius/3.0/tls_clients.conf main { security { user = "freerad" group = "freerad" allow_core_dumps = yes } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } Cannot update core dump limit: Operation not permitted Core dumps are enabled main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 16384 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server rmr-aus-e032 { ipaddr = rmr-aus-e032 IPv4 address [206.XX.XXX.117] port = 1234 type = "auth+acct" proto = "tcp" secret = <<< secret >>> response_window = 3.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 30 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 60 limit { max_connections = 0 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server rmr-aus-e053 { ipaddr = rmr-aus-e053 IPv4 address [206.XX.XXX.70] port = 1234 type = "auth+acct" proto = "tcp" secret = <<< secret >>> response_window = 3.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 30 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 60 limit { max_connections = 0 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool datacenter_pool { type = keyed-balance home_server = rmr-aus-e032 home_server = rmr-aus-e053 } realm to_datacenter { auth_pool = datacenter_pool nostrip } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debug state unknown (cap_sys_ptrace capability not set) systemd watchdog is disabled radiusd: #### Instantiating modules #### modules { # Loaded module rlm_exec # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm realm bangpath { format = "prefix" delimiter = "!" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_detail # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/3.0/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8 # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_radutmp # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files files { filename = "/etc/freeradius/3.0/mods-config/files/authorize" acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy" } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } instantiate { } # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/3.0/radiusd.conf } # server server radsec { # from file /etc/freeradius/3.0/sites-enabled/tls # Loading authorize {...} # Loading post-proxy {...} } # server radsec thread pool { start_servers = 5 max_servers = 256 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 cleanup_delay = 5 max_queue_size = 65536 auto_limit_acct = no } Thread spawned new child 1. Total threads in pool: 1 Thread 1 waiting to be assigned a request Thread spawned new child 2. Total threads in pool: 2 Thread 2 waiting to be assigned a request Thread spawned new child 3. Total threads in pool: 3 Thread 3 waiting to be assigned a request Thread spawned new child 4. Total threads in pool: 4 Thread 4 waiting to be assigned a request Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized radiusd: #### Opening IP addresses and Ports #### Thread 5 waiting to be assigned a request listen { type = "auth+acct" virtual_server = "radsec" ipaddr = 0.0.0.0 port = 2083 proto = "tcp" tls { verify_depth = 0 ca_path = "/var/local/certs/rootcerts" pem_file_type = yes private_key_file = "/var/local/certs/rmr-aus-e032-pub.key" certificate_file = "/var/local/certs/rmr-aus-e032-pub.crt" ca_file = "/var/local/certs/rmr-aus-e032-pub.crt" dh_file = "/var/local/certs/dh" random_file = "/dev/urandom" fragment_size = 8192 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" require_client_cert = yes ecdh_curve = "prime256v1" tls_max_version = "" tls_min_version = "1.2" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } } limit { max_connections = 0 lifetime = 0 idle_timeout = 0 } clients = "radsec" client LS { ipaddr = 172.29.93.0/24 require_message_authenticator = no secret = <<< secret >>> proto = "tls" limit { max_connections = 900 lifetime = 0 idle_timeout = 4800 } } } Listening on auth+acct proto tcp address * port 2083 (TLS) bound to server radsec Ready to process requests ... new connection request on TCP socket Listening on auth+acct from client (172.29.93.13, 2000) -> (*, 2083, virtual-server=radsec) Waking up in 0.8 seconds. (0) Initiating new TLS session (0) Setting verify mode to require certificate from client (0) (other): before SSL initialization (0) TLS_accept: before SSL initialization (0) TLS_accept: before SSL initialization (0) <<< recv TLS 1.3 [length 00a3] (0) TLS_accept: SSLv3/TLS read client hello (0) >>> send TLS 1.2 [length 0035] (0) TLS_accept: SSLv3/TLS write server hello (0) >>> send TLS 1.2 [length 0f05] (0) TLS_accept: SSLv3/TLS write certificate (0) >>> send TLS 1.2 [length 016d] (0) TLS_accept: SSLv3/TLS write certificate request (0) >>> send TLS 1.2 [length 0004] (0) TLS_accept: SSLv3/TLS write server done (0) TLS_accept: Need to read more data: SSLv3/TLS write server done (0) TLS - In Handshake Phase (0) TLS - got 4287 bytes of data Waking up in 0.8 seconds. (0) TLS_accept: SSLv3/TLS write server done (0) <<< recv TLS 1.2 [length 0429] (0) TLS - Creating attributes from certificate OIDs (0) TLS-Cert-Serial := "609498c15469e42ac03ba4cada5c58f9ed6628a6" (0) TLS-Cert-Expiration := "231119182155Z" (0) TLS-Cert-Subject := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS-Cert-Issuer := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS - Creating attributes from certificate OIDs (0) TLS-Client-Cert-Serial := "6fa4a839f024accfb60feab79c5e136ed96e9514" (0) TLS-Client-Cert-Expiration := "220613183843Z" (0) TLS-Client-Cert-Subject := "/C=US/ST=CA/O=MyOrg, Inc./CN=awsswf.landslide.com" (0) TLS-Client-Cert-Issuer := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS-Client-Cert-Common-Name := "awsswf.landslide.com" (0) TLS_accept: SSLv3/TLS read client certificate (0) <<< recv TLS 1.2 [length 0106] (0) TLS_accept: SSLv3/TLS read client key exchange (0) <<< recv TLS 1.2 [length 0108] (0) TLS_accept: SSLv3/TLS read certificate verify (0) TLS_accept: SSLv3/TLS read change cipher spec (0) <<< recv TLS 1.2 [length 0010] (0) TLS_accept: SSLv3/TLS read finished (0) >>> send TLS 1.2 [length 0001] (0) TLS_accept: SSLv3/TLS write change cipher spec (0) >>> send TLS 1.2 [length 0010] (0) TLS_accept: SSLv3/TLS write finished (0) (other): SSL negotiation finished successfully (0) TLS - Connection Established (0) TLS-Session-Cipher-Suite = "AES128-GCM-SHA256" (0) TLS-Session-Version = "TLS 1.2" (0) TLS - got 51 bytes of data Waking up in 0.8 seconds. Waking up in 3600.4 seconds. (0) Application data status 7 (0) tls_recv: Status-Server packet from host 172.29.93.13 port 2000, id=0, length=56 Threads: total/active/spare threads = 5/0/5 Waking up in 0.3 seconds. Thread 5 got semaphore Thread 5 handling request 0, (1 handled so far) (0) Received Status-Server Id 0 from 172.29.93.13:2000 to 0.0.0.0:2083 length 56 Dropping packet without response because of error: Received packet from 172.29.93.13 with invalid Message-Authenticator! (Shared secret is incorrect.) Thread 5 waiting to be assigned a request (0) Cleaning up request packet ID 0 with timestamp +32 Waking up in 3571.0 seconds. Closing TLS socket from client port 2000 (0) >>> send TLS 1.2 [length 0002] Client has closed connection ... shutting down socket auth+acct from client (172.29.93.13, 2000) -> (*, 2083, virtual-server=radsec) Waking up in 2.9 seconds. ... cleaning up socket auth+acct from client (172.29.93.13, 2000) -> (*, 2083, virtual-server=radsec) Ready to process requests ... new connection request on TCP socket Listening on auth+acct from client (172.29.93.13, 2000) -> (*, 2083, virtual-server=radsec) Waking up in 0.6 seconds. (0) Initiating new TLS session (0) Setting verify mode to require certificate from client (0) (other): before SSL initialization (0) TLS_accept: before SSL initialization (0) TLS_accept: before SSL initialization (0) <<< recv TLS 1.3 [length 00a3] (0) TLS_accept: SSLv3/TLS read client hello (0) >>> send TLS 1.2 [length 0035] (0) TLS_accept: SSLv3/TLS write server hello (0) >>> send TLS 1.2 [length 0f05] (0) TLS_accept: SSLv3/TLS write certificate (0) >>> send TLS 1.2 [length 016d] (0) TLS_accept: