How to configure RADIUS on 2 IP address Server

Alan DeKok aland at deployingradius.com
Thu Dec 11 09:02:26 CET 2008 

Pongsak Tawankanjanachot wrote:
>    I started installing, ,setting, running ./radiusd -X with default
> configuration.

  No.  You've configured the server to proxy requests to itself.  This
is wrong.

> Sending Access-Accept of id 102 to* 192.168.2.45 *
> port 36272
>         Framed-MTU = 1400
>         NAS-IP-Address = 192.168.25.77 
>         NAS-Port = 15
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Accept packet from host 192.168.2.45
>  port 1812, id=102, length=38

  You have configured it to proxy requests to itself.  Don't do that.

> My question is why the Access-Accept is to 192.168.2.45
>  (It should be 192.168.25.254?

  Because:

  1) you have 2 interfaces
  2) you haven't used the "listen type = proxy" configuration to set
     the proxying IP address
  3) You haven't enabled UDPFROMTO in "configure"
  4) The OS picks a source IP address

  and, you've configured the server to proxy requests to itself.  Don't
do that.

> radiusd: #### Opening IP addresses and Ports ####
> Listening on authentication address 192.168.25.254
> port 1812
> Listening on accounting address 192.168.25.254
> port 1813
> Listening on proxy address 192.168.25.254 port 1814
> Ready to process requests.
>
> Seems like RADIUS is listening on 192.168.25.254..... :D

  Yes...

> ==================================================================
>   On Server terminal, I test with radtest test test localhost 0 testing123
>
> Sending Access-Request of id 103 to 127.0.0.1  port 1812
>         User-Name = "test"
>         User-Password = "test"
>         NAS-IP-Address = 127.0.1.1
>         NAS-Port = 0
>
> /There is no response at all..../

  Do you understand what IP addresses are?  The server is listening on
192.168.25.254, while you're sending packets to 127.0.0.1.  And you're
*surprised* that the server doesn't respond?  Why?

>  It replies!! Seems like it is listening at eth0 192.168.25.254
> BUT when I use RTRadPing Test Utility from local computer-WinXP SP3
> (192.168.25.142 ) asking Authentication Request
> to 192.168.25.254 
> RTRadPing says no response from server, timeout.

  Look at the DEBUG output of the SERVER, not the client.

> What should I do next??
> Somebody can suggest me?
> I think this is just the first step, then I need to install OpenSSL and
> test....a long way to go..

  I would stop trying to configure the server, and start by
understanding how networks work.

  Alan DeKok.

More information about the Freeradius-Users mailing list