COA to NAS behind proxy

Alan DeKok aland at deployingradius.com
Sun Oct 11 23:38:56 CEST 2015 

On Oct 11, 2015, at 5:33 PM, Sachin Yadav via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I am trying it kick out user once monthly data limited is reached while account-update packet is received. My setup is -
> Freeradius ====== internet =========== ISP ===== modem ===== router(running chillispot)
> At freeradius i get public IP assigned to modem from ISP and now no matter what IP i try to send COA packet it fails. I have following entry -
> Client.confclient 0.0.0.0/0 {        secret      = xxxxx         nastype     = other         coa_server = localhost-coa}
> originate-coahome_server localhost-coa { type = coa ipaddr = localhost
> port = 3799 secret = testing1234

  You do realize that's unreadable, right?

> # rest all is default......
> 
> default (in accounting section)
>  update control    {        Tmp-Integer-0 := "%{sql:#query}"        Tmp-Integer-1 := #query}if ("%{control:Tmp-Integer-0}" > "%{control:Tmp-Integer-1}") {
>  update disconnect {     User-Name = "%{request:User-Name}"    Acct-Session-Id = "%{Acct-Session-Id}"     NAS-IP-Address = "%{NAS-IP-Address}"}}
> 
> 
> Logs shows -
> 
> ++++[disconnect] returns ok+++- if ("%{control:Tmp-Integer-0}" > "%{control:Tmp-Integer-1}") returns ok++-

  It helps to post the logs as *readable* text.  And not all randomly mashed together.


> if ("%{control:Tmp-Integer-1}" != 0) returns ok++[exec] returns noop[attr_filter.accounting_response]       expand: %{User-Name} -> xxxxxxxxxattr_filter: Matched entry DEFAULT at line 12++[attr_filter.accounting_response] returns updatedSending Accounting-Response of id 80 to 12x.162.x94.1x7 port 22626  WARNING: Empty pre-proxy section.  Using default return values.Sending Disconnect-Request of id 188 to 127.0.0.1 port 3799        User-Name = "xxxxxxxxxx"        Acct-Session-Id = "561ad05c00000001"        NAS-IP-Address = 192.168.182.1Finished request 0.Cleaning up request 0 ID 80 with timestamp +26Going to the next requestWaking up in 2.0 seconds.Sending Disconnect-Request of id 188 to 127.0.0.1 port 3799        User-Name = "xxxxxxx"        Acct-Session-Id = "561ad05c00000001"        NAS-IP-Address = 192.168.182.1Waking up in 4.3 seconds.Sending Disconnect-Request of id 188 to 127.0.0.1 port 3799        User-Name = "xxxxxxx"        Acct-Session-Id = "561ad05c00000001"        NAS-IP-Address = 192.168.182.1Waking up in 8.6 seconds.Sending Disconnect-Request of id 188 to 127.0.0.1 port 3799        User-Name = "xxxxxx"        Acct-Session-Id = "561ad05c00000001"        NAS-IP-Address = 192.168.182.1Waking up in 14.9 seconds.No response to CoA request sent to 127.0.0.1  Found Post-Proxy-Type  WARNING: Unknown value specified for Post-Proxy-Type.  Cannot perform requested action.# Executing group from file /etc/freeradius/sites-enabled/defaultFinished request 0.
> 
> Can someone please guide me if i am missing some conf. somewhere or it is not possible considering my network topology above. Also, i have set coaport 3799  and coanoipcheck  in chilli.

   You need to send the CoA packet to the NAS.  Or, to the RADIUS server which sent the Access-Request packet to you.

   Unfortunately, there's no standard for proxying CoA requests.  I've been pushing one in the IETF for ~3 years, but there's been no progress.

  Alan DeKok.

More information about the Freeradius-Users mailing list