Proxying CoA & Disconnect in freeRADIUS 2.1.10

Mon Feb 14 20:42:32 CET 2011

Dear All,

I'm having some trouble asking my freeRADIUS-2.1.10 server (Linux, x86_64) to 
correctly proxy CoA and Disconnect-Request packets.

I am generating Disconnect-Request packets from my "network_control" machine
(172.16.3.2) to the freeRADIUS server at 172.16.3.11 using:
cat packet.txt |radclient -x -d /etc/raddb 172.16.3.11:3799 disconnect secret1

where packet.txt contains the following AV pairs:
Acct-Session-ID = '819026ec'
NAS-IP-Address = '172.16.3.60'
User-Name='testuser at test.com'

I was hoping that the requests would be proxied to "pppoe_one" at 172.16.3.60.

The "network_control" machine receives a Disconnect-Ack from the freeRADIUS
machine but the packet is not being retransmitted to "pppoe_one".

Output from 'radiusd -X' is:
rad_recv: Disconnect-Request packet from host 172.16.3.2 port 34463, id=100,
length=66
        Acct-Session-Id = "819026ec"
        NAS-IP-Address = 172.16.3.60
        User-Name = "testuser at test.com"
server coa {
# Executing section recv-coa from file /etc/raddb/sites-enabled/coa
+- entering group recv-coa {...}
++[control] returns noop
++[ok] returns ok
# Executing section send-coa from file /etc/raddb/sites-enabled/coa
+- entering group send-coa {...}
++[ok] returns ok
} # server coa
Sending Disconnect-ACK of id 100 to 172.16.3.2 port 34463
Finished request 0.

As far as I know, I have followed instructions documented in 
sites-available/coa as well as reading a few other relevant posts on this 
list.

I wonder if anyone has any advice?
Relevant extracts from my configs are listed below.

Many thanks,

Charlie 

** radiusd.conf **
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE sites-enabled/

** clients.conf **
client pppoe_one {
        ipaddr = 172.16.3.60
        secret = secret1
        nastype = other
        coa_server = access_concentrators
}
client network_control {
        ipaddr = 172.16.3.2
        secret = secret1
        nastype = other
        coa_server = access_concentrators
}

** proxy.conf **
home_server home_pppoe_one {
        type = coa
        ipaddr = 172.16.3.60
        port = 1700
        secret = secret1
        require_message_authenticator = no
        response_window = 20
        zombie_period = 40
        revive_interval = 120
        status_check = none
        check_interval = 30
        num_answers_to_alive = 3
        coa {
                irt = 2
                mrt = 16
                mrc = 5
                mrd = 30
        }
}
home_server_pool access_concentrators {
        home_server = home_pppoe_one
}

** sites-enabled/coa **
listen {
        type = coa
        ipaddr = *
        port = 3799
        server = coa
}
server coa {
        recv-coa {
                update control {
                        Home-Server-Pool := access-concentrators
                }
                ok
        }
        send-coa {
                #  Sample module.
                ok
        }
}