RADIUS authentication not working over IPv6
Following https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory - this does not work if the RADIUS server is specified as IPv6 (whether FQDN or IP does not matter). Authentication works as soon as IPv4 address is specified for the RADIUS server. (Tested on latest 2.2 snapshot, though I recall this pretty much never worked even with 2.1.x).
#1 Updated by Jim Pingle over 5 years ago
- Status changed from New to Confirmed
Just tried this and I'm seeing the same thing against FreeRADIUS2. The IPv6 RADIUS request never leaves the client host if it's 2.2. The client 2.2 host and the RADIUS server have connectivity to each other, can ping6, etc, but a RADIUS request using IPv6 never leaves. IPv4 works fine.
#2 Updated by Kill Bill over 5 years ago
Yep, it just seems to vanish somewhere. :) I deleted the client on the Windows server, and nothing logged. normally, you'd get "A RADIUS message was received from the invalid RADIUS client IP address..." error since the client is not authorized (and you get exactly that when you try via IPv4) - but as you said, with IPv6 no request reaches the server.
#4 Updated by Kill Bill over 5 years ago
Ermal Luçi wrote:
Hence the issue, i think this should be pushed post 2.2 to really be fixed.
Well, whatever is needed... however, this should be noted somewhere in the GUI (or reject IPv6 input), plus if you put a hostname there, it should filter out AAAA records when resolved because otherwise it just blackholes the requests as well.