Preventing proxy loops
Arnaud LAURIOU
arnaud.lauriou at renater.fr
Tue Sep 1 11:19:11 CEST 2020
Hello,
We have freeRADIUS proxies dedicated to eduroam, version 3.0.21.
Some of our clients are sending us Access-Request ... with their realm.
We forward them to their home_server (the same as the client) and
they send them back to us again. This sometimes creates loops.
How can we prevent our proxies from these loops ? Knowing that :
- We don't have access to the clients/home server organizations RADIUS
configs.
- We tried a filter in the pre-proxy section :
if (Realm && ("%{home_server:ipaddr}" == "%{client:ipaddr}")) {
update request {
&Module-Failure-Message += 'Rejected: loop prevent'
}
reject
}
But this rule is too strict for the monitoring requests used by some
organizations.
- Another way ?
Regards,
Arnaud Lauriou
More information about the Freeradius-Users
mailing list