Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRADIUS sync interfaces

    Scheduled Pinned Locked Moved
    pfSense Packages
    4
    4
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michaelschefczyk
      last edited by

      Dear All,

      Generally, I am very happy with FreeRADIUS in pfSense. In a two-location SOHO setting, I am using it for Wifi EAP-TLS ensuring that the same devices have access in both locations.

      To do so, I am using XMLRPC Sync to sync the configuration from the primary location to the secondary location. One thing has changed during the last few months which was no ideal for my use case:

      • Previously, the interfaces configuration was not included in the sync. That was good for my case, because the interfaces in the secondary location are different. The locations are connected via VPN and the IP addresses of the routers are different.

      • Currently, the interface configuration is included in the sync. That is bad in my case, because I need to change the interface configuration manually in the secondary location to revert the changes to the IP addresses every time I change a user in the primary location.

      Is there a way to avoid this? If this is not intended and in case I am not the only user affected: Could the developer please be so kind to consider adding a switch to control this behavior in the sync settings?

      Regards,

      Michael Schefczyk

      T 1 Reply Last reply Reply Quote 0
      • T
        Trey @michaelschefczyk
        last edited by

        Hi all,

        the new sync method is synchronising everything from freeradius. This destroyed our freeradius setup in multiple branches, as it overwrote all interfaces and all eap certificates in every sync host. We have about 7 branches with the freeradius deamon running and used the sync to sync only users and NAS/clients.

        Was this change really intended? For me this is more a bug as a feature…

        Could someone clarify this?

        Thanks for your help

        keyserK 1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate
          last edited by

          https://redmine.pfsense.org/issues/11802

          1 Reply Last reply Reply Quote 0
          • keyserK
            keyser Rebel Alliance @Trey
            last edited by

            @Trey said in FreeRADIUS sync interfaces:

            Hi all,

            the new sync method is synchronising everything from freeradius. This destroyed our freeradius setup in multiple branches, as it overwrote all interfaces and all eap certificates in every sync host. We have about 7 branches with the freeradius deamon running and used the sync to sync only users and NAS/clients.

            Was this change really intended? For me this is more a bug as a feature…

            Could someone clarify this?

            Thanks for your help

            If you used a common CA and Radius certificate (same thumbprint) across the different pfSense boxes, and created only a 127.0.0.1 interface in Radius, would it then not work again?
            You would obviously need to create a NAT rule for ports 1812/1813 on the interfaces where Radius should be present (pointing to 127.0.0.1)

            Love the no fuss of using the official appliances :-)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post