SSLv3/TLS write certificate request (0) >>> send TLS 1.2 [length 0004] (0) TLS_accept: SSLv3/TLS write server done (0) TLS_accept: Need to read more data: SSLv3/TLS write server done (0) TLS - In Handshake Phase (0) TLS - got 4287 bytes of data Waking up in 0.6 seconds. (0) TLS_accept: SSLv3/TLS write server done (0) <<< recv TLS 1.2 [length 0429] (0) TLS - Creating attributes from certificate OIDs (0) TLS-Cert-Serial := "609498c15469e42ac03ba4cada5c58f9ed6628a6" (0) TLS-Cert-Expiration := "231119182155Z" (0) TLS-Cert-Subject := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS-Cert-Issuer := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS - Creating attributes from certificate OIDs (0) TLS-Client-Cert-Serial := "6fa4a839f024accfb60feab79c5e136ed96e9514" (0) TLS-Client-Cert-Expiration := "220613183843Z" (0) TLS-Client-Cert-Subject := "/C=US/ST=CA/O=MyOrg, Inc./CN=awsswf.landslide.com" (0) TLS-Client-Cert-Issuer := "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd" (0) TLS-Client-Cert-Common-Name := "awsswf.landslide.com" (0) TLS_accept: SSLv3/TLS read client certificate (0) <<< recv TLS 1.2 [length 0106] (0) TLS_accept: SSLv3/TLS read client key exchange (0) <<< recv TLS 1.2 [length 0108] (0) TLS_accept: SSLv3/TLS read certificate verify (0) TLS_accept: SSLv3/TLS read change cipher spec (0) <<< recv TLS 1.2 [length 0010] (0) TLS_accept: SSLv3/TLS read finished (0) >>> send TLS 1.2 [length 0001] (0) TLS_accept: SSLv3/TLS write change cipher spec (0) >>> send TLS 1.2 [length 0010] (0) TLS_accept: SSLv3/TLS write finished (0) (other): SSL negotiation finished successfully (0) TLS - Connection Established (0) TLS-Session-Cipher-Suite = "AES128-GCM-SHA256" (0) TLS-Session-Version = "TLS 1.2" (0) TLS - got 51 bytes of data Waking up in 0.6 seconds. Waking up in 3600.4 seconds. (0) Application data status 7 (0) tls_recv: Access-Request packet from host 172.29.93.13 port 2000, id=0, length=483 Waking up in 0.3 seconds. Thread 1 waiting to be assigned a request (0) Application data status 7 (0) tls_recv: Access-Request packet from host 172.29.93.13 port 2000, id=9, length=483 Waking up in 0.1 seconds. Thread 5 got semaphore Thread 5 handling request 10, (3 handled so far) (10) Received Access-Request Id 9 from 172.29.93.13:2000 to 0.0.0.0:2083 length 483 (10) User-Name = "03111800000899580" (10) NAS-Identifier = "wifi" (10) Called-Station-Id = "00:00:00:00:00:09" (10) NAS-Port = 1 (10) NAS-Port-Type = Wireless-802.11 (10) NAS-IP-Address = 10.0.1.2 (10) Calling-Station-Id = "67:6C:39:10:12:79" (10) EAP-Message = 0x02000038013033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f7267 (10) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (10) Message-Authenticator = 0x3c9c346bc6ebb77a09c211ea665a3d5f (10) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/tls (10) authorize { (10) update control { (10) EXPAND %{User-Name} (10) --> 03111800000899580 (10) Load-Balance-Key := 03111800000899580 (10) &Proxy-To-Realm := "to_datacenter" (10) } # update control = noop (10) } # authorize = noop (10) Starting proxy to home server 206.XX.XXX.70 port 1234 (10) server radsec { (10) } (10) Proxying request to home server 206.XX.XXX.70 port 1234 timeout 3.000000 (10) Sent Access-Request Id 245 from 172.19.0.2:37787 to 206.XX.XXX.70:1234 length 486 (10) User-Name = "03111800000899580" (10) NAS-Identifier = "wifi" (10) Called-Station-Id = "00:00:00:00:00:09" (10) NAS-Port = 1 (10) NAS-Port-Type = Wireless-802.11 (10) NAS-IP-Address = 10.0.1.2 (10) Calling-Station-Id = "67:6C:39:10:12:79" (10) EAP-Message = 0x02000038013033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f7267 (10) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (10) Message-Authenticator = 0x3c9c346bc6ebb77a09c211ea665a3d5f (10) Proxy-State = 0x39 Thread 5 waiting to be assigned a request (0) Application data status 7 (0) tls_recv: Access-Request packet from host 172.29.93.13 port 2000, id=10, length=478 (27) Received Access-Request Id 26 from 172.29.93.13:2000 to 0.0.0.0:2083 length 483 (27) User-Name = "03111800000899670" (27) NAS-Identifier = "wifi" (27) Called-Station-Id = "00:00:00:00:00:12" (27) NAS-Port = 1 (27) NAS-Port-Type = Wireless-802.11 (27) NAS-IP-Address = 10.0.1.2 (27) Calling-Station-Id = "2f:bc:c9:af:27:65" (27) EAP-Message = 0x02000038013033313131383030303030383939363740776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f7267 (27) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (27) Message-Authenticator = 0xff53b06692a56135a3a8ee1710aa78a4 (27) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/tls (27) authorize { (27) update control { (27) EXPAND %{User-Name} (27) --> 03111800000899670 (27) Load-Balance-Key := 03111800000899670 (27) &Proxy-To-Realm := "to_datacenter" (27) } # update control = noop (27) } # authorize = noop (27) Starting proxy to home server 206.XX.XXX.70 port 1234 (27) server radsec { (27) } (27) Proxying request to home server 206.XX.XXX.70 port 1234 timeout 3.000000 (27) Sent Access-Request Id 219 from 172.19.0.2:37787 to 206.XX.XXX.70:1234 length 487 (27) User-Name = "03111800000899670" (27) NAS-Identifier = "wifi" (27) Called-Station-Id = "00:00:00:00:00:12" (27) NAS-Port = 1 (27) NAS-Port-Type = Wireless-802.11 (27) NAS-IP-Address = 10.0.1.2 (27) Calling-Station-Id = "2f:bc:c9:af:27:65" (27) EAP-Message = 0x02000038013033313131383030303030383939363740776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f7267 (27) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (27) Message-Authenticator = 0xff53b06692a56135a3a8ee1710aa78a4 (27) Proxy-State = 0x3236 Thread 5 waiting to be assigned a request Thread 4 got semaphore Thread 4 handling request 10, (8 handled so far) (10) Clearing existing &reply: attributes (10) Received Access-Challenge Id 245 from 206.XX.XXX.70:1234 to 172.19.0.2:37787 length 646 (10) State = 0x4469616d657465722f68706e623032766f6c746568762e6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6175732d653035342d726d722e636f72702e776179706f72742e6e65743b313632393739323030323b343531363b3033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72673b6175732d653035342d726d722e636f72702e776179706f72742e6e6574 (10) EAP-Message = 0x010100801701000001050000d834db0c7f25514b0229ccb313a453a902050000598d89636eab800169b6f5ddc62c25b5860100008105000020533c40000e147533bbad3f336c260c820900004ea0226c7a792b727f4dcfee4cc5562bf4bc80966efd8162d0281747b8c55cbf0b0500004a7f2e1ff7d44d6c2394f121cdb0c35e (10) Message-Authenticator = 0x7b3abb7330b8979da1c091acb248810e (10) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (10) Proxy-State = 0x39 (10) server radsec { (10) # Executing section post-proxy from file /etc/freeradius/3.0/sites-enabled/tls (10) } (10) Using Post-Auth-Type Challenge (10) Post-Auth-Type sub-section not found. Ignoring. (10) Sent Access-Challenge Id 9 from 0.0.0.0:2083 to 172.29.93.13:2000 length 0 (10) State = 0x4469616d657465722f68706e623032766f6c746568762e6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6175732d653035342d726d722e636f72702e776179706f72742e6e65743b313632393739323030323b343531363b3033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72673b6175732d653035342d726d722e636f72702e776179706f72742e6e6574 (10) EAP-Message = 0x010100801701000001050000d834db0c7f25514b0229ccb313a453a902050000598d89636eab800169b6f5ddc62c25b5860100008105000020533c40000e147533bbad3f336c260c820900004ea0226c7a792b727f4dcfee4cc5562bf4bc80966efd8162d0281747b8c55cbf0b0500004a7f2e1ff7d44d6c2394f121cdb0c35e (10) Message-Authenticator = 0x7b3abb7330b8979da1c091acb248810e (10) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (10) Finished request Thread 4 waiting to be assigned a request (0) Application data status 7 (0) tls_recv: Access-Request packet from host 172.29.93.13 port 2000, id=27, length=687 Thread 2 got semaphore Thread 2 handling request 28, (8 handled so far) (28) Received Access-Request Id 27 from 172.29.93.13:2000 to 0.0.0.0:2083 length 687 (28) User-Name = "03111800000899580" (28) NAS-Identifier = "wifi" (28) Called-Station-Id = "00:00:00:00:00:09" (28) NAS-Port = 1 (28) NAS-Port-Type = Wireless-802.11 (28) NAS-IP-Address = 10.0.1.2 (28) Calling-Station-Id = "67:6C:39:10:12:79" (28) EAP-Message = 0x02010028170100000303004044c58d1d21dbe7130b050000a5784a5ade07ef56b8afc8c4d8e82c46 (28) State = 0x4469616d657465722f68706e623032766f6c746568762e6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6175732d653035342d726d722e636f72702e776179706f72742e6e65743b313632393739323030323b343531363b3033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72673b6175732d653035342d726d722e636f72702e776179706f72742e6e6574 (28) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (28) Message-Authenticator = 0x46e23db29e9ed838c1805493f3f61c4c (28) session-state: No cached attributes (28) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/tls (28) authorize { (28) update control { (28) EXPAND %{User-Name} (28) --> 03111800000899580 (28) Load-Balance-Key := 03111800000899580 (28) &Proxy-To-Realm := "to_datacenter" (28) } # update control = noop (28) } # authorize = noop (28) Starting proxy to home server 206.XX.XXX.70 port 1234 (28) server radsec { (28) } (28) Proxying request to home server 206.XX.XXX.70 port 1234 timeout 3.000000 (28) Sent Access-Request Id 120 from 172.19.0.2:37787 to 206.XX.XXX.70:1234 length 691 (28) User-Name = "03111800000899580" (28) NAS-Identifier = "wifi" (28) Called-Station-Id = "00:00:00:00:00:09" (28) NAS-Port = 1 (28) NAS-Port-Type = Wireless-802.11 (28) NAS-IP-Address = 10.0.1.2 (28) Calling-Station-Id = "67:6C:39:10:12:79" (28) EAP-Message = 0x02010028170100000303004044c58d1d21dbe7130b050000a5784a5ade07ef56b8afc8c4d8e82c46 (28) State = 0x4469616d657465722f68706e623032766f6c746568762e6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6570632e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72672f6175732d653035342d726d722e636f72702e776179706f72742e6e65743b313632393739323030323b343531363b3033313131383030303030383939353840776c616e2e6d6e633138302e6d63633331312e336770706e6574776f726b2e6f72673b6175732d653035342d726d722e636f72702e776179706f72742e6e6574 (28) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (28) Message-Authenticator = 0x46e23db29e9ed838c1805493f3f61c4c (28) Proxy-State = 0x3237 (28) Waiting for client retransmission in order to do a proxy retransmit (0) Application data status 7 (0) tls_recv: Access-Request packet from host 172.29.93.13 port 2000, id=81, length=478 Thread 3 waiting to be assigned a request (25) Waiting for client retransmission in order to do a proxy retransmit Waking up in 3.5 seconds. (5) Cleaning up request packet ID 4 with timestamp +127 (7) Cleaning up request packet ID 6 with timestamp +127 (9) Cleaning up request packet ID 8 with timestamp +127 (11) Cleaning up request packet ID 10 with timestamp +127 (3) Cleaning up request packet ID 2 with timestamp +127 (4) Cleaning up request packet ID 3 with timestamp +127 (1) Cleaning up request packet ID 0 with timestamp +127 (13) Cleaning up request packet ID 12 with timestamp +127 (10) Cleaning up request packet ID 9 with timestamp +127 (2) Cleaning up request packet ID 1 with timestamp +127 (6) Cleaning up request packet ID 5 with timestamp +127 (8) Cleaning up request packet ID 7 with timestamp +127 (12) Cleaning up request packet ID 11 with timestamp +127 (14) Cleaning up request packet ID 13 with timestamp +127 (16) Cleaning up request packet ID 15 with timestamp +127 (15) Cleaning up request packet ID 14 with timestamp +127 (17) Cleaning up request packet ID 16 with timestamp +127 (18) Cleaning up request packet ID 17 with timestamp +127 (20) Cleaning up request packet ID 19 with timestamp +127 (21) Cleaning up request packet ID 20 with timestamp +127 (19) Cleaning up request packet ID 18 with timestamp +127 (24) Cleaning up request packet ID 23 with timestamp +127 (26) Cleaning up request packet ID 25 with timestamp +127 (23) Cleaning up request packet ID 22 with timestamp +127 (31) Cleaning up request packet ID 30 with timestamp +127 (32) Cleaning up request packet ID 31 with timestamp +127 (22) Cleaning up request packet ID 21 with