TLS Radsec

Rodrigo Prieto rodrigoprieto2019 at gmail.com
Tue Jun 10 14:10:28 UTC 2025 

I disabled the client.conf configuration since I'm currently testing with
RadSec only. The only way for the timeout to be applied is by adding the
following inside:

  client prueba {
    ipaddr = 192.168.122.188
    .......

    limit {
      max_connections = 16
      lifetime = 0
      idle_timeout = 45
    }
  }

For those 45 seconds to take effect, the idle_timeout in the following
block must be greater, for example, 60:

listen {
  ipaddr = *
  port = 2083

  limit {
    idle_timeout = 60
    .......
}

I calculate it must be the normal behavior, I'm leaving the radsecproxy
output

Tue Jun 10 11:03:02 2025: sslreadtimeout: SSL: error:0A000126:SSL
routines::unexpected eof while reading
Tue Jun 10 11:03:02 2025: tlsclientrd: connection to server freeradius_tls
lost
Tue Jun 10 11:03:02 2025: tlsconnect: TLS connection to freeradius_tls
(Servidor-Freeradius port 2083), subject
emailAddress=admin at example.org,CN=Servidor-Freeradius,O=Example
Inc.,ST=Radius,C=FR up
Tue Jun 10 11:03:47 2025: sslreadtimeout: SSL: error:0A000126:SSL
routines::unexpected eof while reading
Tue Jun 10 11:03:47 2025: tlsclientrd: connection to server freeradius_tls
lost
Tue Jun 10 11:03:47 2025: tlsconnect: TLS connection to freeradius_tls
(Servidor-Freeradius port 2083), subject
emailAddress=admin at example.org,CN=Servidor-Freeradius,O=Example
Inc.,ST=Radius,C=FR up

Thanks for explaining, and it's not my intention to bother you; it's a
difficult server to configure, that's why my questions

El mar, 10 jun 2025 a las 10:15, Alan DeKok (<aland at deployingradius.com>)
escribió:

> On Jun 10, 2025, at 9:01 AM, Rodrigo Prieto <rodrigoprieto2019 at gmail.com>
> wrote:
> > Thanks Alan for replying. I'm configuring it in this place, and if I set
> it to more than 30 seconds, it doesn't take effect.
>
>   It does take effect.  Read the debug output.  Look for "idle_timeout":
>
> >  client cliente2 {
> >   ipaddr = 192.168.122.188
> >   require_message_authenticator = "no"
> >   secret = <<< secret >>>
> >   limit {
> >   max_connections = 16
> >   lifetime = 0
> >   idle_timeout = 30
> >   }
> >  }
> > ...
> > Reached idle timeout on socket auth+acct from client (192.168.122.188,
> 39871) -> (*, 2083, virtual-server=default)
> >  ... shutting down socket auth+acct from client (192.168.122.188, 39871)
> -> (*, 2083, virtual-server=default)
> > ... cleaning up socket auth+acct from client (192.168.122.188, 39871) ->
> (*, 2083, virtual-server=default)
> > Ready to process requests
>
>   The problem, and solution, should be obvious.
>
>   You can also read the comments for idle_timeout in the clients.conf
> file.  It explains this behavior.
>
>   Alan DeKok.
>
>

More information about the Freeradius-Users mailing list