Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Freeradius: after upgrade from 0.15.10 to 0.15.10_1: error during authentication: Operation timed out

    Scheduled Pinned Locked Moved General pfSense Questions
    39 Posts 8 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luca De Andreis
      last edited by Luca De Andreis

      Hi all,

      we use several VPN heads with PfSense plus 23.05.1 with professional license, yesterday I upgraded on one server the version of radius package from 0.15.10 to 0.15.10_1 and problems appeared immediately.

      We use freeradius with PIN +TOTP authentication (Google auth), fully functional in version 0.15.10, no modifications made other than simply upgrading to 0.15.10_1

      The problem is this:

      /diag_authentication.php: Error during RADIUS authentication : Operation timed out

      Even simulating authentication, previously instantaneous, waits a llong time and then goes into timeout.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Luca De Andreis
        last edited by

        @Luca-De-Andreis not using anything with pin+totp, but just updated and not having any issues

        Sep 26 02:43:32 	radiusd 	79670 	(4) Login OK: [JohnsIphone/<via Auth-Type = eap>] (from client uap-pro port 0 cli DC-B5-4F-E0-CB-0A) 192.168.2.2 Auth-Type: eap
        

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        L 1 Reply Last reply Reply Quote 0
        • L
          Luca De Andreis @johnpoz
          last edited by

          @johnpoz
          I understand... but I use the PIN + TOTP method with Freeradius, I tried on n.3 PfSense plus and the problem occurs on all systems

          On 0.15.10 works perfectly

          L 1 Reply Last reply Reply Quote 0
          • L
            Luca De Andreis @Luca De Andreis
            last edited by

            @Luca-De-Andreis

            I understand...
            after the upgrade ALL FreeRadius configuration was completely lost:

            144368e8-d79a-4319-b2c0-7522d754f442-immagine.png

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Luca De Andreis
              last edited by johnpoz

              @Luca-De-Andreis well that would explain the problem.. I just updated mine to the 10_1 and did not have that problem.. Kind of hard to work without any config.

              my guess is you didn't have this checked?

              freerad.jpg

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • L
                Luca De Andreis
                last edited by

                Sure:

                99cda9f0-9465-41d1-8b72-0005268b4627-immagine.png

                johnpozJ L 2 Replies Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @Luca De Andreis
                  last edited by

                  @Luca-De-Andreis well that not good if you had that set.. Not sure what could of gone wrong? I had no issues with upgrade on my 23.05.1 box.. but it happened on 3 different installs? Ugghhhh

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  L 2 Replies Last reply Reply Quote 0
                  • L
                    Luca De Andreis @Luca De Andreis
                    last edited by Luca De Andreis

                    @Luca-De-Andreis

                    Yes confirmed. On three different devices (I didn't initially check the Freeradius configuration and so in the immediate instance I didn't realize it was completely zeroed out).

                    The problem occurred on both VM-KVM and Netgate 6100, same issue.

                    1 Reply Last reply Reply Quote 0
                    • L
                      Luca De Andreis @johnpoz
                      last edited by

                      @johnpoz

                      I just updated a new PfSense 23.05.1 server (Freeradius to 0.15.10_1)
                      This time I did a full backup first.

                      I confirm that after the Freeradius upgrade the configuration was completely deleted.

                      Restore configuration: ok

                      1 Reply Last reply Reply Quote 0
                      • L
                        Luca De Andreis @johnpoz
                        last edited by

                        @johnpoz

                        I have now updated FreeRadius to a fifth PfSens 23.05.1
                        Same problem.

                        Now I proceed with backup and restore of the configuration and off I go :)

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @Luca De Andreis
                          last edited by

                          @Luca-De-Andreis and you validated before the update that it was checked to no wipe the config?

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          L 1 Reply Last reply Reply Quote 0
                          • L
                            Luca De Andreis @johnpoz
                            last edited by

                            @johnpoz

                            Yes

                            d1464a93-bf2c-4135-81e3-c13b4606be00-immagine.png

                            2f1c269d-2842-4812-910d-e95bacb8cd88-immagine.png

                            This PfSense 23.05.1 server was updated yesterday (I mean the radius package) and had the same problem (I didn't notice yesterday that it had lost the configuration).
                            Then a VM level restore was done and it was back to how it was before the upgrade.
                            You can see the Freeradius configuration and the version that was before the upgrade.

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator @Luca De Andreis
                              last edited by johnpoz

                              @Luca-De-Andreis well that is good that you can rollback.. Maybe someone like @stephenw10 or @Derelict could help us figure out what is going on then.

                              I was not able to reproduce the issue.. But since you have seen it on multiple boxes - I will look in redmine to see if anything has been reported..

                              edit:
                              This looks like the problem

                              https://redmine.pfsense.org/issues/14806

                              Looks like should check your actual xml file - and possible simple solution is to just go in and save the settings, and then recheck your xml to see if the save setting is there.

                              edit2:

                              So I just downloaded the xml for package manager - and looking through.. I find this in mine

                              <freeradiussettings>
                              		<config>
                              			<varsettingsmaxrequests>1024</varsettingsmaxrequests>
                              			<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
                              			<varsettingscleanupdelay>5</varsettingscleanupdelay>
                              			<varsettingsallowcoredumps>no</varsettingsallowcoredumps>
                              			<varsettingsregularexpressions>yes</varsettingsregularexpressions>
                              			<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
                              			<keep_settings>on</keep_settings>
                              

                              Notice the keep_settings is set to on... I would look in your xml and validate that is there..

