Hello, I am playing with radsec. I have set up a proxy-connection between our staging server and an additional testserver to act as homeserver. Both servers are v3.0.10. What I have managed so far is: The staging-server can contact the homeserver and establish a TLS-secured connection. The staging server sends a request to the homeserver and the homeserver will process it. The homeserver replies. If the homeserver rejects the Request, the staging-server will not accept the reply, but discards it with "Ignoring spoofed proxy reply. Signature is invalid" If the homeserver sends an Access-Accept, the staging-server will accept the reply. I have tried the proxy setup without radsec/TLS. In that case both Accept and Reject work. On the homeserver's side I have: client radiustest { ipaddr = $STAGING proto = tls secret = radsec } On the staging-server's side I have: home_server radiusdevel { ipaddr = $HOME port = 2083 type = auth secret = radsec proto = tcp status_check = none tls { ... } } In debug output I first see on HOME: (0) SSL Connection Established on STAGING: (0) (other): SSL negotiation finished successfully I assume, that means that I set up the TLS-part correctly. Then I see on STAGING: Listening on proxy (STAGING, 46303) -> home_server (HOME, 2083) Waking up in 0.2 seconds. (0) Proxying request to home server HOME port 2083 (TLS) timeout 10.000000 (0) Sent Access-Request Id 239 from STAGING:46303 to HOME:2083 length 137 on HOME (0) tls_recv: Access-Request packet from host STAGING port 46303, id=239, length=137 (0) <running>: Received Access-Request Id 239 from STAGING:46303 to HOME:2083 length 137 (0) Sent Access-Reject Id 239 from HOME:2083 to STAGING:46303 length 49 And then on STAGING: "Ignoring spoofed proxy reply. Signature is invalid" 10 seconds later: (0) No proxy response, giving up on request and marking it done (0) ERROR: Failing proxied request for user "radtest@testrealm.de", due to lack of any response from home server HOME port 2083 I have poked around with gdb on the staging server a bit. Within rad_verify() at the point of calc_replydigest() we get to the point of "Received %s packet from home server %s port %d with invalid Response Authenticator! (Shared secret is incorrect.)", (did not appear anywhere in the Debug Output). Does anyone have an idea what the problem could be? Regards and Thanks Susan -- S.Barnes Cologne University IT/Networking Dept.