AW: Problem Radius over VPN

Luca Bertoncello L.Bertoncello at queo-group.com
Thu Apr 14 06:14:59 UTC 2022 

Hi,

yesterday evening I tried to configure the VPNs to use the "fragment" option. And now it works...

Regards
Luca

-----Ursprüngliche Nachricht-----
Von: Freeradius-Users <freeradius-users-bounces+l.bertoncello=queo-group.com at lists.freeradius.org> Im Auftrag von Alan Buxey
Gesendet: Mittwoch, 13. April 2022 17:11
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: Problem Radius over VPN

Allow fragmented UDP? (Much like people running RADIUS across WAN have to do at perimeter firewalls)

alan

On Wed, 13 Apr 2022, 08:24 Luca Bertoncello, <L.Bertoncello at queo-group.com>
wrote:

> Hi list!
>
> I already reported in March my problems using Freeradius over VPN.
> I spent many time searching the problem, and maybe I found something, 
> but I have no idea how to correct the problem...
>
> So, short explanation:
> Main office with Freeradius, connected via OpenVPN to our central 
> VPN-Server.
> Second office with the AccessPoints, connected via OpenVPN to our 
> central VPN.
> "Normal" pakets from second office to main office (and viceversa) go 
> through both VPNs.
>
> Now, I sniffed the pakets on all servers (VPN server on second office, 
> central VPN server, VPN server on main office and Freeradius), and I 
> discovered that some pakets are blocked.
>
> Wireshark on VPN server of the second office:
>
> 12      2022-03-25 14:39:48,154608      10.0.21.10      10.6.21.10
> RADIUS  979     Access-Challenge id=86
> 13      2022-03-25 14:39:48,476555      10.6.21.10      10.0.21.10
> IPv4    1500    Fragmented IP protocol (proto=UDP 17, off=0, ID=41c1)
> 14      2022-03-25 14:39:48,507473      10.0.21.10      10.6.21.10
> RADIUS  92      Access-Challenge id=87
> 15      2022-03-25 14:39:48,533183      10.6.21.10      10.0.21.10
> IPv4    1500    Fragmented IP protocol (proto=UDP 17, off=0, ID=41c2)
> 16      2022-03-25 14:39:51,533406      10.6.21.10      10.0.21.10
> IPv4    1500    Fragmented IP protocol (proto=UDP 17, off=0, ID=42d9)
>
> Wireshark on central VPN:
>
> 12      2022-03-25 14:39:48,129787      10.0.21.10      10.6.21.10
> RADIUS  979     Access-Challenge id=86
> 13      2022-03-25 14:39:48,488993      10.6.21.10      10.0.21.10
> IPv4    1500    Fragmented IP protocol (proto=UDP 17, off=0, ID=41c1)
> 14      2022-03-25 14:39:48,501213      10.0.21.10      10.6.21.10
> RADIUS  92      Access-Challenge id=87
>
> No other pakets after paket 14 (ID 87) reach the central VPN serve, so 
> the problem "must be" either on the central VPN server or on the VPN 
> server oft he second office...
> Now the very question: do someone have an idea why just the first 
> fragmented paket run over all VPNs and the other one do not?
>
> Thanks a lot
> Luca
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list