Preventing proxy loops

Arnaud LAURIOU arnaud.lauriou at
Tue Sep 1 11:19:11 CEST 2020


We have freeRADIUS proxies dedicated to eduroam, version 3.0.21.

Some of our clients are sending us Access-Request ... with their realm.
We forward them to their home_server (the same as the client) and
they send them back to us again. This sometimes creates loops.

How can we prevent our proxies from these loops ? Knowing that :
- We don't have access to the clients/home server organizations RADIUS
- We tried a filter in the pre-proxy section :
        if (Realm && ("%{home_server:ipaddr}" == "%{client:ipaddr}")) {
                update request {
                        &Module-Failure-Message += 'Rejected: loop prevent'
But this rule is too strict for the monitoring requests used by some 
- Another way ?


Arnaud Lauriou

More information about the Freeradius-Users mailing list