Multiple PfSense accesing one Freeradius server
-
Hello
Maybe some of you have the same network topology.
Please see below the drawing
I have 4 pfsenses labeled A,B,C,M
Behind M I setup a Freeradius server on a dedicated machine.
When I try to identify a user from M to the Freeradius it work ok
but when I try to identify a user from A, B or C it failed?
I have done the NAT redirection on M to have port 1812 and 1813 point from the WAN to the server.
Any idea will be great
Thanks
-
@PierreFrench Have you set up A, B & C as a NAS/Clients on the Freeradius server, if you have are the shared secrets correct ?
If you run radsniff-x on the cli of the Freeradius server that might give you some hints why it isn't working when trying to auth from A, B & C.
-
@NogBadTheBad
Thanks, I am sure it's something related to the setup of the NAS part versus the remote firewall part
On the NAS and Pfsense setting pages there is the following:Populating the NAS side with the share secret and the NAS IP/host with on of th value found from the pfsense drop down NAS IP attribute list,, that list will be different of each A/B/C firewalls
Do I miss something else or misunderstand the fields?????
Thanks
Pierre -
How do you have it configured for the 'M' pfSense? If should be no different for the others unless you are NATing the source IP of the traffic perhaps. Which you probably shouldn't be.
What error is shown in pfSense? What error is shown in the Radius server?
-
Did you try running radsniff -x on the cli of your freeradius box?