https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162014-12-27T11:26:22ZpfSense bugtrackerpfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163302014-12-27T11:26:22ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li></ul><p>Just tried this and I'm seeing the same thing against FreeRADIUS2. The IPv6 RADIUS request never leaves the client host if it's 2.2. The client 2.2 host and the RADIUS server have connectivity to each other, can ping6, etc, but a RADIUS request using IPv6 never leaves. IPv4 works fine.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163312014-12-27T11:46:14ZKill Bill
<ul></ul><p>Yep, it just seems to vanish somewhere. :) I deleted the client on the Windows server, and nothing logged. normally, you'd get <em>"A RADIUS message was received from the invalid RADIUS client IP address..."</em> error since the client is not authorized (and you get exactly that when you try via IPv4) - but as you said, with IPv6 no request reaches the server.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163352014-12-27T12:58:21ZErmal Luçieri@pfsense.org
<ul></ul><p>libradius is v4 only for now.<br />Hence the issue, i think this should be pushed post 2.2 to really be fixed.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163372014-12-27T13:06:06ZKill Bill
<ul></ul><p>Ermal Luçi wrote:</p>
<blockquote>
<p>Hence the issue, i think this should be pushed post 2.2 to really be fixed.</p>
</blockquote>
<p>Well, whatever is needed... however, this should be noted somewhere in the GUI (or reject IPv6 input), plus if you put a hostname there, it should filter out AAAA records when resolved because otherwise it just blackholes the requests as well.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163402014-12-27T17:32:16ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.2</i> to <i>2.2.1</i></li></ul><p>FYI- This was the same on pfSense 2.1. It doesn't send out IPv6 RADIUS requests either. So at least it's not a regression.</p>
<p>This can probably be nudged off to at least 2.2.1 for that reason.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=163432014-12-27T21:46:01ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Affected Version</strong> changed from <i>2.2</i> to <i>All</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=170722015-01-29T17:40:42ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> changed from <i>2.2.1</i> to <i>2.2.2</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=179382015-04-02T01:23:39ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> changed from <i>2.2.2</i> to <i>2.2.3</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=185832015-06-01T18:27:12ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> changed from <i>2.2.3</i> to <i>2.3</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=210752015-09-22T01:17:33ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> changed from <i>2.3</i> to <i>Future</i></li></ul><p>The underlying RADIUS pieces still don't support IPv6.</p>
<p>I believe this is the root cause of this issue. <br /><a class="external" href="https://bugs.php.net/bug.php?id=59619">https://bugs.php.net/bug.php?id=59619</a></p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=258892016-03-28T13:33:59ZJim Thompsonjim@netgate.com
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=316292017-02-18T15:51:38ZKill Bill
<ul></ul><p>After wasting my time once again with hitting the same issue and seeing the total ignorance of the issue by PHP devs, I'd say IPv6 should be refused as input at least.</p>
<p><a class="external" href="https://github.com/pfsense/pfsense/pull/3555">https://github.com/pfsense/pfsense/pull/3555</a></p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=605792022-04-21T12:39:21ZRenato Botelhorenato@netgate.com
<ul><li><strong>Assignee</strong> deleted (<del><i>Renato Botelho</i></del>)</li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=627502022-09-01T11:59:39ZChristian McDonaldcmcdonald@netgate.com
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Christian McDonald</i></li><li><strong>Target version</strong> changed from <i>Future</i> to <i>CE-Next</i></li><li><strong>Plus Target Version</strong> set to <i>Plus-Next</i></li><li><strong>Release Notes</strong> set to <i>Default</i></li></ul><p><a class="external" href="https://gitlab.netgate.com/pfSense/pfSense/-/commit/5f9666a1b3a81f289c7c02954f9f92d3b989a346">https://gitlab.netgate.com/pfSense/pfSense/-/commit/5f9666a1b3a81f289c7c02954f9f92d3b989a346</a></p>
<p>RADIUS authentication now supports IPv6.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=627962022-09-06T12:08:05ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>New</i></li></ul><p>The UI allows adding the IPv6 RADIUS server after that change but it does not appear to be working from PHP auth. No IPv6 packets are sent to the RADIUS server.</p>
<p>The RADIUS server is listening on IPv6 and accepts and authenticates test connections using <code>radtest</code>, so it appears there is still something left to do on the PHP side.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=628002022-09-06T13:42:48ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.7.0</i></li><li><strong>Start date</strong> deleted (<del><i>12/27/2014</i></del>)</li><li><strong>Plus Target Version</strong> changed from <i>Plus-Next</i> to <i>22.11</i></li></ul><p>Tried it again after going over all the rules and such on both sides and it worked so it must have been in my setup.</p>
<p>Not sure why I never saw the packets leave or states made at first, though, but it's working now and I see two-way traffic.</p> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=632332022-10-11T14:41:18ZJim Pingle
<ul><li><strong>Plus Target Version</strong> changed from <i>22.11</i> to <i>23.01</i></li></ul> pfSense - Feature #4154: Support for RADIUS authentication over IPv6https://redmine.pfsense.org/issues/4154?journal_id=679812023-06-15T18:58:30ZJim Pingle
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Feature</i></li><li><strong>Subject</strong> changed from <i>RADIUS authentication not working over IPv6</i> to <i>Support for RADIUS authentication over IPv6</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li><li><strong>Affected Version</strong> deleted (<del><i>All</i></del>)</li><li><strong>Affected Architecture</strong> deleted (<del><i>All</i></del>)</li></ul>