Auth-Request Packets never making it to FR
Alan DeKok
aland at deployingradius.com
Mon Jan 29 16:35:24 CET 2018
On Jan 29, 2018, at 10:32 AM, Jay Swearingen <jswearingen at vijilant.com> wrote:
>
> Receiving 1812 and 1813 packets at the interface (enp0s7) just fine at server ip address 192.168.1.50:
>
> tcpdump -eqntl -i enp0s7 port 1812
>
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
>
> …but they are never showing up at freeradius -X. Not getting any response at all and no activity at all in the -X window. Working using localhost but not outside of localhost.
There's a firewall or SeLinux rule which prevents the packets from reaching the RADIUS server. Fix that.
There is *nothing* you can do to FreeRADIUS to fix the problem. If the server shows that it's listening on port 1812, then it's listening on port 1812. The only reason it doesn't see packets is if the kernel doesn't send packets to FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list