[strongSwan] Radius Disconnect-Request not working
Banan Aburrobb
aburrobb at gmail.com
Thu Nov 21 10:33:32 CET 2013
Hello,
I'm trying for sometime now to get this to work with no luck.
the details as below:
strongswan version: 5.1.0
freeradius version: 2.2.0
strongswan.conf:
charon {
threads = 16
plugins {
attr {
dns= 8.8.8.8, 8.8.4.4
}
eap-radius {
eap_start = no
accounting = yes
servers {
server1 {
address = xxx.xxx.xxx.xxx
secret = secret
}
}
dae {
listen = 0.0.0.0 # listen address, default to all
port = 3799 # port to listen for requests,
default
secret = secret
}
}
}
pluto {
}
libstrongswan {
}
}
I used the radclient command:
cat packet.txt | radclient -r 1 yyy.yyy.yyy.yyy:3799 disconnect ''secret''
whereby the packet.txt contents are:
Acct-Session-Id = "1385022396-2"
NAS-IP-Address = yyy.yyy.yyy.yyy
User-Name = "username"
(the Acct-Session-Id were taken from the Accounting-Request sent from
strongswan server to radius server)
the output of the radclient command is:
radclient: no response from server for ID 182 socket 3
the tcpdump on the strongswan server output is:
03:53:25.821257 IP xxx.xxx.xxx.xxx.39663 > yyy.yyy.yyy.yyy.radius-dynauth:
UDP, length 98
03:53:25.821300 IP yyy.yyy.yyy.yyy > xxx.xxx.xxx.xxx: ICMP yyy.yyy.yyy.yyy
udp port radius-dynauth unreachable, length 134
radius-dynauth port defined in /etc/services as 3799.
The device connects perfectly to the strongswan server, of course the
strongswan is authenticating as required from the radius server using the
eap-radius plugin, accounting requests and response are working and active,
everything works except for the disconnect requests.
Your support in solving this would be highly appreciated.
Regards,
Banan Aburrobb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131121/6c49ff01/attachment.html>
More information about the Users
mailing list