Fwd: Configurations for proxying radius requests to home-server using TCP

Tue Aug 17 15:49:19 CEST 2021

Regards,
Abhilash

---------- Forwarded message ---------
From: Abhilash Y G <ygabhi at gmail.com>
Date: Tue, 17 Aug 2021 at 19:06
Subject: Configurations for proxying radius requests to home-server using
TCP
To: <freeradius-users at lists.freeradius.org>

Hello,

We have a requirement to proxy the request from one freeradius server to
another radius server over a TCP.
I made some config changes for proxy and virtual server listening to TCP
requests over destination freeradius server, it seems it is causing issues
when a new socket is created. Whenever a new socket is created it is
sending all subsequent requests using the new socket and already sent
requests just timed out. I see those timed-out requests were
actually accepted by homeserver (freeradius running on it).

Could you please suggest configuration changes in proxy.conf and virtual
server configuration needed in homeserver.

Attaching the config files used.

Regards,
Abhilash
-------------- next part --------------
listen {
ipaddr = ${hostip}
port = 2017

    #
    #  TCP and TLS sockets can accept Access-Request and
    #  Accounting-Request on the same socket.
    #
    #       auth      = only Access-Request
    #       acct      = only Accounting-Request
    #       auth+acct = both
    #
    type = auth+acct

    # For now, only TCP transport is allowed.
    proto = tcp

    # Send packets to the default virtual server
    virtual_server = XXXX

    clients = tcpclients

    #
    #  Connection limiting for sockets with "proto = tcp".
    #
    limit {
          #
          #  Limit the number of simultaneous TCP connections to the socket
          #
          #  The default is 16.
          #  Setting this to 0 means "no limit"
          max_connections = 0

          #  The per-socket "max_requests" option does not exist.

          #
          #  The lifetime, in seconds, of a TCP connection.  After
          #  this lifetime, the connection will be closed.
          #
          #  Setting this to 0 means "forever".
          lifetime = 0

          #
          #  The idle timeout, in seconds, of a TCP connection.
          #  If no packets have been received over the connection for
          #  this time, the connection will be closed.
          #
          #  Setting this to 0 means "no timeout".
          #
          #  We STRONGLY RECOMMEND that you set an idle timeout.
          #
          idle_timeout = 0
    }
}

clients tcpclients {
$INCLUDE ${raddbdir}/tcp_clients.conf
}

-------------- next part --------------
proxy server {
	default_fallback = no
	post_proxy_authorize = no
}

home_server XX.XX.XX.XX {
	type = auth+acct
	ipaddr = XX.XX.XX.XX
	port = 2017
	proto = tcp
	secret = secret
	zombie_period = 30
	revive_interval = 60
	response_window = 20
	status_check = none
	limit {
		max_connections = 900
		lifetime = 0
		idle_timeout = 480
	}
}

home_server_pool datacenter {
	type = keyed-balance
	home_server = XX.XX.XX.XX
}

realm to_datacenter {
	auth_pool = datacenter
	nostrip
}