proxy issue

adrian.p.smith at bt.com adrian.p.smith at bt.com
Fri Oct 16 09:56:21 CEST 2020


We are facing a strange issue.

Using FreeRadius (3.0.15) to proxy some traffic and under certain circumstances the Access-Accept from the remote server appears to be ignored and we see the log message from this code in process.c.

/*
            *          No reply, BUT the current packet fails verification:
            *          ignore it.  This does the MD5 calculations in the
            *          server core, but I guess we can fix that later.
            */
            if (!request->proxy_reply &&
                (rad_verify(packet, request->proxy,
                                    request->home_server->secret) != 0)) {
                        DEBUG("Ignoring spoofed proxy reply.  Signature is invalid");
                        return 0;
            }

If we use radclient to send the same packet direct to the remote server, the reply is received with no issues. We have tried upgrading to 3.0.21 but the same code seems to be invoked. The comment in the code is a little cryptic and I'm wondering if anyone can shed any light on what might be causing this?

Thanks in advance.

Adrian



More information about the Freeradius-Users mailing list