Zombie proxies with RadSec
Alan DeKok
aland at deployingradius.com
Thu Nov 9 23:30:33 CET 2017
On Nov 9, 2017, at 4:49 PM, Neuton Martins <notuenmc at gmail.com> wrote:
> I only have the default log of the zombie message, as follow:
> Mon Nov 6 18:31:03 2017 : Proxy: Marking home server 10.X.Y.Z port 2083 as
> zombie (it has not responded in 30.000000 seconds).
> Mon Nov 6 18:31:03 2017 : ERROR: (20792) ERROR: Failing proxied request
> for user "xxxx at mpf.mp.br", due to lack of any response from home server
> 10.X.Y.z port 2083
That's a problem then.
> And when i tried to use status-server with RadSec i got the following error:
> Error: /usr/local/etc/raddb/sites-enabled/tls[145]: Only 'status_check =
> none' is allowed for home servers with 'proto = tcp'
Ah yes, I had forgotten about that.
> My true problem is that my home_server is up, but for some reason the proxy
> client thinks its down and marked it as zombie. I think this is related to
> have two firewalls between proxy client and home server. However, i need
> the proxy client to detect the connection error quickly and restart the
> connection.
The problem is that if the TCP connection goes away, no amount of poking FreeRADIUS will fix the problem.
It's a network problem. The only solution is to fix the network.
Honestly, if the firewalls are breaking TCP, then the firewalls are broken.
Alan DeKok.
More information about the Freeradius-Users
mailing list