global/wildcard config for COA server?

P. R.M. romero619 at
Sun Dec 15 00:54:20 CET 2019

I need to configure freeradius so that it will send COA/disconnect messages to a given NAS using a 'global COA configuration' for COA-related settings such as port #, shared secret, retransmit, etc., yet without having to hard-code the IP address of the NAS within a home_server section (in a similar way to how a client can be setup with wildcard host/network address).  I tried using a wildcard IP address within a home_server configuration, but it doesn't work; I received a "Wildcard '*' addresses are not permitted for home servers" error.

According to the documentation, freeradius will supposedly try to send a COA/disconnect message to the same NAS that sent the original RADIUS request. However, in practice, it doesn't work; it produces an error "Unknown destination {IP:PORT} for CoA request." since it cannot match the NAS to an existing home_server config.  So, even though it auto-detects the target for the COA packet, it's not very useful in situations where you need a wildcard "open-to-any-client" setup.

Ideally, it would be useful to have freeradius respond to a given client/NAS using the same 'shared secret' that was used to connect to that particular client (even if the client is configured with a wildcard IP), and/or perhaps also global configuration for the other COA settings (UDP port # and the retransmit settings). At the very least, a wildcard IP address for a COA home_server config would be very helpful.

 Is there already a way to set something like this up? Or, is it possible via a work-around? If not, can this be put in as a feature request?

Thanks in advance,

More information about the Freeradius-Users mailing list