DHCP Radius proxy (IPv4 and IPv6)

Alan DeKok aland at deployingradius.com
Mon May 29 14:45:19 UTC 2023 

On May 29, 2023, at 10:07 AM, Ľudovít Mikula <ludovit.mikula at mikori.sk> wrote:
> 
>>   You should really start with the example, and then change as little as possible.  If the default doesn't work, then the default is wrong.  But if the default works and your changes break it, well... you know what happened.
>>   When you start off by changing random things and "it doesn't work", then you have no idea what the problem is.
> Actually I have started with the default configuration, but it did not work.

  It's best to say that.  We can then fix the default configuration.

> freeradius  | Mon May 29 13:51:10 2023: Debug :         max_attributes = DHCPV6_MAX_ATTRIBUTES
> freeradius  | Mon May 29 13:51:10 2023: Error : /opt/freeradius/etc/raddb/sites-enabled/dhcpv6[93]: Invalid value "DHCPV6_MAX_ATTRIBUTES" for config item max_attributes: Failed parsing string as type 'uint32'

  I've pushed a fix for that.

> Then it threw this error:
> freeradius  | Mon May 29 13:57:23 2023: Error : Duplicate proto_dhcpv6 instance "dhcpv6.dhcpv6", previous instance defined at /opt/freeradius/etc/raddb/sites-enabled/dhcpv6[65]

  I've pushed a fix for that, and made the error messages clearer.

> So I thought having two listeners without name is not allowed, so I have added names to both (hence multicast and unicast)
> 
> This finally made it to work in a way that the server starts - no errors, only these warnings:
> Mon May 29 14:01:43 2023: Warn  : trigger { ... } subsection not found, triggers will be disabled
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[793]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[809]: Ignoring "-ldap" as the "ldap" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[1115]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[1228]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[1443]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[978]: Ignoring "-ldap" as the "ldap" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/default[80]: radius  { ... } section is unused
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/dhcpv6[212]: dhcpv6  { ... } section is unused
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/dhcpv6[301]: send Offer { ... } section is unused
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[124]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[134]: Ignoring "-ldap" as the "ldap" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[267]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : /opt/freeradius/etc/raddb/sites-enabled/inner-tunnel[302]: Ignoring "-sql" as the "sql" module is not enabled.
> Mon May 29 14:01:43 2023: Warn  : src/lib/server/virtual_servers.c[311]: radius  { ... } section is unused
> Mon May 29 14:01:43 2023: Warn  : inner-eap - Failed to find 'authenticate inner-eap {...}' section.  EAP authentication will likely not work
> Mon May 29 14:01:43 2023: Warn  : tls - A virtual_server must be provided for stateful caching. cache.mode = "auto" rewritten to cache.mode = "stateless"
> Mon May 29 14:01:43 2023: Warn  : tls - A virtual_server must be provided for stateful caching. cache.mode = "auto" rewritten to cache.mode = "stateless"

  Those are all for RADIUS, and are unrelated to DHCPv6.

> but it does not process the requests, this is the only output I get when I run the dhclient:
> ...
> Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - Received Solicit XID 00e92f3c length 56 dhcpv6_udp server ff02::1:2 port 547 on interface eth0
> Mon May 29 14:05:23 2023: ERROR : (0)  ERROR: Virtual server "(null)" not compiled
> Mon May 29 14:05:23 2023: ERROR : (0)  ERROR: Protocol failed to set 'process' function
> Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - cleaning up request in 5.000000s
> Mon May 29 14:05:23 2023: Debug : proto_dhcpv6_udp - Received Solicit XID 00566cdf length 56 dhcpv6_udp server ff02::1:2 port 547 on interface eth0
> Mon May 29 14:05:23 2023: ERROR : (1)  ERROR: Virtual server "(null)" not compiled
> Mon May 29 14:05:23 2023: ERROR : (1)  ERROR: Protocol failed to set 'process' function

  That should work... it did work at one point.  Clearly the tests need to be updated.

  I don't have more time to spend on this right now, but I'll take a look.

  Alan DeKok.

More information about the Freeradius-Users mailing list