'Re: RadSec client FR server stalls when offline'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: RadSec client FR server stalls when offline
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2024-03-26 14:22:56
Message-ID: 0E8544FF-84AD-408D-AAFE-814F96FC50C5 () deployingradius ! com
[Download RAW message or body]

On Mar 26, 2024, at 10:06 AM, Marija Milojkovic via Freeradius-Users \
<freeradius-users@lists.freeradius.org> wrote:
> We have a setup where we have Local FR server (in WLAN, with caching)  used as \
> Radsec Proxy to Central Radius Server (in the cloud). We are obligated to use \
> tcp/tls for Local-Central FR communication. NAS calls Local FR, local FR checks \
> cache, and if not found propagates request to Central FR. If Central FR replies, we \
> cache result. If it doesn't reply with some very short timeout, we give users \
> access to WLAN with short lived session (so NAS will retry in short time). 
> 
> All worked fine except in the case where Local Radius is offline.
> If Local Radius doesn't have access to internet, it stalls for few minutes (instead \
> of few seconds) until it marks Central Radius home server dead, which really makes \
> our setup unusable. 
> Also, looks like  when photo = tcp is used, status_check = "status-server" and \
> connected config params are not used, and it revives home server with fixed \
> revive_interval….it doesn't do any checks in the mean time, which is bad, because \
> we would like to know when home server is available (we are back online) as soon as \
> possible, and also would't like to mark it alive if it is not (both of which \
> check_interval with check_timeout would solve)…. 
> Is this bug/known issue/any chance it gets solved in 3.2.x?

  Please try the v3.2.x branch GitHub: \
https://github.com/FreeRADIUS/freeradius-server/tree/v3.2.x

  We've put fixes in which should help.

  See https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/sites-available/tls


  and the comments on "nonblock".  Set "nonblock=true", and it should help.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic