Configuring FreeRADIUS Behind Azure Load Balancer - Health Probe Issue
Luca Borruto
luca.borruto at agicap.com
Fri Feb 7 08:20:36 UTC 2025
Hello everyone,
I am currently running FreeRADIUS v3.2.6 on K8S behind an Azure Load
Balancer, serving RadSec (TLS on TCP 2083) for wifi EAP authentication.
The load balancer is configured with a TCP health probe on port 2083 to
verify the service’s availability (that's the way Azure LB works), the
issue is that FreeRADIUS does not seem to accept these health probe
requests. In the logs, I see messages like:
Ignoring request to auth+acct proto tcp address * port 2083 (TLS)
bound to server default from unknown client 10.0.2.4 port 3286 proto
tcp
The health probe originates from internal ALB IPs (e.g., 10.0.2.4,
10.0.2.33). FreeRADIUS rejects them as unknown clients and as a result, the
load balancer marks the service as unhealthy and so, the traffic is not
achieved to the freeradius pods.
I am looking for guidance on the recommended way to configure FreeRADIUS to
work behind an Azure Load Balancer:
What is the best practice for handling this scenario? Any official
recommendations or insights from the community would be greatly appreciated.
Best regards,
Luca Borruto
IT System Administrator
More information about the Freeradius-Users
mailing list