No auth requests through TLS tunnel if connection was checked
Alan DeKok
aland at deployingradius.com
Fri Apr 12 11:24:29 UTC 2024
On Apr 12, 2024, at 6:29 AM, nabble at felix.world wrote:
> I want to make some additional checks for RadSec connections.
>
> After I’ve set `check_client_connections` to `yes`, the server is handling the connection over the auth type "Autz-Type New-TLS-Connection”. So far so good but after the connection has accepted, no further traffic is reaching the radius server.
>
> I can see in packet captures that Access-Requests are send to the server and on the server netstat is also showing that packets are going to the socket which FreeRADIUS opens but only the queue is getting higher and never processed.
> After seeing this behaviour, of course also tested the behaviour with the default config. Just enabled tls, changed the `check_client_connections` and added a ip wildcard to the radsec clients.
>
> Since I haven’t found any open GitHub issue or something on this list I assume either no one is using the functionality or there is something I’ve overlooked.
It should work, but most of my focus has been on v4 recently.
I've pushed some more debug messages to the v3.2.x branch which may help track down what's going on. Can you try that?
Also try running with "-Xx", which will give a bit more information about what's going on in the TLS state machine.
Alan DeKok.
More information about the Freeradius-Users
mailing list