Source-IP on server status packets

Alan DeKok aland at
Mon Aug 9 16:17:25 CEST 2021

On Aug 9, 2021, at 8:57 AM, Stefan Düring <duering at> wrote:
> We have 2 identical radius servers (FreeRADIUS 3.0.21)
> On the same servers radsecproxies are running. (radsecproxy 1.8.2)
> The servers have 2 IP adresses (1 as secondary which should be used for radius and radsecproxy).
> After freeradius restart everything works fine.
> Freeradius sends server status packets to the internal radsecproxy and to external radius servers (eduroam)
> with the correct source (secondary ip address).


> It works for a long time but suddenly one of these freeradius sends the server status packets with
> a wrong source ip (primary) to the internal radsecproxy.

  That is usually a routing issue.

  i.e. the OS decides what source IP to use for the proxied packets.

> Radsecproxy ignores these packets of course.
> We followed the instructions in FAQ ("Is there a way to bind FreeRADIUS to a specific IP address?")

  Read proxy.conf, look for "source IP address".  This is documented.

> Any ideas how to trace / correct this?

  Read the follow the documentation.

> Here are the configuration details:
> ### Server Network Config

 Not helpful.

> ### site default
> server default {
> listen {

  Not helpful.

>         type = auth
>         ipaddr =
>         port = 1812
> ...
> }
> ### proxy.conf

  Not helpful.

> ### RadSecProxy Log

  Very much not helpful.

  ALL of the documentation says to post the output of "radiusd -X".  When you join the list, you get a message which says to read

  Is there some other place we need to put the documentation so that people will read it, and follow the instructions?

  Alan DeKok.

More information about the Freeradius-Users mailing list