[strongSwan] Radius Disconnect-Request not working

Banan Aburrobb aburrobb at gmail.com
Thu Nov 21 10:33:32 CET 2013


Hello,

I'm trying for sometime now to get this to work with no luck.

the details as below:

strongswan version: 5.1.0
freeradius version: 2.2.0

strongswan.conf:
charon {
        threads = 16
        plugins {
                attr {
                        dns= 8.8.8.8, 8.8.4.4
                        }
        eap-radius {
                eap_start = no
                accounting = yes
                servers {
                        server1 {
                                address = xxx.xxx.xxx.xxx
                               secret = secret
                                }
                        }
                dae {
                        listen = 0.0.0.0  # listen address, default to all
                        port = 3799       # port to listen for requests,
default
                        secret = secret
                    }
        }
}
pluto {
}
 libstrongswan {
 }
}
I used the radclient command:
cat packet.txt | radclient -r 1 yyy.yyy.yyy.yyy:3799 disconnect ''secret''

whereby the packet.txt contents are:
Acct-Session-Id = "1385022396-2"
NAS-IP-Address = yyy.yyy.yyy.yyy
User-Name = "username"

(the Acct-Session-Id were taken from the Accounting-Request sent from
strongswan server to radius server)

the output of the radclient command is:
radclient: no response from server for ID 182 socket 3

the tcpdump on the strongswan server output is:
03:53:25.821257 IP xxx.xxx.xxx.xxx.39663 > yyy.yyy.yyy.yyy.radius-dynauth:
UDP, length 98
03:53:25.821300 IP yyy.yyy.yyy.yyy > xxx.xxx.xxx.xxx: ICMP yyy.yyy.yyy.yyy
udp port radius-dynauth unreachable, length 134

radius-dynauth port defined in /etc/services as 3799.

The device connects perfectly to the strongswan server, of course the
strongswan is authenticating as required from the radius server using the
eap-radius plugin, accounting requests and response are working and active,
everything works except for the disconnect requests.

Your support in solving this would be highly appreciated.


Regards,

Banan Aburrobb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131121/6c49ff01/attachment.html>


More information about the Users mailing list