home_server status_check and radsec

Mark Moseley moseleymark at gmail.com
Wed Dec 30 20:03:56 CET 2015 

Got that compiled yesterday, using the zip file as you instructed above.
I'm seeing the same behavior. I ran a tcpdump on the same console as
radtest, which is what I pasted below (after some obfuscation). The remote
server is obviously down at the moment (or at least radiusd isn't running
on it). I should note that when the remote server is up, everything is
working ok (i.e. there's not other issues going on too -- well, at least
with getting the proxy talking to a remote radsec box).

Since you beat me to the punch after your first email, do you still want me
to paste a config and/or debug output?

This is running from the "client", or whatever you'd call the client side
of the proxy. 20.30.40.50 is the first home_server listed
in home_server_pool (though there's also another server too)

# while true; do radtest mytestuser mytestpass localhost 0 mysecret:; sleep
10; done
Sent Access-Request Id 98 from 0.0.0.0:49914 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:12:17.450942 IP 50.60.70.80.58927 > 20.30.40.50.radsec: Flags [S], seq
2472432844, win 14600, options [mss 1460,sackOK,TS val 987707727 ecr
0,nop,wscale 7], length 0
19:12:17.580284 IP 20.30.40.50.radsec > 50.60.70.80.58927: Flags [R.], seq
0, ack 2472432845, win 0, length 0

Received Access-Reject Id 98 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 143 from 0.0.0.0:40399 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:12:27.635455 IP 50.60.70.80.34444 > 20.30.40.50.radsec: Flags [S], seq
2685422050, win 14600, options [mss 1460,sackOK,TS val 987717912 ecr
0,nop,wscale 7], length 0
19:12:27.784170 IP 20.30.40.50.radsec > 50.60.70.80.34444: Flags [R.], seq
0, ack 2685422051, win 0, length 0

Received Access-Reject Id 143 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 103 from 0.0.0.0:35318 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:12:37.845284 IP 50.60.70.80.54566 > 20.30.40.50.radsec: Flags [S], seq
955991257, win 14600, options [mss 1460,sackOK,TS val 987728122 ecr
0,nop,wscale 7], length 0
19:12:37.937708 IP 20.30.40.50.radsec > 50.60.70.80.54566: Flags [R.], seq
0, ack 955991258, win 0, length 0

Received Access-Reject Id 103 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 251 from 0.0.0.0:57298 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:12:47.993086 IP 50.60.70.80.50863 > 20.30.40.50.radsec: Flags [S], seq
3854829847, win 14600, options [mss 1460,sackOK,TS val 987738269 ecr
0,nop,wscale 7], length 0
19:12:48.137304 IP 20.30.40.50.radsec > 50.60.70.80.50863: Flags [R.], seq
0, ack 3854829848, win 0, length 0

Received Access-Reject Id 251 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 88 from 0.0.0.0:55058 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:12:58.188965 IP 50.60.70.80.38221 > 20.30.40.50.radsec: Flags [S], seq
738688619, win 14600, options [mss 1460,sackOK,TS val 987748465 ecr
0,nop,wscale 7], length 0
19:12:58.341431 IP 20.30.40.50.radsec > 50.60.70.80.38221: Flags [R.], seq
0, ack 738688620, win 0, length 0

Received Access-Reject Id 88 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 27 from 0.0.0.0:51948 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:13:08.397400 IP 50.60.70.80.47190 > 20.30.40.50.radsec: Flags [S], seq
410953500, win 14600, options [mss 1460,sackOK,TS val 987758674 ecr
0,nop,wscale 7], length 0
19:13:08.579860 IP 20.30.40.50.radsec > 50.60.70.80.47190: Flags [R.], seq
0, ack 410953501, win 0, length 0

Received Access-Reject Id 27 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 253 from 0.0.0.0:53101 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:13:18.630647 IP 50.60.70.80.44606 > 20.30.40.50.radsec: Flags [S], seq
4018763811, win 14600, options [mss 1460,sackOK,TS val 987768907 ecr
0,nop,wscale 7], length 0
19:13:18.783091 IP 20.30.40.50.radsec > 50.60.70.80.44606: Flags [R.], seq
0, ack 4018763812, win 0, length 0

Received Access-Reject Id 253 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 243 from 0.0.0.0:48829 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:13:28.834195 IP 50.60.70.80.38686 > 20.30.40.50.radsec: Flags [S], seq
1036066238, win 14600, options [mss 1460,sackOK,TS val 987779111 ecr
0,nop,wscale 7], length 0
19:13:28.927031 IP 20.30.40.50.radsec > 50.60.70.80.38686: Flags [R.], seq
0, ack 1036066239, win 0, length 0

Received Access-Reject Id 243 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 160 from 0.0.0.0:46023 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:13:38.976504 IP 50.60.70.80.56515 > 20.30.40.50.radsec: Flags [S], seq
2611695183, win 14600, options [mss 1460,sackOK,TS val 987789253 ecr
0,nop,wscale 7], length 0
19:13:39.199505 IP 20.30.40.50.radsec > 50.60.70.80.56515: Flags [R.], seq
0, ack 2611695184, win 0, length 0

Received Access-Reject Id 160 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Sent Access-Request Id 86 from 0.0.0.0:60842 to 127.0.0.1:1812 length 75
User-Name = "mytestuser"
User-Password = "mytestpass"
NAS-IP-Address = 50.60.70.80
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "mytestpass"

19:13:49.246574 IP 50.60.70.80.53775 > 20.30.40.50.radsec: Flags [S], seq
1888993182, win 14600, options [mss 1460,sackOK,TS val 987799523 ecr
0,nop,wscale 7], length 0
19:13:49.401074 IP 20.30.40.50.radsec > 50.60.70.80.53775: Flags [R.], seq
0, ack 1888993183, win 0, length 0

Received Access-Reject Id 86 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
^[[A^C

On Tue, Dec 29, 2015 at 1:27 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Dec 29, 2015, at 3:52 PM, Mark Moseley <moseleymark at gmail.com> wrote:
> > Does that mean it's not possible to do failover with radsec proxies?
>
>   After looking at the code... the logic for proxy fail-over was broken
> for TCP / RadSec home servers.  I've pushed a fix.  Please try the latest
> version from github:
>
> https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x
>
>   And click on "download zip".  Then build && install as usual.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list