Freeradius 3 and routers problem

alter1 alter1 at onet.pl
Mon Jan 19 12:29:14 CET 2015 

Hello,
 
I have a network: 3 soho wifi routers Dlink wrt54gl, wrt320n and Asus RT-AC52U. On each is the same configuration (wifi wpa2-enterprise with radius auth on 192.168.10.x server with 1812 port and secret key for each client)
 
Server is Centos 7 based with latest version with ip 192.168.10.x
# repoquery freeradius
freeradius-0:3.0.1-6.el7.x86_64
# tail -19 /etc/raddb/clients.conf
client rt-a1-2 {
        ipaddr = 192.168.10.4
        secret = test1
        shortname = rt-a1-2
}
client rt-a1-1 {
        ipaddr = 192.168.10.2
        secret = test2
        shortname = rt-a1-1
}
client rt-a2-1 {
        ipaddr = 192.168.10.3
        secret = test3
        shortname = rt-a2-1
}
In /etc/raddb/users par example:
"test" Cleartext-Password := "test"
and others in the same format...
 
This server is relay to other dhcp server therefore I have:
# cat /etc/raddb/sites-available/dhcp.relay
server dhcp.ens160 {
        listen {
                ipaddr = *
                port = 67
                type = dhcp
                interface = ens160
        }
        dhcp DHCP-Discover {
                update config {
                        DHCP-Relay-To-IP-Address := 192.168.10.1
                }
                update request {
                        DHCP-Gateway-IP-Address := 192.168.10.254
                }
                ok
        }
        dhcp DHCP-Request {
                update config {
                        DHCP-Relay-To-IP-Address := 192.168.10.1
                }
                update request {
                        DHCP-Gateway-IP-Address := 192.168.10.254
                }
                ok
        }
}
On 192.168.10.1 dhcpserver works ok
 
In logs
/var/log/radius/radius.log
Mon Jan 19 12:07:14 2015 : Auth: (44) Login OK: [test/<via Auth-Type = MSCHAP>] (from client rt-a1-1 port 0 via TLS tunnel)
Mon Jan 19 12:07:14 2015 : Auth: (45) Login OK: [test/<via Auth-Type = EAP>] (from client rt-a1-1 port 13 cli 8c3ae3XXXXXX)
Mon Jan 19 12:13:23 2015 : Auth: (59) Login OK: [test/<via Auth-Type = MSCHAP>] (from client rt-a1-1 port 0 via TLS tunnel)
Mon Jan 19 12:13:23 2015 : Auth: (60) Login OK: [test/<via Auth-Type = EAP>] (from client rt-a1-1 port 13 cli 8c3ae3XXXXXX)
Mon Jan 19 12:15:18 2015 : Auth: (70) Login OK: [test/<via Auth-Type = MSCHAP>] (from client rt-a1-2 port 0 via TLS tunnel)
Mon Jan 19 12:15:18 2015 : Auth: (71) Login OK: [test/<via Auth-Type = EAP>] (from client rt-a1-2 port 0 cli 8C-3A-E3-XX-XX-XX)
Mon Jan 19 12:16:10 2015 : Auth: (80) Login OK: [test/<via Auth-Type = MSCHAP>] (from client rt-a1-1 port 0 via TLS tunnel)
Mon Jan 19 12:17:13 2015 : Auth: (85) Login OK: [test/<via Auth-Type = EAP>] (from client rt-a1-1 port 13 cli 8c3ae3XXXXXX)
And all works... But... Ater some period of time 30-60 minutes noone can connect to wifi on AP's.
I tried with alternative firmwares. Still the same.
After tcpdump connections I have nothing... That mean. I tcpdump iface (ens160) and cannot see ANY PACKETS from any AP's to radius server...
 
Problem disappear after restart freeradius (systemctl restart radiusd.service). And after some period of time... the same is happen.
What the point? Where can be a problem?
I tried to disable renew key on AP in radius configuration but this not helps.
Thanx for help :-)
 
With regards
MK
 
 
 

More information about the Freeradius-Users mailing list