Join Log in
Score:1
Oye avatar Server

FreeRadius server not responding to Access-Request

ua flag
Oye

I currently deployed freeradius and radtest looks good for local host but when I sent Access-Request from external server, FreeRadius server doesn't reply. see below output of radsniff

[root@pgw-radius tmp]# radsniff -i ens192
2023-03-18 17:29:17.588990 (1) Access-Request Id 91 ens192:10.0.34.13:48791 -> 10.0.33.108:1812 +0.000
2023-03-18 17:29:22.788990 (1) ** norsp ** Access-Request Id 91 ens192:10.0.34.13:48791 -> 10.0.33.108:1812
2023-03-18 17:29:52.771149 (2) Access-Request Id 51 ens192:10.0.34.13:48799 -> 10.0.33.108:1812 +35.182
2023-03-18 17:29:52.865949 (3) Access-Request Id 92 ens192:10.0.34.13:48791 -> 10.0.33.108:1812 +35.276
2023-03-18 17:29:57.971149 (2) ** norsp ** Access-Request Id 51 ens192:10.0.34.13:48799 -> 10.0.33.108:1812
2023-03-18 17:29:58.659490 (3) ** norsp ** Access-Request Id 92 ens192:10.0.34.13:48791 -> 10.0.33.108:1812

Debug Results

Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 43265
Listening on proxy address :: port 40852
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48791 proto udp
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.34.13 port 48799 proto udp
Ready to process requests
807
2 + 3
Saxtheowl avatar
by flag
Saxtheowl
Have you check if a firewall rules are blocking incomign traffic to port 1812
0
Reply
fr flag
Tomek
Did you add your client's ip/network address to clients.conf? Does the secret match?
0
Reply
Oye avatar
ua flag
Oye
Yes, they match, the secrets are same , I also changed this line in the clients.conf file # not be used in any real environment. # secret = kjhefoihjeqwrfiuh # # Old-style clients do not send a Message-Authenticator
0
Reply
Score:0
Saxtheowl avatar Server
by flag
Saxtheowl

There is a couple of things you can do, first check if port 1812 is not blocked by something, also your Freeradius could be misconfigured, check the config files /etc/raddb/clients.conf and /etc/raddb/users be sure that the external server is allowed to send Acces-Request packets and the auth method is configured as you want

+ 0
Score:0
Oye avatar Server
ua flag
Oye

Thanks guys, the issue was on the /etc/raddb/users "Authorize" file, the Server is responding with Access-reject now, the next steps is to check the Authentication and encryption type.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.