tunneled_reply vs outer.session-state

Jack Carter jack_carter94 at hotmail.com
Mon Apr 15 20:23:22 UTC 2024 

Hi Alan, 

I have spent the last two days trying to work this out… I’m trying to provide you with all the information I can think to be relevant and clearly getting it wrong… sorry about that but it’s not on purpose. 

Would you be able to share a link to the documentation I need as I have been reading through this: https://freeradius.org/documentation/freeradius-server/4.0~alpha1/raddb/mods-available/eap.html which contains a dead link to the sites-available/inner-tunnel (https://freeradius.org/sites-available/inner-tunnel.adoc) plus can now see that the documentation is for 4.0-alpha1 according to the URL. now looking on GitHub.

If I’m using the wrong test method are you able to assist with the correct one? If I run radtest from another instance (having set it up as a client) would that be a valid test?

Jack

> On 15 Apr 2024, at 18:54, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Apr 15, 2024, at 1:43 PM, Jack Carter <jack_carter94 at hotmail.com> wrote:
>> Ok.. lets start again…
> 
>  The link I posted documents what information we need in order to help you.  It explicitly says do NOT post the configuration files.  It also says to show the server receiving packets.
> 
>  The message you posted didn't follow either recommendation.
> 
>> I am trying to remove the depreciated use_tunneled_reply in place of updating the outer.session-state but can’t seem to get it working. Users are not authorised after adjusting the config to the following… what am I missing?
> 
>  Read the documentation and follow it.
> 
>> I am testing this with: radtest -t mschap test.user password 127.0.0.1:18120 0 testing123
> 
>  Which doesn't test the process you're trying to debug.  If you send packets directly to the inner tunnel, then there's no outer tunnel.
> 
>  If you're doing to test inner/outer tunnel policies, then you have to send the server EAP traffic which will run both the inner and outer policies.
> 
>> Thanks in advance for any assistance you can provide.
> 
>  I'm trying.  It's not working well.
> 
>> Jack
>> 
>> Output from freeradisu -X:
>> ...
>> Ready to process requests
> 
>  And nothing about the server processing packets.  How are you going to debug the server packet processing when the logs don't show it processing any packets?
> 
>  Perhaps there's a documentation page you could follow which says exactly what to do.
> 
>  If you're not going to read or follow the documentation, it will be very difficult to solve any configuration problems.
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list