Hi People, I hope you can shed some light on a problem I am
having with freeradius acting as a proxy. As you can see the packet below has a
corrupt UDP header ( Checksum: 0x5b10 (incorrect, should be
0x9f2d) ). If I use radtest then the packet is fine and I get authenticated,
the problem only occurs when the request is proxied out, all of the packets
forwarded to the secondary radius server have the UDP checksum error, I have
tried the latest version of freeradius with exactly the same results, so I have
gone back to the version supplied with RedHat, on a fresh build. Versions are as follows: radiusd: FreeRADIUS Version 1.0.1,
for host , built on Nov 26 2004 at 10:48:39 OpenSSL 0.9.7g 11 Apr 2005 Linux <MY HOST NAME>
2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 i686 i386 GNU/Linux This is RedHat ES version 4 Please let me know if you need any further information Regards Graham Frame 12 (197 bytes on wire, 197 bytes captured) Arrival Time: Jun 17, 2005
11:19:35.560228000 Time delta from previous packet:
4.660183000 seconds Time since reference or first frame:
111.704161000 seconds Frame Number: 12 Packet Length: 197 bytes Capture Length: 197 bytes Protocols in frame: eth:ip:udp:radius:eap Ethernet II, Src: 00:12:79:3c:9c:61, Dst: 00:00:0c:07:ac:14 Destination: 00:00:0c:07:ac:14
(All-HSRP-routers_14) Source: 00:12:79:3c:9c:61 (HewlettP_3c:9c:61) Type: IP (0x0800) Internet Protocol, Src Addr: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX),
Dst Addr: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP
0x00: Default; ECN: 0x00) 0000 00.. =
Differentiated Services Codepoint: Default (0x00) .... ..0. =
ECN-Capable Transport (ECT): 0 .... ...0 =
ECN-CE: 0 Total Length: 183 Identification: 0x0005 (5) Flags: 0x04 (Don't Fragment) 0... = Reserved
bit: Not set .1.. = Don't
fragment: Set ..0. = More
fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xdfd5 (correct) Source: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) Destination: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) User Datagram Protocol, Source port: 1814 (1814) Destination port: radius (1812) Length: 163 Checksum: 0x5b10 (incorrect, should be
0x9f2d) Radius Protocol Code: Access Request (1) Packet identifier: 0x1 (1) Length: 155 Authenticator:
0x22840C6BAE7ECB8E4FE8A8A3773B1A08 Attribute value pairs t:User Name(1)
l:8, Value:"graham"
User-Name: graham t:Framed MTU(12)
l:6, Value:1400 t:Called Station
Id(30) l:16, Value:"000e.842e.8230"
Called-Station-Id: 000e.842e.8230 t:Calling Station
Id(31) l:16, Value:"0040.96a7.f8d2"
Calling-Station-Id: 0040.96a7.f8d2 t:Service Type(6)
l:6, Value:Login(1)
Service-Type: Login (1) t:Message
Authenticator(80) l:18, Value:C77E1EE1C2A7E98B00E464AB0DB0DE48 t:EAP Message(79)
l:34
Extensible Authentication Protocol
Code: Response (2)
Id: 2
Length: 32
Type: Identity [RFC3748] (1)
Identity (27 bytes): [EMAIL PROTECTED] t: t: t:NAS IP
Address(4) l:6, Value:172.23.1.201
Nas IP Address: 172.23.1.201 (172.23.1.201) t:NAS
identifier(32) l:8, Value:"ap1200" t: |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html