FreeRadius3…problems
-
Hey Guys!
I'm new here and working with a new pfSense in our voluntary Fire Brigade in Austria, actually everything works perfect till now (Firewall, Routing, 5 physical divided networks, Captive Portal for WLAN,…)But now i tried to use the Package for the freeRadius3 Server, Installation was no Problem and also the first initiating and test with radtest local on the pfSense worked good. But now i'm not able to test it from outside with the NTRadPing Test Utility: no response from Server , and i also tried it on one AP...no chance
I configured the freeRadius to listen on all Interfaces on all 3 Ports (1812,1813,1816), to avoid problems. The Interface for my Access Points is 192.168.51.254 (tried also this IP, no change)
Next i configured the Client's: First my Notebook on IP 192.168.51.51 and then my UniFi Pro Accesspoint on IP: 192.168.51.56, am i on a right way with take a individual, random Client Shortname? The AP's device Name is his MAC and i'm not allowed to use ":" in the short Name...
Next thing was to create a test user: just configured username and password...to avoid problemsThe freeRadius Server is Online, and as i see in the log Files working properly, there are no infomations of my devices trying get a connection. I exported my configuration files and made also some Screenshots for you, it would be great if this will work...I'm quite sure i just made the problem by myself ::)
I was not sure if i have to configure a firewall Rule for the Radius Server, so i just made one for Source and one for Destination on Port 1812...
users.txt
clients.conf.txt
radiusd.conf.txt -
"I was not sure if i have to configure a firewall Rule for the Radius Server"
Where is your firewall rule - please post.
-
Hello,
Sorry just forgot about this…
Radius is here an Alias for Port 1812,1813, 1816Actually i was also not sure if i need the rule for Destination: LAN4_SURFLAN, i don't think so?
thank you
-
Remove the source port in the rules.
-
Source port for sure is wrong.. You don't know what the source port would be.. That should be any.. And dest should be the Interface address not "net"
So like delete that top rule, 2nd rule remove the source port setting and set dest address to lan4_surflan ADDRESS.
-
… or, an alternative would be :
Open up this LAN interface entirely (for IPv4 - IPv6 - ICMP/UDP/TCP - everything) and have your Radius work first.
Remember : this is probably an original OPTx interface so the hidden final rule == "BLOCK ALL".
Then, and only then : validate your rules one by one. Test them all. Example : as you can see, your first rule and second rule have 0/0 as a "score" : they are not used in the "decision chain" == the rule didn't make up an "match => accept => pass" so its …. useless or without effect. -
Hey,
Thank you guys! The first 2 posts fixed my problem now the Radius works perfect!Is there actually any point against the Radius Server working as a paket on the pfsense?
I mean a security thing, or possible problems with the Firewall etc….thank you
The 3 blocking rules are just here to divide my Subnet from the others, normally there should be no match...it's just the point that there is no possibility to access the others