FreeRADIUS allows connections locally, but not remotely

Ernie Dunbar maillist at lightspeed.ca
Wed Dec 30 00:08:34 CET 2015 

On 2015-12-29 15:01, Ernie Dunbar wrote:
> On 2015-12-29 14:29, Ernie Dunbar wrote:
>> On 2015-12-28 18:07, Alan DeKok wrote:
>>> On Dec 28, 2015, at 7:59 PM, Ernie Dunbar <maillist at lightspeed.ca> 
>>> wrote:
>> 
>>>> I don't know what to make of this, but I don't think it's a network 
>>>> problem. There are also other servers on this physical machine that 
>>>> are working just fine (like ssh and apache, for example).
>>> 
>>>   They're TCP.  Not UDP.
>>> 
>>>> Also, I've correctly configured the 206.XXX.XX.205 IP address as a 
>>>> client, and then gotten the radtest program to successfully connect 
>>>> and authenticate. Installing the client on another, separate 
>>>> physical machine which exists on the same network switch and class C 
>>>> at 206.XXX.XX.0/24 also results in the same result as connections 
>>>> from our office at 65.XX.XXX.178.
>>> 
>>>   It's a networking problem.  You've demonstrated that FreeRADIUS can
>>> send and receive UDP packets.  But something is preventing the 
>>> packets
>>> from reaching the server.
>>> 
>>>   You could try running a more recent version of the server.  But I
>>> doubt it would help.
>>> 
>> 
>> Okay, just to follow up on this with my own findings for the benefit
>> of future readers, I've discovered that whatever differences there are
>> between Ubuntu 14.04 LTS and Debian Wheezy, are the cause of this
>> issue. I copied the configuration from the original Debian server to
>> another server we have that's running Ubuntu, installed the packages
>> for FreeRADIUS (v 2.1.12 on both servers, by the way, so it's not
>> application-specific), and found that the Ubuntu server was responding
>> to remote hosts, while the Debian server was not. We're also running
>> DNS and NTP on the old Debian server, so Debian's issues with
>> FreeRADIUS appear to be very weirdly specific to that server, and not
>> to the UDP protocol or networking in general.
>> 
>> I don't really know why this is, but I can tell you that moving
>> FreeRADIUS away from Debian Wheezy is definitely a solution (or
>> possibly going back to a previous kernel version, since it worked for
>> about 9 years before Monday morning).
>> -
> 
> Further addendum: downgrading the kernel to the slightly older version
> of 3.2.73-2+deb7u1 has not fixed the problem.


Oops, that's not true at all, I was just testing the server wrong. And 
the kernel version that works is 3.2.68-1+deb7u3 - the newer version 
3.2.73-2+deb7u1 is broken.

More information about the Freeradius-Users mailing list