RadSec client FR server stalls when offline

[Alan DeKok]

On Mar 26, 2024, at 10:06 AM, Marija Milojkovic via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> We have a setup where we have Local FR server (in WLAN, with caching)  used as Radsec Proxy to Central Radius Server (in the cloud). We are obligated to use tcp/tls for Local-Central FR communication.
> NAS calls Local FR, local FR checks cache, and if not found propagates request to Central FR. If Central FR replies, we cache result. If it doesn’t reply with some very short timeout, we give users access to WLAN with short lived session (so NAS will retry in short time).
> 
> 
> All worked fine except in the case where Local Radius is offline.
> If Local Radius doesn’t have access to internet, it stalls for few minutes (instead of few seconds) until it marks Central Radius home server dead, which really makes our setup unusable.
> 
> Also, looks like  when photo = tcp is used, status_check = "status-server” and connected config params are not used, and it revives home server with fixed revive_interval….it doesn’t do any checks in the mean time, which is bad, because we would like to know when home server is available (we are back online) as soon as possible, and also would’t like to mark it alive if it is not (both of which check_interval with check_timeout would solve)….
> 
> Is this bug/known issue/any chance it gets solved in 3.2.x?

  Please try the v3.2.x branch GitHub: https://github.com/FreeRADIUS/freeradius-server/tree/v3.2.x

  We've put fixes in which should help.

  See https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/sites-available/tls

  and the comments on "nonblock".  Set "nonblock=true", and it should help.

  Alan DeKok.