Freeradius 3 status server

Tim Cheyne Tim.Cheyne at
Sat Dec 8 22:05:54 CET 2018

we receive status requests on our version 3 Freeradius (RedHat 7) server periodically from upstream radius proxies also in our company.
Upon investigation I can see that these requests are being rejected.
They come in on UDP port 1645.  Looking into status it would seem that you can't receive status requests from an upstream radius proxy on the same port (1645) that you process auth requests.  You would have to configure 18121 to be allowed thru the interconnecting firewalls etc and at both ends.

This is the command I run from another radius ( and output below it with main status config below that. is also in the clients file and it does have a different secret but I have tried matching that too.
Specifying 1645 as status port just results in conflict of ports.  Am I missing the point as I just assumed it was misconfigured on my end.

Thanks for your help

echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1, Response-Packet-Type = Access-Accept"| radclient -x status adminsecret

Log output on radius (.185):
(2) Received Status-Server Id 167 from to length 50
Dropping packet without response because of error: Received packet from with invalid Message-Authenticator!  (Shared secret is incorrect.)
Waking up in 0.3 seconds.
(2) Cleaning up request packet ID 167 with timestamp +147
Ready to process requests


server status {
        listen {
                #  ONLY Status-Server is allowed to this port.
                #  ALL other packets are ignored.
                type = status

                ipaddr = *
                port = 18121
                #port = 1645

        client admin {
                ipaddr =
                secret = adminsecret
        client rad020 {
                ipaddr =
                secret = adminsecret

This email, including any attachments, is confidential. If you have received this email in error, please let me know and then delete it - do not read, use, or distribute it or its contents. This email does not designate an information system for the purposes of the Contract and Commercial Law Act 2017.

More information about the Freeradius-Users mailing list