RADSEC keep TLS connections open with keep-alive

[Alan DeKok]

On Feb 20, 2025, at 5:58 AM, Michal Moravec <michal.moravec at macadmin.cz> wrote:
> Is it possible to configure FreeRADIUS server not to close TCP/TLS RADSEC connection between NAS and RADIUS server after completing a single request?

  Huh?  The server doesn't do that.

  If the connection is closed after one request, it's likely that the other end is closing it.

  As always... *read the debug log* to see what's going on.  The messages will tell you if FreeRADIUS closed the connection due to idle timeout, etc., or if the other end closed the connection.

> Some network vendors support sending keep-alive messages through the connection in order to keep it established and re-use it for subsequent requests.

  This is the Status-Server packet.  FreeRADIUS supports this.

> I think a possible alternate solution would be to put a load balancer in front of the RADIUS server which would handle the persistent connection.

  Or, configure the client to *not* close the connection after every packet.

  I doubt very much that this is a FreeRADIUS issue.  We've done huge amounts of testing with billions of packets.  It absolutely does not close the TLS connection after every single packet.

  Alan DeKok.