CoA/DM over RADSEC - FreeRadius server ignores the CoA/DM request as Invalid when receives over TLS

Alan DeKok aland at
Tue Apr 7 15:15:15 CEST 2020

On Apr 7, 2020, at 8:15 AM, saurabha badhai <saurabha.badhai at> wrote:
> I am a freeradius use for long time since 2.1.12 releases.


> Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part.
> Already I tested the auhtntication and accounting over RADSEC and it works
> fine
> But for CoA/DM over RADSEC, I see some enhancement is required in
> freeradius server.
> *[Description]*
> On receiving the CoA/DM request from one freeradius server over TLS, I see
> freeradius server is discarding it with the below error.
> *Error: Invalid packet code 45 sent to a proxy port from home server
> port 2084 - ID 154 : IGNORED*

   That is a CoA NAK.  Yes, it should allow CoA / DM over TLS.

> When I see the code where the error happens, I found like in
> */src/main/tls_listen.c* under function *dual_tls_recv *we may required to
> include below two cases to solve this.

  That's for receiving CoA packets over TLS.  Yes, that should be allowed, too.

> After I added this above lines in the same place, CoA/DM works fine.
> My asking is to help to review this changes and check if we can we include
> this changes in newer release.

  I've pushed some patches.  That should help.

  Alan DeKok.

More information about the Freeradius-Devel mailing list