Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] [1.2.3RC3] Radius problem when request pass thru pfSense…

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nothing_fr
      last edited by

      Hi,

      I actually have a problem with my pfSense Installation, here it is :

      1. First case, on left: my Wifi AP is on my LAN network, when the AP made request to the Radius server (on my MZ Network) the server (2003 Server + IAS) give an error : "The Remote Authentication Dial-In User Service (RADIUS) request was not properly formatted."

      2. Second case, on right: my Wifi AP is on the same network than my Radius server, everything is OK, my users can connect (but on the wrong network)

      Everything was OK for the first case but since I have upgraded to pfSense 1.2.3RC-3, the problem appeared… any ideas ? or a workaround ? (not the one to stay with the AP on my MZ network ;) )

      thx !!! (and excuse me for my bad english!)

      1 Reply Last reply Reply Quote 0
      • T
        themat
        last edited by

        Hi,
        Nice graph ;-)

        Are you sure that your NAT rules are OK, maybe a problem occured during upgrade ?
        You can activate the logging feature of the rule and monitor the system log to see if it is triggered…
        Does the radius server see the AP ?
        Are there any interesting lines in the pfSense system log ?
        Are there any interesting lines in the radius server log ?
        Are there any interesting lines in the wifi ap system log ?
        Lots of questions... maybe you could tell us what debugging actions did you take and what are your conclusions at this point?

        Note: Just a comment a little out of topic, but i'm quite perplex with your setup, because, i would have put the radius server in the lan and the wifi ap in the dmz... don't you ?
        A radius server contains very sensitive informations, so it should be in the "safe area", and a wifi ap is (for me) a network security hole, so it should be in the " not safe area".

        Bye.

        Mat

        1 Reply Last reply Reply Quote 0
        • N
          nothing_fr
          last edited by

          ok, I've solved my problem with disabling "Firewall Scrub" in "System: Advanced functions".

          Everything work well now, thanks for your help…

          @themat : to help you understand my network architecture, here is my full network diagram :

          1 Reply Last reply Reply Quote 0
          • valnarV
            valnar
            last edited by

            What did you use to make that diagram?  It's very nice.

            1 Reply Last reply Reply Quote 0
            • N
              nothing_fr
              last edited by

              Omnigraffle 5 (http://www.omnigroup.com/applications/omnigraffle/ - Mac only)

              1 Reply Last reply Reply Quote 0
              • X
                xsmurf
                last edited by

                Just curious, which stencil are you using? I can't find it anywhere on Graffletopia :/

                Merci :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.