timestamp +127 (30) Cleaning up request packet ID 29 with timestamp +127 (35) Cleaning up request packet ID 34 with timestamp +127 (34) Cleaning up request packet ID 33 with timestamp +127 (39) Cleaning up request packet ID 38 with timestamp +127 (38) Cleaning up request packet ID 37 with timestamp +127 (46) Cleaning up request packet ID 45 with timestamp +127 (49) Cleaning up request packet ID 48 with timestamp +127 (45) Cleaning up request packet ID 44 with timestamp +127 (42) Cleaning up request packet ID 41 with timestamp +127 (48) Cleaning up request packet ID 47 with timestamp +127 (47) Cleaning up request packet ID 46 with timestamp +127 (44) Cleaning up request packet ID 43 with timestamp +127 (43) Cleaning up request packet ID 42 with timestamp +127 (51) Cleaning up request packet ID 50 with timestamp +127 (55) Cleaning up request packet ID 54 with timestamp +128 (53) Cleaning up request packet ID 52 with timestamp +127 (52) Cleaning up request packet ID 51 with timestamp +127 (50) Cleaning up request packet ID 49 with timestamp +127 (57) Cleaning up request packet ID 56 with timestamp +128 (58) Cleaning up request packet ID 57 with timestamp +128 (54) Cleaning up request packet ID 53 with timestamp +128 (60) Cleaning up request packet ID 59 with timestamp +128 (59) Cleaning up request packet ID 58 with timestamp +128 (56) Cleaning up request packet ID 55 with timestamp +128 (61) Cleaning up request packet ID 60 with timestamp +128 (62) Cleaning up request packet ID 61 with timestamp +128 (63) Cleaning up request packet ID 62 with timestamp +128 (66) Cleaning up request packet ID 65 with timestamp +128 (64) Cleaning up request packet ID 63 with timestamp +128 (65) Cleaning up request packet ID 64 with timestamp +128 (68) Cleaning up request packet ID 67 with timestamp +128 (69) Cleaning up request packet ID 68 with timestamp +128 (70) Cleaning up request packet ID 69 with timestamp +128 (67) Cleaning up request packet ID 66 with timestamp +128 (78) Cleaning up request packet ID 77 with timestamp +128 (76) Cleaning up request packet ID 75 with timestamp +128 (81) Cleaning up request packet ID 80 with timestamp +128 (75) Cleaning up request packet ID 74 with timestamp +128 (79) Cleaning up request packet ID 78 with timestamp +128 (74) Cleaning up request packet ID 73 with timestamp +128 (73) Cleaning up request packet ID 72 with timestamp +128 (71) Cleaning up request packet ID 70 with timestamp +128 (77) Cleaning up request packet ID 76 with timestamp +128 (82) Cleaning up request packet ID 81 with timestamp +128 (83) Cleaning up request packet ID 82 with timestamp +128 (72) Cleaning up request packet ID 71 with timestamp +128 (84) Cleaning up request packet ID 83 with timestamp +128 (80) Cleaning up request packet ID 79 with timestamp +128 (85) Cleaning up request packet ID 84 with timestamp +128 (88) Cleaning up request packet ID 87 with timestamp +128 (86) Cleaning up request packet ID 85 with timestamp +128 (87) Cleaning up request packet ID 86 with timestamp +128 (90) Cleaning up request packet ID 89 with timestamp +128 (89) Cleaning up request packet ID 88 with timestamp +128 (91) Cleaning up request packet ID 90 with timestamp +128 (92) Cleaning up request packet ID 91 with timestamp +128 (94) Cleaning up request packet ID 93 with timestamp +128 (95) Cleaning up request packet ID 94 with timestamp +128 (93) Cleaning up request packet ID 92 with timestamp +128 (96) Cleaning up request packet ID 95 with timestamp +128 Waking up in 23.9 seconds. (25) No proxy response, giving up on request and marking it done Marking home server 206.XX.XXX.70 port 1234 as zombie (it has not responded in 3.000000 seconds). (25) ERROR: Failing proxied request for user "03111800000899490", due to lack of any response from home server 206.XX.XXX.70 port 1234 (27) No proxy response, giving up on request and marking it done (27) ERROR: Failing proxied request for user "03111800000899670", due to lack of any response from home server 206.XX.XXX.70 port 1234 Thread 5 got