Bug #14179
openFreeRadius is active but in an inoperable state, switches to a generated freeradius-temp certificate upon restart
0%
Description
I was testing my HA setup yesterday evening and used the "Enter Persistent CARP Maintenance Mode" button quite a few times.
Afterwards I noticed that neither WLAN nor OpenVPN connections were working. The WLAN access points and OpenVPN server were up. FreeRadius was running.
This was in the logs:
Ignoring request to auth address 10.0.59.1 port 1812 bound to server default from unknown client 10.0.59.51 port 52957 proto udp
Login incorrect (Failed retrieving values required to evaluate condition): [<user>] (from client pfsense port <openvpn-port> cli <client-ip>:<openvpn-port>) User=<user>,Called-Station-Id=<mac-address>:<pfsense-dns-name>,Calling-Station-Id=<client-ip>:<openvpn-port>,NAS-IP-Address=10.0.1.2,NAS-Port=<openvpn-port>,NAS-Identifier=openVPN,NAS-Port-Type=Virtual,Client-IP-Address=127.0.0.1
The first entry was one of many connection attempts of one of my access points to the FreeRadius server listening on 10.0.59.1. The client is configured, as it has been for years.
The second was from an OpenVPN connection attempt.
After restarting FreeRadius - without any configuration change - I tried connecting to my WLAN again. It then showed me I was supposed to accept a freeradius-temp certificate, which seems to have been freshly generated with 10 year lifetime. I went back into the configuration, changed the EAP "SSL Server Certificate" to another one, saved, changed it back to my previously configured one, hit save again.
Now both WLAN and OpenVPN were connecting just fine.