Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing proxied request for user "XXX", due to lack of any response from home server XXX port 1812 #8441

Open
KeanuAL opened this issue Dec 17, 2024 · 2 comments
Open

Failing proxied request for user "XXX", due to lack of any response from home server XXX port 1812 #8441

KeanuAL opened this issue Dec 17, 2024 · 2 comments
Labels
Type: Bug

Comments

@KeanuAL
Copy link

KeanuAL commented Dec 17, 2024

Hello Packetfence Team,

I implement a Packetfence NAC Cluster Solution in my Company and deal with EAP-TLS Authentication for our different Devices for Ethernet. As Single Host the Radius Authentication via EAP-TLS with Device Certificate is successful, but in a Cluster Environment, i cant authenticate with any device against PF Radius, because the Load Balancer dont redirect the Radius-Request correctly to the right backend server. I use the Freeradius Server delivered by PF itself on each server.

I test with a Windows 10 Client via Ethernet and I use the VIP as Radius Proxy Address to Proxy requests with the VIP to the Radius Backend. On the Switch the VIP Address is used too.
I use the Mode "Microsoft Smartcard or another Certificate" in Windows for EAP-TLS
The Packetfence Version is 14.0

I have tried:
Radius authentication on management - Disable and Enable (both) -> no success
Using the VIP Address as home server, because each server listens to this on port 1812 instead of their Host IPs -> no success
Restart Radius-Loadbalancer Services - no success
Try with Filter Engine to send the answer correctly - no success
Using the $src_ip variable and without the $src_ip variable (because i have one network interface)
To use another Load Balance Mode (Keyed Balance and Load Balance) - no success

image

Any ideas?

Kind of regards

Keanu
@fdurand
Copy link
Member

fdurand commented Dec 17, 2024

In cluster the radius-load-balancer normally use the destination port 1822 of the backend servers. Chect o see what you have in raddb/sites-enabled/packetfence-cluster to see if the port 1822 is defined for each backend.

@KeanuAL
Copy link
Author

KeanuAL commented Dec 18, 2024

The port is defined on each backend and i had configure 3 authentication sources with the 3 Backend IPs and Port 1822, but it doesnt work. The VIP will be used, when a client authenticate and about the VIP it should redirect to the radiusd-Backend. The radiusd-loadbalancer and the radiusd running on all 3 servers.

But i get the same error like the thread title with port 1822.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fdurand @KeanuAL