Zombie proxies with RadSec
Neuton Martins
notuenmc at gmail.com
Thu Nov 9 22:49:58 CET 2017
Hi Alan,
Thanks for the feedback.
I only have the default log of the zombie message, as follow:
Mon Nov 6 18:31:03 2017 : Proxy: Marking home server 10.X.Y.Z port 2083 as
zombie (it has not responded in 30.000000 seconds).
Mon Nov 6 18:31:03 2017 : ERROR: (20792) ERROR: Failing proxied request
for user "xxxx at mpf.mp.br", due to lack of any response from home server
10.X.Y.z port 2083
And when i tried to use status-server with RadSec i got the following error:
Error: /usr/local/etc/raddb/sites-enabled/tls[145]: Only 'status_check =
none' is allowed for home servers with 'proto = tcp'
My true problem is that my home_server is up, but for some reason the proxy
client thinks its down and marked it as zombie. I think this is related to
have two firewalls between proxy client and home server. However, i need
the proxy client to detect the connection error quickly and restart the
connection.
With regards,
Neuton
Em qui, 9 de nov de 2017 às 16:50, Neuton Martins <notuenmc at gmail.com>
escreveu:
> Hello,
>
> I am having some problems with zombie proxies using TLS (RadSec)
> connections im my environment.
> Seems like the status-server won't work with TLS. What is the right way to
> solve this?
> I have tweaked the proxy TLS zombie settings but i am not sure if my
> settings are good.
> Here are my home server config distributed to several locations im my mpls
> network:
> https://pastebin.com/2nhkAb7D
>
> Thanks.
>
> With regards,
>
> Neuton
>
More information about the Freeradius-Users
mailing list