FreeRADIUS allows connections locally, but not remotely

[Alan DeKok]

On Dec 28, 2015, at 6:22 PM, Ernie Dunbar <maillist at lightspeed.ca> wrote:
> Okay, then why would radtest fail with the command-line argument "-4 XXX.XXX.XXX.254" from localhost?

  It's your network.  You should be able to see what's going on with it.

  And the firewall / filter rules for localhost are usually more open than that for the network.

> Is this not merely data passed to the FreeRADIUS server

  Please don't say that.  Radclient is *sending a packet over the network*.  saying "data passed to FreeRADIUS" is (a) vague and meaningless, and (b) makes it sound like data is magically going from A to B.

  It's not.  It's sending a packet over the network.

  If the packet doesn't arrive, blame the network.

> about the source of the data, as opposed to radtest spoofing the source IP address and making a UDP connection? I am requesting a connection to localhost with radtest.

  You're sending a packet.  If the packet doesn't arrive, blame the network.

> Also, there is no firewall rule blocking the connection. I also tried the radtest command locally after flushing the IPTables rules.

  Well, there's nothing magical in FreeRADIUS saying "suddenly start ignoring packets".

> I have tried to specify FreeRADIUS' listening IP address instead of * (in radiusd.conf), and that hasn't worked either.

  Run the server in debug mode.  If it doesn't show any packets received... it's not receiving any packets.

  Blame the OS and the network.  Not FreeRADIUS.  

> I think I've been pretty thorough trying to rule out networking issues, but maybe I've missed something?

  Probably.

  Alan DeKok.