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              L 1 Reply Last reply Reply Quote 0
                              • L
                                Luca De Andreis
                                last edited by Luca De Andreis

                                This is the section (in the above server)


                                <freeradiussettings>
                                	<config>
                                		<varsettingsmaxrequests>1024</varsettingsmaxrequests>
                                		<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
                                		<varsettingscleanupdelay>5</varsettingscleanupdelay>
                                		<varsettingsallowcoredumps>no</varsettingsallowcoredumps>
                                		<varsettingsregularexpressions>yes</varsettingsregularexpressions>
                                		<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
                                		<varsettingslogdir>syslog</varsettingslogdir>
                                		<varsettingsauth>yes</varsettingsauth>
                                		<varsettingsauthbadpass>no</varsettingsauthbadpass>
                                		<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
                                		<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
                                		<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
                                		<varsettingsstrippednames>no</varsettingsstrippednames>
                                		<varsettingshostnamelookups>no</varsettingshostnamelookups>
                                		<varsettingsmaxattributes>200</varsettingsmaxattributes>
                                		<varsettingsrejectdelay>1</varsettingsrejectdelay>
                                		<varsettingsstartservers>5</varsettingsstartservers>
                                		<varsettingsmaxservers>32</varsettingsmaxservers>
                                		<varsettingsminspareservers>3</varsettingsminspareservers>
                                		<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
                                		<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
                                		<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
                                		<varsettingsmotpenable></varsettingsmotpenable>
                                		<varsettingsmotptimespan></varsettingsmotptimespan>
                                		<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
                                		<varsettingsmotpchecksumtype>sha1</varsettingsmotpchecksumtype>
                                		<varsettingsmotptokenlength></varsettingsmotptokenlength>
                                		<varsettingsenablemacauth></varsettingsenablemacauth>
                                		<varsettingsenableacctunique></varsettingsenableacctunique>
                                	</config>
                                </freeradiussettings>
                                

                                I've not a voice:

                                <keep_settings>on</keep_settings>

                                1 Reply Last reply Reply Quote 0
                                • L
                                  Luca De Andreis @johnpoz
                                  last edited by

                                  @johnpoz

                                  but... if I save the configuration (with no modify):


                                  <freeradiussettings>
                                  <config>
                                  <varsettingsmaxrequests>1024</varsettingsmaxrequests>
                                  <varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
                                  <varsettingscleanupdelay>5</varsettingscleanupdelay>
                                  <varsettingsallowcoredumps>no</varsettingsallowcoredumps>
                                  <varsettingsregularexpressions>yes</varsettingsregularexpressions>
                                  <varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
                                  <keep_settings>on</keep_settings>


                                  1 Reply Last reply Reply Quote 0
                                  • T
                                    tman222
                                    last edited by tman222

                                    I was also affected by this issue. Upgraded the freeradius package to 0.15.10_1 on two 23.05.1 machines yesterday and both lost the freeradius configuration in the process.

                                    Got back up and running quickly though:

                                    1. Restored a recent backup (configuration). Once firewall had finished rebooting all freeradius configuration settings were back. Confirmed everything was working.
                                    2. Went into freeradius settings, unchecked "Save settings after deletion", and saved settings. The re-checked "Save settings after deletion" and saved again. Not sure if this step was necessary after upgrading the package, but I performed it just in case.
                                    3. Downloaded a configuration backup and can see that the <keep_settings> tag is now there under the freeradius configuration settings.
                                    johnpozJ 1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator @tman222
                                      last edited by

                                      I take it I could not reproduce because not all that long ago, I had changed all my certs for my eap-tls setup, and hit save settings at some point..

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      GertjanG 1 Reply Last reply Reply Quote 0
                                      • GertjanG
                                        Gertjan @johnpoz
                                        last edited by

                                        Somewhat anti-productive, but I found no issues while upgrading to "_1".

                                        I've found this subject the moment I had hit "upgrade" ....
                                        I knew I had a fresh backup of the config, as I have these created twice a day.

                                        But nothing happened : all is well 😠 ..... euh 😊

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        1 Reply Last reply Reply Quote 0
                                        • T
                                          tman222
                                          last edited by tman222

                                          I checked some older configuration backup files as well and the <keep_settings> tag was not present. I assume this must be why the freeradius configuration settings were lost during the package upgrade to 0.15.10_1.

                                          @Gertjan @johnpoz - is the <keep_settings> tag present in all your configuration back up files (i.e. in ones created prior to the package upgrade)?

                                          GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
                                          • GertjanG
                                            Gertjan @tman222
                                            last edited by Gertjan

                                            @tman222

                                            [23.05.1-RELEASE][root@pfSense.bhf.net]/root: grep 'keep_settings' /conf/config.xml
                                                                            <keep_settings>on</keep_settings>
                                            

                                            Yep.

                                            edit : that is, somewhere below

                                            <freeradiussettings>
                                                                   <config>
                                            

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.