External AP bridged to External Radius server

yelt

Thanks to reply! :-X
There's no radius-related packets in status>systemlogs & firewall :-\ (all packets displayed)
Even if I set the default port to 1812.
I strongly suspect the bridge to not foward radius packets  ???
And status>interfaces indicates me : "Bridge (bridge0) learning" as usual.
So, WTH ??? ;D
I don't know what I could forget :-[

jeroen234

if the pfsense bridge was not forwarding them then you found blocked or droped packets on the firewall tab
maybe youre firewall rules are wrong ???

opt1 interface accept * * * * * *    (opt is linkt with lan so on lan you set the rules)
rules are seen from pfsense as incoming from that interface
and if a rule is found then rule checking is halded
and radius uses 1812 for access and for acounting 1813 and for radius proxy 1814

hoba

Please show us your firewallrules. Maybe you use sourceports in your firewallrules?

yelt

Nop! No source port on opt1, the only rule I got is :
(Pass) *  PrivateNET  *  PrivateNET  *  *
I'm just blocking & logging IPv6 before. That's all,
and I can't see any radius packets droppeds.
So, what can it be ?  ;D

hoba

We just found a problem with wireless interfaces and bridges and committed a fix. Please upgrade to the newest snapshot in about 2h from now and retest.

yelt

Hey your fast!  ;D Thanks a lot i will try it as soon as possible! ;)

yelt

Tested with pfSense-Full-Update-1.0.1-SNAPSHOT-02-21-2007.tgz 2007-Feb-25 16:09:01 without no changes  :-[

I'm updating now to pfSense-Full-Update-1.0.1-SNAPSHOT-02-27-2007.tgz 2007-Feb-28 13:04:43 :)

Updated! And nothing to do, it doesn't work :-\ I have many doubts now, I can't see where's the problem come from  ???
On the first hand, I suspect my wireless AP to not sending radius packets on the good subnet, and on an other hand I think
that it's the bridge which don't work as expected  :-X

Thanks a lot for your help, I will test a last thing :
shorcut directly opt1 and lan to know if its the bridge or not :) (Didn't know why I think to this only now and not before ;D )

PC_Arcade

yelt, did you get anywhere with your testing?

I'm having a similar problem

yelt

Hi!

I'm giving news ;)
So, now, it works! :o
I don't know what have changed since my last test, but everything seems to be like it was before… ???
But now...it works ;D

Historically (don't know if its English ^^'), theses are the steps I've done :
0/ Initial test (Didn't work)
1/ Upgraded PfSense to pfSense-Full-Update-1.0.1-SNAPSHOT-02-27-2007 (Didn't work even after reboot)
2/ Test by plugging OPT1 directly on my switch plugged to LAN interface.  (Didn't work)
3/ Replug OPT1 to OPT1.  (Forget to test)
4/ Backup all AP settings/ Restore default settings/ Downgraded firmware/ Restore default settings(again)/ Upgraded firmware/ Restore AP settings  (Tested ==> Didn't work ...)
5/ Shutdown everything.
6/ Start everything, shutdown indepedants firewalls (Forget to test)
7/ Start independants firewalls (Forget to test)
8/ After 2 days, I test everything : AP works  :o ???

So, as you can see, I don't know what may have changed between 0/ and 8/.
I didn't have changed the settings : my AP is set like before, my server is in the same configuration too, and my PfSense box have the same settings too like before!! :-
The only thing that have changed is the version of the SNAPSHOT of PfSense, so maybe the PfSense team is for something in my lucky adventure  ;D :D So : thanks a lot again! ;D

Hoping this can help you! ;)
If you have any question don't hesitate  :P

Edit> I just want to specify something : when I say "Test", I want to say that I've setup a packet capture software directly on my radius server, so I can see what packets CAN reach my radius server :) And when I say that my test "didn't work" I what to talk about radius packet ACCES-REQUEST, that's all  ;)

Justinw

Kill radiusd in status > services, start it again via the shell using /usr/local/etc/raddb/radiusd -x, I believe that is how you start radius in debugging mode.  There is no need to sniff when radius will tell you if it gets anything.  you may have to execute it with an X in caps though, I don't remember.  But ocassionally radius will recieve packets but ignore them, most commonly when it doesn't feel that the incoming packet is from a valid client device.  It sounds like you got it fixed, but this is a much easier way of troubleshooting radius for future reference.