Bug #10595
closed
RADIUS authentication server incorrectly processing "Accept" messages
0%
Description
The internal RADIUS authentication mechanism is failing to acknowledge received "Accept" messages from a RADIUS server in 2.4.5-RELEASE. As a result all systems relying on the authentication mechanism are rejecting successful authentication requests.
The attached tcpdump screenshot shows the pfSense router (WAN - 192.168.1.30) attempting to authenticate against the RADIUS server (192.168.1.6) via the "Diagnostics/Authentication" tool. We see a successful reply message, but the pfSense box retries for a total of 3x attempts. (For the purpose of network communications flow information, the pfSense box is not being used to manage traffic on the 192.16.1.x network and has a local LAN of 192.168.10.x)
The second screenshot shows the "Diagnostics/Authentication" tool reporting an authentication failure, and the third screenshot shows the associated "system log" entry claiming that no response was received.
In a last ditch effort an "any/any" UDP rule was configured for testing on the WAN interface to determine if the stateless nature of UDP was causing replies to be blocked. No success. Additionally, there were never any firewall log entries reporting traffic being blocked pre/post rule modifications.
- Environment Details -
VMWare 6.5.0 Update 2
VMXNet3 nics x2
- Packages -
Open-VM-Tools v10.1.0_2,1
openvpn-client-export v1.4.23
Files
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Rejected
- Priority changed from High to Normal
I can't reproduce this here. There must be some other factor about your configuration or environment causing the packets to be dropped/rejected, but this site is not for support or diagnostic discussion so it's not the place to investigate your issue.
For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .
See Reporting Issues with pfSense Software for more information.