corrupt UDP packets sent to proxy

Taylor, Graham GrahamTaylor at
Fri Jun 17 12:38:40 CEST 2005

Hi People, I hope you can shed some light on a problem I am having with
freeradius acting as a proxy. As you can see the packet below has a
corrupt UDP header    ( Checksum: 0x5b10 (incorrect, should be 0x9f2d)
). If I use radtest then the packet is fine and I get authenticated, the
problem only occurs when the request is proxied out, all of the packets
forwarded to the secondary radius server have the UDP checksum error, I
have tried the latest version of freeradius with exactly the same
results, so I have gone back to the version supplied with RedHat, on a
fresh build.


Versions are as follows:



radiusd: FreeRADIUS Version 1.0.1, for host , built on Nov 26 2004 at


OpenSSL 0.9.7g 11 Apr 2005


Linux <MY HOST NAME> 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005
i686 i686 i386 GNU/Linux

This is RedHat ES version 4



Please let me know if you need any further information


Regards Graham





Frame 12 (197 bytes on wire, 197 bytes captured)

    Arrival Time: Jun 17, 2005 11:19:35.560228000

    Time delta from previous packet: 4.660183000 seconds

    Time since reference or first frame: 111.704161000 seconds

    Frame Number: 12

    Packet Length: 197 bytes

    Capture Length: 197 bytes

    Protocols in frame: eth:ip:udp:radius:eap

Ethernet II, Src: 00:12:79:3c:9c:61, Dst: 00:00:0c:07:ac:14

    Destination: 00:00:0c:07:ac:14 (All-HSRP-routers_14)

    Source: 00:12:79:3c:9c:61 (HewlettP_3c:9c:61)

    Type: IP (0x0800)

Internet Protocol, Src Addr: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX), Dst

    Version: 4

    Header length: 20 bytes

    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

        0000 00.. = Differentiated Services Codepoint: Default (0x00)

        .... ..0. = ECN-Capable Transport (ECT): 0

        .... ...0 = ECN-CE: 0

    Total Length: 183

    Identification: 0x0005 (5)

    Flags: 0x04 (Don't Fragment)

        0... = Reserved bit: Not set

        .1.. = Don't fragment: Set

        ..0. = More fragments: Not set

    Fragment offset: 0

    Time to live: 64

    Protocol: UDP (0x11)

    Header checksum: 0xdfd5 (correct)


    Destination: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)

User Datagram Protocol, Src Port: 1814 (1814), Dst Port: radius (1812)

    Source port: 1814 (1814)

    Destination port: radius (1812)

    Length: 163

    Checksum: 0x5b10 (incorrect, should be 0x9f2d)

Radius Protocol

    Code: Access Request (1)

    Packet identifier: 0x1 (1)

    Length: 155

    Authenticator: 0x22840C6BAE7ECB8E4FE8A8A3773B1A08

    Attribute value pairs

        t:User Name(1) l:8, Value:"graham"

            User-Name: graham

        t:Framed MTU(12) l:6, Value:1400

        t:Called Station Id(30) l:16, Value:"000e.842e.8230"

            Called-Station-Id: 000e.842e.8230

        t:Calling Station Id(31) l:16, Value:"0040.96a7.f8d2"

            Calling-Station-Id: 0040.96a7.f8d2

        t:Service Type(6) l:6, Value:Login(1)

            Service-Type: Login (1)

        t:Message Authenticator(80) l:18,

        t:EAP Message(79) l:34

            Extensible Authentication Protocol

                Code: Response (2)

                Id: 2

                Length: 32

                Type: Identity [RFC3748] (1)

                Identity (27 bytes): graham at

        t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)

        t:NAS Port(5) l:6, Value:1646

        t:NAS IP Address(4) l:6, Value:

            Nas IP Address: (

        t:NAS identifier(32) l:8, Value:"ap1200"

        t:Proxy State(33) l:5, Value:323533




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list