RADIUS stopped working for WebGUI logins

jackyaz

Hi,

I had RADIUS set up and all was working well then this morning I noticed I could no longer login and even the local admin account takes an age to sign in. Once I got signed in, I found log entries that the RADIUS server wasn't responding correctly.

My setup is currently pfSense double-NATed behind another router while I test it out, with the RADIUS server on my normal LAN, but as far as pfSense is concerned, on its WAN. I use Microsoft NPS as my RADIUS Server. Originally I used the RADIUS Client IP as the one the main router sees and this worked. However, when I noticed the problem this morning, the NPS logs recorded that the packets were coming from the IP of the router, rather than pfSense's own IP, which is weird. After changing the Client IP in NPS it works again, but I'm curious why the source address changed.

When I run a traceroute from pfSense to the RADIUS Server, it does show it hitting the router and going back. There is a switch between pfSense and the router, so I'm not sure why the router is involved at all.

Does anyone know where I can start looking to troubleshoot this? I suspect it's only a problem while I'm testing things, as the router will be replaced by pfSense moving the RADIUS Server onto pfSense's LAN, but I'd like to explore why it changed.

Thanks,

Jack

NogBadTheBad

@jackyaz login via ssh and run radsniff -x you may see something there.