Access-Request counter on accounting server with TCP/TLS & Freeradius Proxy
Marcin Majkowski
marcin.majkowski at cyberzonehub.com
Fri May 31 13:29:37 UTC 2024
Greetings,
I've encountered a rising number of Access-Request, when I've
switched proxy.conf from Replicate-To-Realm by udp to Proxy-To-Realm with
tcp+tls.
Number of Access-Request is gathered via builtin status server in
accounting server.
[echo -e "Message-Authenticator = 0x00\nFreeRADIUS-Statistics-Type = 3" |
radclient -x 127.0.0.1:18121 status pass-pass ]
What I mean by rising, from noise level ~1 req/s upto 200 req/s.
After some debug, to my surprise there is no significant number of
Access-Request in stdout when running freeradius acct in foreground mode as
freeradius -fxxx -l stdout. Apart from Access-Accept sent to Status-Server
which is expected/fine.
Setup is:
3 hosts (proxy/auth/acct) with: radiusd: FreeRADIUS Version 3.2.4 (git
#7e8f34ec5)
[ FreeRADIUS Version 3.2.3 (git #db3d1924d) - was also affected ]
1st host is acting only as proxy, it forwards request to acct and auth
servers via local haproxy(tcp+tls).
Haproxy is configured to listen on different ports for both and in
proxy.conf servers are set as different under same realm. (I've also set
them to different realms accordingly, no change)
Is it a expected behaviour when using Proxy-To-Realm instead of
Replicate-To-Realm?
More information about the Freeradius-Users
mailing list