proxy timeout

Alan DeKok aland at
Sat Dec 12 15:40:07 CET 2020

On Dec 11, 2020, at 1:20 PM, Matt Zagrabelny via Freeradius-Users <freeradius-users at> wrote:
> Our institution is proxying auth requests to a Duo enabled RADIUS server
> off site. Due to the delay in the WAN, plus the human delay of the 2FA I
> would like to have an appropriate configured timeout for the proxy. I am
> thinking 60 seconds. Is that value too large?


  Most NAS equipment will give up after 30s or so.

> Attempting to change the timeout for the proxy yields a message that I
> cannot set the value to 60 seconds:
> WARNING: Ignoring "response_window = 60.000000", forcing to
> "response_window = 30.000000"


> According to the docs it looks like it should accept 60:

  It does, mostly.

  But if you have "max_request_time = 30", then the request will time out after 30s.  So that's why the response_window is capped.

  The solution is to change *both* settings.  But....

  Most NAS equipment will give up after 30s or so.  So changing this in FreeRADIUS *might* help, but also might not do anything.

  Alan DeKok.

More information about the Freeradius-Users mailing list