Auth-Request Packets never making it to FR

Jay Swearingen jswearingen at vijilant.com
Mon Jan 29 20:02:58 CET 2018


Date: Mon, 29 Jan 2018 10:35:24 -0500
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
	<freeradius-users at lists.freeradius.org>
Subject: Re: Auth-Request Packets never making it to FR
Message-ID: <5B11F8CA-1947-48E8-A25A-771408B57F95 at deployingradius.com>
Content-Type: text/plain; charset=utf-8

On Jan 29, 2018, at 10:32 AM, Jay Swearingen <jswearingen at vijilant.com> wrote:
> 
> Receiving 1812 and 1813 packets at the interface (enp0s7) just fine at server ip address 192.168.1.50:
> 
> tcpdump -eqntl -i enp0s7 port 1812
> 
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> f8:32:e4:70:0f:04 > 00:1a:a0:59:ec:f1, IPv4, length 85: 
> 192.168.1.7.51813 > 192.168.1.50.1812: UDP, length 43
> 
> …but they are never showing up at freeradius -X.   Not getting any response at all and no activity at all in the -X window.   Working using localhost but not outside of localhost.  

  There's a firewall or SeLinux rule which prevents the packets from reaching the RADIUS server.  Fix that.

  There is *nothing* you can do to FreeRADIUS to fix the problem.  If the server shows that it's listening on port 1812, then it's listening on port 1812.  The only reason it doesn't see packets is if the kernel doesn't send packets to FreeRADIUS.

  Alan DeKok.

------------------------------------------

Thanks Alan.  Previously created firewall rule did not stay persistent.  Re-created a simple UFW 1812, 1813 UDP rule and it fixed it.  Successful Access-Accept.  Feel stupid.  Thanks for the reply.



More information about the Freeradius-Users mailing list