Re: No communication between FreeRadius and Chilli

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Re: No communication between FreeRadius and Chilli

sean-9
 Hi,

I have Chilli configured to run on Linksys WRT54G AP. I can access the
Radius server at radius.chillispot.org with no problems. I have
configured FreeRadius to run on a server also running Apache and
MySQL.The FreeRadius installation compiled and runs with no errors and
Radtest works fine, allowing me to authenticate users. The problem is
that Chilli can't communicate with my Radius server. Ethereal tells me
that the destination is unreachable when replying to the Chilli box.

This is part of the Ethereal output:-

No.     Time        Source                Destination           Protocol Info
    540 142.622909  192.168.1.6           82.141.232.132        RADIUS   Access Request(1) (id=0, l=195)

Frame 540 (237 bytes on wire, 237 bytes captured)
Ethernet II, Src: 00:12:17:b7:a1:71, Dst: 00:00:c5:b1:0c:0c
Internet Protocol, Src Addr: 192.168.1.6 (192.168.1.6), Dst Addr: 82.141.232.132 (82.141.232.132)
User Datagram Protocol, Src Port: 2051 (2051), Dst Port: radius (1812)
Radius Protocol

No.     Time        Source                Destination           Protocol Info
    541 142.623743  82.141.232.132        192.168.1.6           ICMP     Destination unreachable

Frame 541 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:00:c5:b1:0c:0c, Dst: 00:12:17:b7:a1:71
Internet Protocol, Src Addr: 82.141.232.132 (82.141.232.132), Dst Addr: 192.168.1.6 (192.168.1.6)
Internet Control Message Protocol


The Radius server and the Chilli AP get their IP's from DHCP on a Caymen
DSL modem with static IP. The Modem is 82.141.232.132. The Radius server
is 192.168.1.2 and the Chilli AP is 192.168.1.6, its internal address is
192.168.10.1.

I'd really appreciate any suggestions anyone might have to help me
resolve this.

Regards

Sean

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: No communication between FreeRadius and Chilli

Alan DeKok
sean <[hidden email]> wrote:
> The problem is
> that Chilli can't communicate with my Radius server. Ethereal tells me
> that the destination is unreachable when replying to the Chilli box.

  It looks like the port isn't open.

> No.     Time        Source                Destination           Protocol Info
>     540 142.622909  192.168.1.6           82.141.232.132        RADIUS   Access Request(1) (id=0, l=195)

  Ok...

> The Radius server and the Chilli AP get their IP's from DHCP on a Caymen
> DSL modem with static IP. The Modem is 82.141.232.132. The Radius server
> is 192.168.1.2

  What's the problem?  The Ethereal output you showed above disagrees
with your statement about the IP address of the RADIUS server.

  You have the Chilli AP configured to send RADIUS packets to the DSL
modem.  The Ethereal output is telling you this.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: No communication between FreeRadius and Chilli

sean-9
In reply to this post by sean-9
On Wed, 2005-07-20 at 21:29 +0200, freeradius-users-
[hidden email] wrote:

> sean <[hidden email]> wrote:
> > The problem is
> > that Chilli can't communicate with my Radius server. Ethereal tells
> me
> > that the destination is unreachable when replying to the Chilli box.
>
>   It looks like the port isn't open.
>
> > No.     Time        Source                Destination
> Protocol Info
> >     540 142.622909  192.168.1.6           82.141.232.132
> RADIUS   Access Request(1) (id=0, l=195)
>
>   Ok...
>
> > The Radius server and the Chilli AP get their IP's from DHCP on a
> Caymen
> > DSL modem with static IP. The Modem is 82.141.232.132. The Radius
> server
> > is 192.168.1.2
>
>   What's the problem?  The Ethereal output you showed above disagrees
> with your statement about the IP address of the RADIUS server.
>
>   You have the Chilli AP configured to send RADIUS packets to the DSL
> modem.  The Ethereal output is telling you this.
>
>   Alan DeKok.

I have UDP and TCP Pinholes open in the modem for ports 1812, 1813 and
1814 pointing to 192.168.1.2 This should be directing trafic to
82.141.232.132:1812 etc to 192.168.1.2:1812. That is what I had to do
for Apache, Jabber and other services. Does Radius use any other ports
and should I have any ports opened to 192.168.1.6

Thanks for your help.

Regards Sean
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: No communication between FreeRadius and Chilli

Alan DeKok
sean <[hidden email]> wrote:
> I have UDP and TCP Pinholes open in the modem for ports 1812, 1813 and
> 1814 pointing to 192.168.1.2 This should be directing trafic to
> 82.141.232.132:1812 etc to 192.168.1.2:1812.

  The "destination unreachable" message says that isn't happening.

  Have you tried looking at the packets coming *out* of 82.141.232.132
to 192.168.1.2, to see if the forwarding is happening?

> Does Radius use any other ports and should I have any ports opened
> to 192.168.1.6

  Talk of other ports is a waste of time.  You say you've set it up to
forward packets sent to 82.141.232.132:1812, yet the logs you posted
shows that packets sent to 82.141.232.132:1812 get "destination
unreachable".

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html