Issue with disconnection between radsecproxy client and freeradius server
Alan DeKok
aland at deployingradius.com
Mon Mar 24 06:48:38 UTC 2025
On Mar 23, 2025, at 9:32 PM, James Wood via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> What is the reason that it is not recommended to set the idle_timouet to 0?
Why would you want to keep a connection open if it's not being used?
What is the purpose in keeping a connection open for days or weeks, if it doesn't pass traffic?
> If clients such as radsecproxy are not expecting to have to reconnect every
> 30 seconds, it's conflicting I guess on what practice is best/expected.
No. The issue is conflicting configurations.
You've configured FreeRADIUS to close idle connections., You've configured radsecproy to keep connections open (and to reconnect), even if the connections are idle.
Instead, pick one of two things:
1) configure both sides to keep idle connections open
2) configure both sides to close idle connections.
> Out of interest do you know any other lightweight radsec clients that would
> be good for embedded devices such as openwrt? The freeradius package
> itself, just to use as a radsec client, would be too large in size and
> mostly wasted if not using it as a server etc..
What's "mostly wasted"?
It's 2025. FreeRADIUS uses much less memory than a browser, or even a terminal window. There shouldn't be any problems with using it in an embedded system.
Alan DeKok.
More information about the Freeradius-Users
mailing list