semaphore Thread 4 got semaphore Thread 5 handling request 25, (38 handled so far) Thread 4 handling request 27, (38 handled so far) (25) There was no response configured: rejecting request (27) There was no response configured: rejecting request (27) Using Post-Auth-Type Reject (25) Using Post-Auth-Type Reject (27) Post-Auth-Type sub-section not found. Ignoring. (25) Post-Auth-Type sub-section not found. Ignoring. (27) Login incorrect (Failing proxied request for user "03111800000899670", due to lack of any response from home server 206.XX.XXX.70 port 1234): [03111800000899670] (from client LS port 1 cli 2f:bc:c9:af:27:65) (25) Login incorrect (Failing proxied request for user "03111800000899490", due to lack of any response from home server 206.XX.XXX.70 port 1234): [03111800000899490] (from client LS port 1 cli DE:20:0C:1D:15:EE) (27) Sent Access-Reject Id 26 from 0.0.0.0:2083 to 172.29.93.13:2000 length 0 (25) Sent Access-Reject Id 24 from 0.0.0.0:2083 to 172.29.93.13:2000 length 0 (27) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (25) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (27) Finished request Thread 4 waiting to be assigned a request (25) Finished request Thread 5 waiting to be assigned a request (28) No proxy response, giving up on request and marking it done (28) ERROR: Failing proxied request for user "03111800000899580", due to lack of any response from home server 206.XX.XXX.70 port 1234 Thread 2 got semaphore Thread 2 handling request 28, (38 handled so far) (28) There was no response configured: rejecting request (28) Using Post-Auth-Type Reject (28) Post-Auth-Type sub-section not found. Ignoring. (28) Login incorrect (Failing proxied request for user "03111800000899580", due to lack of any response from home server 206.XX.XXX.70 port 1234): [03111800000899580] (from client LS port 1 cli 67:6C:39:10:12:79) (28) Sent Access-Reject Id 27 from 0.0.0.0:2083 to 172.29.93.13:2000 length 0 (28) Proxy-State = 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfc (28) Finished request ... shutting down socket proxy (172.19.0.2, 37787) -> home_server (206.XX.XXX.70, 1234) Waking up in 0.2 seconds. Waking up in 2.6 seconds. ... shutting down socket proxy (172.19.0.2, 52303) -> home_server (206.XX.XXX.117, 1234) Waking up in 2.3 seconds. ... shutting down socket proxy (172.19.0.2, 51617) -> home_server (206.XX.XXX.70, 1234) Waking up in 2.3 seconds. ... cleaning up socket proxy (172.19.0.2, 37787) -> home_server (206.XX.XXX.70, 1234) Waking up in 0.6 seconds. ... cleaning up socket proxy (172.19.0.2, 52303) -> home_server (206.XX.XXX.117, 1234) ... cleaning up socket proxy (172.19.0.2, 51617) -> home_server (206.XX.XXX.70, 1234) Waking up in 1.1 seconds. (27) Cleaning up request packet ID 26 with timestamp +127 (25) Cleaning up request packet ID 24 with timestamp +127 (28) Cleaning up request packet ID 27 with timestamp +127 (29) Cleaning up request packet ID 28 with timestamp +127 (33) Cleaning up request packet ID 32 with timestamp +127 (36) Cleaning up request packet ID 35 with timestamp +127 (37) Cleaning up request packet ID 36 with timestamp +127 (40) Cleaning up request packet ID 39 with timestamp +127 (41) Cleaning up request packet ID 40 with timestamp +127 Waking up in 16.6 seconds. PING: Zombie period is over for home server rmr-aus-e053 Marking home server 206.XX.XXX.70 port 1234 as dead. PING: Reviving home server rmr-aus-e053 in 60 seconds Waking up in 59.9 seconds. (0) Application data status 7 (0) tls_recv: Status-Server packet from host 172.29.93.13 port 2000, id=0, length=56 Waking up in 0.3 seconds. Thread 3 got semaphore Thread 3 handling request 97, (39 handled so far) (97) Received Status-Server Id 0 from 172.29.93.13:2000 to 0.0.0.0:2083 length 56 Dropping packet without response because of error: Received packet from 172.29.93.13 with invalid Message-Authenticator! (Shared secret is incorrect.) Thread 3 waiting to be assigned a request (97) Cleaning up request packet ID 0 with timestamp +187 Waking up in 51.3 seconds.