[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Fwd: Configurations for proxying radius requests to home-server using TCP
From: Abhilash Y G <ygabhi () gmail ! com>
Date: 2021-08-17 13:49:39
Message-ID: CAC6dAiOYUBVkHFXRj0dGbMmGqs7g33yxTLOzBGJB=_jBLvS4VQ () mail ! gmail ! com
[Download RAW message or body]
Regards,
Abhilash
---------- Forwarded message ---------
From: Abhilash Y G <ygabhi@gmail.com>
Date: Tue, 17 Aug 2021 at 19:06
Subject: Configurations for proxying radius requests to home-server using
TCP
To: <freeradius-users@lists.freeradius.org>
Hello,
We have a requirement to proxy the request from one freeradius server to
another radius server over a TCP.
I made some config changes for proxy and virtual server listening to TCP
requests over destination freeradius server, it seems it is causing issues
when a new socket is created. Whenever a new socket is created it is
sending all subsequent requests using the new socket and already sent
requests just timed out. I see those timed-out requests were
actually accepted by homeserver (freeradius running on it).
Could you please suggest configuration changes in proxy.conf and virtual
server configuration needed in homeserver.
Attaching the config files used.
Regards,
Abhilash
["homeServerConfig.txt" (text/plain)]
listen {
ipaddr = ${hostip}
port = 2017
#
# TCP and TLS sockets can accept Access-Request and
# Accounting-Request on the same socket.
#
# auth = only Access-Request
# acct = only Accounting-Request
# auth+acct = both
#
type = auth+acct
# For now, only TCP transport is allowed.
proto = tcp
# Send packets to the default virtual server
virtual_server = XXXX
clients = tcpclients
#
# Connection limiting for sockets with "proto = tcp".
#
limit {
#
# Limit the number of simultaneous TCP connections to the socket
#
# The default is 16.
# Setting this to 0 means "no limit"
max_connections = 0
# The per-socket "max_requests" option does not exist.
#
# The lifetime, in seconds, of a TCP connection. After
# this lifetime, the connection will be closed.
#
# Setting this to 0 means "forever".
lifetime = 0
#
# The idle timeout, in seconds, of a TCP connection.
# If no packets have been received over the connection for
# this time, the connection will be closed.
#
# Setting this to 0 means "no timeout".
#
# We STRONGLY RECOMMEND that you set an idle timeout.
#
idle_timeout = 0
}
}
clients tcpclients {
$INCLUDE ${raddbdir}/tcp_clients.conf
}
["proxyChanges.txt" (text/plain)]
proxy server {
default_fallback = no
post_proxy_authorize = no
}
home_server XX.XX.XX.XX {
type = auth+acct
ipaddr = XX.XX.XX.XX
port = 2017
proto = tcp
secret = secret
zombie_period = 30
revive_interval = 60
response_window = 20
status_check = none
limit {
max_connections = 900
lifetime = 0
idle_timeout = 480
}
}
home_server_pool datacenter {
type = keyed-balance
home_server = XX.XX.XX.XX
}
realm to_datacenter {
auth_pool = datacenter
nostrip
}
[Attachment #5 (text/plain)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic