Hi Guys, Based on the packet capture, I believe the issue is related to iptables.
Could you please apply the following patch and restart the radiusd service? cd /usr/local/pf curl https://github.com/inverse-inc/packetfence/commit/299f55a13e21612f6de021726a041b9e994ea6e8.diff | patch -p1 bin/pfcmd service radiusd restart Please let me know if this resolves the issue. Regards, Fabrice Le mar. 16 déc. 2025 à 15:23, Martijn Langendoen <[email protected]> a écrit : > Hi, > > > > I installed 15.0 with the ISO file downloaded from packetfence. > > > > The local/unknown realm setup is in the manual. > > > > In my situation 1 had already setup and working wel 2 freeradius servers > for eduroam. In 11.2 and in 15.0 i set eduroam with my own freeradius > servers that proxied to the real eduroam servers. This always working wel.. > until i started with PF15.0 with the same setup as the working 11.2 of PF. > > > > Now my Aruba wifi controller uses the 2 freeradius servers en students > connecting wel. But i want is to do with PF so the helpdesk is seeing erros > or not from users. > > > > Met vriendelijke groet, > > *Martijn Langendoen* > Network Administrator > [email protected] > 0118654307 | 0683260904 > > > > Werkdagen: maandag t/m vrijdag > > > > Kousteensedijk 7 > 4331 JE Middelburg > Postbus 8004 > 4330 EA Middelburg > > > > <https://www.facebook.com/dezbnl> <https://www.instagram.com/dezbnl> > <https://nl.linkedin.com/company/dezbnl> > *dezb.nl* <https://www.dezb.nl/> > > > > *Van:* Madunich, Nicholas <[email protected]> > *Verzonden:* dinsdag 16 december 2025 19:36 > *Aan:* Martijn Langendoen <[email protected]>; > [email protected] > *CC:* Fabrice Durand <[email protected]> > *Onderwerp:* Re: [PacketFence-users] Eduroam not working in Packetfence > 15.0 > > > > *Opgelet:* Deze e-mail is afkomstig van buiten de organisatie. Klik niet > op links of open geen bijlagen tenzij je de afzender kent en weet dat de > inhoud veilig is. > > > > Martijn > > How did you install Packetfence 15.0 and what OS. I couldn't get local > realms to work or outside users proxied to the eduroam servers, you seem > to have gotten farther than I did. I used Rocky 8.10 and Debian 12 > installed from packages for my testing. > > > > Nick Madunich > > IT System Administrator > > (509)359-4964 > > *[email protected] <[email protected]>* > > > > > > > ------------------------------ > > *From:* Martijn Langendoen <[email protected]> > *Sent:* Tuesday, December 16, 2025 3:58 AM > *To:* [email protected] < > [email protected]> > *Cc:* Madunich, Nicholas <[email protected]>; Fabrice Durand < > [email protected]> > *Subject:* RE: [PacketFence-users] Eduroam not working in Packetfence > 15.0 > > > > You don't often get email from [email protected]. *Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification>* > > Hi, > > > > I swapped my 11.2 packetfence with a new build up 15.0 but i also notced > that the eduroam part i s not working. > > > > The local user that uses a known realm works but outside eduroam users > with unkown realms are not proxied to eduroam radius servers. > > > > > > > > Met vriendelijke groet, > > *Martijn Langendoen* > Network Administrator > *[email protected] <[email protected]>* > 0118654307 | 0683260904 > > > > Werkdagen: maandag t/m vrijdag > > > > Kousteensedijk 7 > 4331 JE Middelburg > Postbus 8004 > 4330 EA Middelburg > > > > <https://www.facebook.com/dezbnl> <https://www.instagram.com/dezbnl> > <https://nl.linkedin.com/company/dezbnl> > *dezb.nl <https://www.dezb.nl/>* > > > > *Van:* Madunich, Nicholas via PacketFence-users < > [email protected]> > *Verzonden:* woensdag 10 december 2025 20:16 > *Aan:* [email protected] > *CC:* Madunich, Nicholas <[email protected]> > *Onderwerp:* Re: [PacketFence-users] Eduroam not working in Packetfence > 15.0 > > > > *Opgelet:* Deze e-mail is afkomstig van buiten de organisatie. Klik niet > op links of open geen bijlagen tenzij je de afzender kent en weet dat de > inhoud veilig is. > > > > Here is a more detailed packet capture using Wireshark cli. > > > > Results from running: tshark -V -i any port 11812 > > > > Frame 1: 497 bytes on wire (3976 bits), 497 bytes captured (3976 bits) on > interface 0 > > Interface id: 0 (any) > > Interface name: any > > Encapsulation type: Linux cooked-mode capture (25) > > Arrival Time: Dec 10, 2025 10:19:15.744936649 PST > > [Time shift for this packet: 0.000000000 seconds] > > Epoch Time: 1765390755.744936649 seconds > > [Time delta from previous captured frame: 0.000000000 seconds] > > [Time delta from previous displayed frame: 0.000000000 seconds] > > [Time since reference or first frame: 0.000000000 seconds] > > Frame Number: 1 > > Frame Length: 497 bytes (3976 bits) > > Capture Length: 497 bytes (3976 bits) > > [Frame is marked: False] > > [Frame is ignored: False] > > [Protocols in frame: sll:ethertype:ip:udp:data] > > Linux cooked capture > > Packet type: Unicast to us (0) > > Link-layer address type: 1 > > Link-layer address length: 6 > > Source: PaloAlto_e0:80:01 (b4:0c:25:e0:80:01) > > Unused: 0000 > > Protocol: IPv4 (0x0800) > > Internet Protocol Version 4, Src: 192.168.240.30, Dst: 10.203.0.150 > > 0100 .... = Version: 4 > > .... 0101 = Header Length: 20 bytes (5) > > Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) > > 0000 00.. = Differentiated Services Codepoint: Default (0) > > .... ..00 = Explicit Congestion Notification: Not ECN-Capable > Transport (0) > > Total Length: 481 > > Identification: 0xd2da (53978) > > Flags: 0x0000 > > 0... .... .... .... = Reserved bit: Not set > > .0.. .... .... .... = Don't fragment: Not set > > ..0. .... .... .... = More fragments: Not set > > ...0 0000 0000 0000 = Fragment offset: 0 > > Time to live: 62 > > Protocol: UDP (17) > > Header checksum: 0xec09 [validation disabled] > > [Header checksum status: Unverified] > > Source: 192.168.240.30 > > Destination: 10.203.0.150 > > User Datagram Protocol, Src Port: 63570, Dst Port: 11812 > > Source Port: 63570 > > Destination Port: 11812 > > Length: 461 > > Checksum: 0x674d [unverified] > > [Checksum Status: Unverified] > > [Stream index: 0] > > Data (453 bytes) > > > > 0000 01 97 01 c5 f3 b8 57 ef 73 14 f7 e7 b2 b4 a3 e5 ......W.s....... > > 0010 a6 eb 13 c8 01 15 6e 6d 61 64 75 6e 69 63 68 32 ......nmadunich2 > > 0020 38 40 65 77 75 2e 65 64 75 06 06 00 00 00 02 1a *[email protected] > <[email protected]>*....... > > 0030 1b 00 00 00 09 01 15 73 65 72 76 69 63 65 2d 74 .......service-t > > 0040 79 70 65 3d 46 72 61 6d 65 64 0c 06 00 00 05 cd ype=Framed...... > > 0050 4f 1a 02 01 00 18 01 6e 6d 61 64 75 6e 69 63 68 O......nmadunich > > 0060 32 38 40 65 77 75 2e 65 64 75 50 12 2e 8c fb 09 *[email protected] > <[email protected]>*..... > > 0070 2f f7 0f 3e 64 8c 1b 8f 54 6c 30 99 66 02 1a 31 /..>d...Tl0.f..1 > > 0080 00 00 00 09 01 2b 61 75 64 69 74 2d 73 65 73 73 .....+audit-sess > > 0090 69 6f 6e 2d 69 64 3d 31 45 46 30 41 38 43 30 30 ion-id=1EF0A8C00 > > 00a0 30 32 33 36 45 35 32 30 39 37 44 32 37 43 43 1a 0236E52097D27CC. > > 00b0 14 00 00 00 09 01 0e 6d 65 74 68 6f 64 3d 64 6f .......method=do > > 00c0 74 31 78 1a 20 00 00 00 09 01 1a 63 6c 69 65 6e t1x. ......clien > > 00d0 74 2d 69 69 66 2d 69 64 3d 34 31 37 37 35 33 30 t-iif-id=4177530 > > 00e0 36 37 33 1a 13 00 00 00 09 01 0d 76 6c 61 6e 2d 673........vlan- > > 00f0 69 64 3d 38 37 32 04 06 c0 a8 f0 1e 57 11 63 61 id=872......W.ca > > 0100 70 77 61 70 5f 39 30 63 30 30 33 32 62 3d 06 00 pwap_90c0032b=.. > > 0110 00 00 13 05 06 00 01 54 4d 1a 23 00 00 00 09 01 .......TM.#..... > > 0120 1d 63 69 73 63 6f 2d 77 6c 61 6e 2d 73 73 69 64 .cisco-wlan-ssid > > 0130 3d 65 64 75 72 6f 61 6d 74 65 73 74 1a 25 00 00 =eduroamtest.%.. > > 0140 00 09 01 1f 77 6c 61 6e 2d 70 72 6f 66 69 6c 65 ....wlan-profile > > 0150 2d 6e 61 6d 65 3d 65 64 75 72 6f 61 6d 74 65 73 -name=eduroamtes > > 0160 74 1e 1f 65 34 2d 33 37 2d 39 66 2d 33 31 2d 38 t..e4-37-9f-31-8 > > 0170 63 2d 63 30 3a 65 64 75 72 6f 61 6d 74 65 73 74 c-c0:eduroamtest > > 0180 1f 13 32 36 2d 65 64 2d 66 62 2d 35 30 2d 31 38 ..26-ed-fb-50-18 > > 0190 2d 38 36 1a 0c 00 00 37 63 01 06 00 00 00 08 20 -86....7c...... > > 01a0 0e 43 4d 50 2d 44 43 2d 57 4c 43 30 31 bb 06 00 .CMP-DC-WLC01... > > 01b0 0f ac 04 ba 06 00 0f ac 04 bc 06 00 0f ac 03 bd ................ > > 01c0 06 00 0f ac 06 ..... > > Data: 019701c5f3b857ef7314f7e7b2b4a3e5a6eb13c801156e6d... > > [Length: 453] > > > > > > Nick Madunich > > IT System Administrator > > (509)359-4964 > > *[email protected] <[email protected]>* > > > ------------------------------ > > *From:* Madunich, Nicholas via PacketFence-users > <*[email protected] > <[email protected]>*> > *Sent:* Tuesday, December 9, 2025 3:06 PM > *To:* *[email protected] > <[email protected]>* > <*[email protected] > <[email protected]>*> > *Cc:* Madunich, Nicholas <*[email protected] <[email protected]>*> > *Subject:* Re: [PacketFence-users] Eduroam not working in Packetfence 15.0 > > > > Here is the result from: tcpdump -i any port 11812 -vv > > Domain has been anonymized to acme.com > > > > tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture > size 262144 bytes > > 14:16:17.442483 IP (tos 0x0, ttl 62, id 44986, offset 0, flags [none], > proto UDP (17), length 480) > > CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: > [udp sum ok] UDP, length 452 > > 14:16:22.442104 IP (tos 0x0, ttl 62, id 47041, offset 0, flags [none], > proto UDP (17), length 480) > > CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: > [udp sum ok] UDP, length 452 > > 14:16:27.442772 IP (tos 0x0, ttl 62, id 51153, offset 0, flags [none], > proto UDP (17), length 480) > > CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: > [udp sum ok] UDP, length 452 > > 14:16:32.443121 IP (tos 0x0, ttl 62, id 54172, offset 0, flags [none], > proto UDP (17), length 480) > > CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: > [udp sum ok] UDP, length 452 > > > > Thanks, > > Nick Madunich > > IT System Administrator > > (509)359-4964 > > *[email protected] <[email protected]>* > > > ------------------------------ > > *From:* Fabrice Durand via PacketFence-users > <*[email protected] > <[email protected]>*> > *Sent:* Friday, December 5, 2025 12:27 PM > *To:* *[email protected] > <[email protected]>* > <*[email protected] > <[email protected]>*> > *Cc:* Fabrice Durand <*[email protected] <[email protected]>*> > *Subject:* Re: [PacketFence-users] Eduroam not working in Packetfence 15.0 > > > > Hi Nick, > > > > Could you please run a packet capture on the server interface that is > supposed to receive the RADIUS requests? Please filter the capture on port > 11812. > > > > Thanks, > > Fabrice > > > > Le ven. 5 déc. 2025 à 15:15, Madunich, Nicholas via PacketFence-users > <*[email protected] > <[email protected]>*> a écrit : > > I am reaching out to see if anyone has tested eduroam in Packetfence 15.0 > and if it's working for them? From my testing the authentication requests > aren't being forwarded to the eduroam service. > > > > I have tried both an upgrade from 14.1 where eduroam is working and a > fresh install of Packetfence 15.0. When attempting to authenticate, > nothing shows in the audit logs of the web GUI or the radius and > radius-eduroam log files on the server. > > > > Troubleshooting > > All my testing was done using the same IP and NAT where eduroam works in > 14.1 so it's not an issue with my internal network. > > All the required services are running and I see no errors that indicate > there's an issue in log files > > tcpdump does show the eduroam traffic from my WLC to the server over port > 11812. > > Running raddebug on radiusd-eduroam.sock and radiusd.sock shows no > authentication attempts. > > I have reproduced this behavior in both Debian 12 and Rocky 8.10 > installing from packages, I haven't tried the ZEN or ISO install. > > > > I apologize that I don't have more information to share, unfortunately I > can't find any authentication attempts or errors in the log files to help > me troubleshoot further. > > > > > > Nick Madunich > > IT System Administrator > > (509)359-4964 > > *[email protected] <[email protected]>* > > > > _______________________________________________ > PacketFence-users mailing list > *[email protected] > <[email protected]>* > *https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users>* > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
