DHCP Radius proxy (IPv4 and IPv6)

Ľudovít Mikula ludovit.mikula at mikori.sk
Mon May 29 14:07:01 UTC 2023


> 
>    You should really start with the example, and then change as little as possible.  If the default doesn't work, then the default is wrong.  But if the default works and your changes break it, well... you know what happened.
> 
>    When you start off by changing random things and "it doesn't work", then you have no idea what the problem is.
> 
Actually I have started with the default configuration, but it did not work.
Here is a diff of the two changes I did compared to master:

@@ -38,7 +38,7 @@
  	#  use the same interface.  So it is defined here once, and used
  	#  below.
  	#
-	interface = en0
+	interface = eth0

  	#
  	#  port:: The port where we accept packets.
@@ -197,7 +197,7 @@
  			#  "link local" address on that interface,
  			#  and use that as the value for `ipaddr`.
  			#
-#			ipaddr = 2001:db8::
+			ipaddr = 2001:3200:3200::10

  			port = ${...port}
  			interface = ${...interface}

I've got this error:
freeradius  | Mon May 29 13:51:10 2023: Debug : Loaded module 
proto_dhcpv6_udp
freeradius  | Mon May 29 13:51:10 2023: Debug :       udp {
freeradius  | Mon May 29 13:51:10 2023: Debug :         ipaddr = FF02::1:2
freeradius  | Mon May 29 13:51:10 2023: Debug :         interface = eth0
freeradius  | Mon May 29 13:51:10 2023: Debug :         port = 547
freeradius  | Mon May 29 13:51:10 2023: Debug :         networks {
freeradius  | Mon May 29 13:51:10 2023: Debug :         }
freeradius  | Mon May 29 13:51:10 2023: Debug :         max_packet_size 
= 8192
freeradius  | Mon May 29 13:51:10 2023: Debug :         max_attributes = 
DHCPV6_MAX_ATTRIBUTES
freeradius  | Mon May 29 13:51:10 2023: Error : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[93]: Invalid value 
"DHCPV6_MAX_ATTRIBUTES" for config item max_attributes: Failed parsing 
string as type 'uint32'
freeradius  | Mon May 29 13:51:10 2023: Error : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[93]: Failed evaluating 
configuration for module "proto_dhcpv6_udp"
freeradius  | Mon May 29 13:51:10 2023: Error : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[65]: Failed evaluating 
configuration for module "proto_dhcpv6"
freeradius  | Mon May 29 13:51:10 2023: Error : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[65]: Failed parsing 
config for listener

So I've added:  max_attributes = 200
to the udp part of both listeners (it's probably possible to set the 
DHCPV6_MAX_ATTRIBUTES somewhere, but an environment variable did not 
work, so I've set it directly.

Then it threw this error:
freeradius  | Mon May 29 13:57:23 2023: Error : Duplicate proto_dhcpv6 
instance "dhcpv6.dhcpv6", previous instance defined at 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[65]

So I thought having two listeners without name is not allowed, so I have 
added names to both (hence multicast and unicast)

This finally made it to work in a way that the server starts - no 
errors, only these warnings:
Mon May 29 14:01:43 2023: Warn  : trigger { ... } subsection not found, 
triggers will be disabled
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[793]: Ignoring "-sql" as 
the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[809]: Ignoring "-ldap" 
as the "ldap" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[1115]: Ignoring "-sql" 
as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[1228]: Ignoring "-sql" 
as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[1443]: Ignoring "-sql" 
as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[978]: Ignoring "-ldap" 
as the "ldap" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/default[80]: radius  { ... } 
section is unused
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[212]: dhcpv6  { ... } 
section is unused
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/dhcpv6[301]: send Offer { ... } 
section is unused
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[124]: Ignoring 
"-sql" as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[134]: Ignoring 
"-ldap" as the "ldap" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[267]: Ignoring 
"-sql" as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : 
/opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[302]: Ignoring 
"-sql" as the "sql" module is not enabled.
Mon May 29 14:01:43 2023: Warn  : src/lib/server/virtual_servers.c[311]: 
radius  { ... } section is unused
Mon May 29 14:01:43 2023: Warn  : inner-eap - Failed to find 
'authenticate inner-eap {...}' section.  EAP authentication will likely 
not work
Mon May 29 14:01:43 2023: Warn  : tls - A virtual_server must be 
provided for stateful caching. cache.mode = "auto" rewritten to 
cache.mode = "stateless"
Mon May 29 14:01:43 2023: Warn  : tls - A virtual_server must be 
provided for stateful caching. cache.mode = "auto" rewritten to 
cache.mode = "stateless"


but it does not process the requests, this is the only output I get when 
I run the dhclient:

on May 29 14:01:43 2023: Debug : Scheduler created in single-threaded mode
Mon May 29 14:01:43 2023: Debug : #### Opening listener interfaces ####
Mon May 29 14:01:43 2023: Debug : Listening on radius_udp server * port 
1812 bound to virtual server default
Mon May 29 14:01:43 2023: Debug : Listening on radius_tcp server * port 
1812 bound to virtual server default
Mon May 29 14:01:43 2023: Debug : Listening on radius_udp server * port 
1813 bound to virtual server default
Mon May 29 14:01:43 2023: Debug : Listening on dhcpv6_udp server 
ff02::1:2 port 547 on interface eth0 bound to virtual server (null)
Mon May 29 14:01:43 2023: Debug : Listening on dhcpv6_udp server 
2001:3200:3200::10 port 547 on interface eth0 bound to virtual server (null)
Mon May 29 14:01:43 2023: Debug : Listening on radius_udp server 
127.0.0.1 port 18120 bound to virtual server inner-tunnel
Mon May 29 14:01:43 2023: Info  : Ready to process requests

Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - Received Solicit 
XID 00e92f3c length 56 dhcpv6_udp server ff02::1:2 port 547 on interface 
eth0
Mon May 29 14:05:23 2023: ERROR : (0)  ERROR: Virtual server "(null)" 
not compiled
Mon May 29 14:05:23 2023: ERROR : (0)  ERROR: Protocol failed to set 
'process' function
Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - cleaning up request 
in 5.000000s
Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - Received Solicit 
XID 00566cdf length 56 dhcpv6_udp server ff02::1:2 port 547 on interface 
eth0
Mon May 29 14:05:23 2023: ERROR : (1)  ERROR: Virtual server "(null)" 
not compiled
Mon May 29 14:05:23 2023: ERROR : (1)  ERROR: Protocol failed to set 
'process' function
Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - cleaning up request 
in 5.000000s
Mon May 29 14:05:28 2023: Debug : TIMER - proto_dhcpv6_udp - cleanup delay
Mon May 29 14:05:28 2023: Debug : TIMER - proto_dhcpv6_udp - cleanup delay

Ludo


More information about the Freeradius-Users mailing list