CoA/DM over RADSEC - FreeRadius server ignores the CoA/DM request as Invalid when receives over TLS
Alan DeKok
aland at deployingradius.com
Tue Apr 7 15:15:15 CEST 2020
On Apr 7, 2020, at 8:15 AM, saurabha badhai <saurabha.badhai at gmail.com> wrote:
> I am a freeradius use for long time since 2.1.12 releases.
Thanks!
> Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part.
> Already I tested the auhtntication and accounting over RADSEC and it works
> fine
>
> But for CoA/DM over RADSEC, I see some enhancement is required in
> freeradius server.
>
> *[Description]*
> On receiving the CoA/DM request from one freeradius server over TLS, I see
> freeradius server is discarding it with the below error.
>
> *Error: Invalid packet code 45 sent to a proxy port from home server
> 10.174.75.66 port 2084 - ID 154 : IGNORED*
That is a CoA NAK. Yes, it should allow CoA / DM over TLS.
> When I see the code where the error happens, I found like in
> */src/main/tls_listen.c* under function *dual_tls_recv *we may required to
> include below two cases to solve this.
That's for receiving CoA packets over TLS. Yes, that should be allowed, too.
> After I added this above lines in the same place, CoA/DM works fine.
> My asking is to help to review this changes and check if we can we include
> this changes in newer release.
I've pushed some patches. That should help.
Alan DeKok.
More information about the Freeradius-Devel
mailing list