free radius health check

[Alan DeKok]

On May 20, 2022, at 7:56 AM, Mark Lybarger <mlybarger at gmail.com> wrote:
> i'm looking to have a health check for my freeradius servers.  they're
> doing udp on 1812/1813, but my aws nlb only handles health check via tcp
> (http).  is there a way to expose an http port in addition to the udp ports
> for freeradius? or any clever ways to handle this?

  I'd second Monit.  The RADIUS implementation there was contributed by myself, so I know it works.  :)  We use it all of the time in production.

  According to this page, you can use TCP:

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html

  So you should be able to configure the source IP of the load balancer as a RADIUS client, and then listen on port 80:

	listen {
		type = status
		proto = tcp
		ipaddr = *
		port = 80
		
		clients = aws_nlb
	}

  You'll also need to edit clients.conf, and add:

clients aws_nlb {
	client aws_nlb {
		ipaddr = ip.of.the.aws.nlb
		proto = tcp
		secret = "nothing"
	}
}

  The load balancer is not going to actually send any RADIUS packets.  It will just connect, and then disconnect.  But the above configuration should allow it to work.

  Alan DeKok.