[RADIATOR] RADSEC won't work over IPv6

Hugh Irvine hugh at open.com.au
Thu Dec 17 15:38:14 CST 2009 

Hello Patrick -

Could you please send me the configuration and an un-cut trace 4 debug showing the startup messages as well as your tests?

Please send the information directly to me and I will check it with Mike.

regards

Hugh


On 18 Dec 2009, at 02:57, Patrick Renkens wrote:

> Hi all,
> 
> I moved Radiator from a Solaris-9 system with Radiator 4.3.1 to a
> Virtual Linux system (RHEL 5.4) with Radiator 4.5.1.
> The configuration did not change, but RADSEC won't start over IPv6, over
> IPv4 it runs ok. I checked the firewall, but the firewall is OK since
> the systems do connect over IPv6, but verification fails.
> 
> Tue Dec 15 06:08:52 2009: DEBUG: Stream attempting tcp connection to
> ipv6:<cut>:2083
> Tue Dec 15 06:08:52 2009: DEBUG: Stream connection in progress to
> ipv6:<cut>:2083
> Tue Dec 15 06:08:52 2009: DEBUG: Stream connected to ipv6:<cut>:2083
> Tue Dec 15 06:08:52 2009: DEBUG: StreamTLS sessionInit for ipv6:<cut>
> Tue Dec 15 06:08:52 2009: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
> Tue Dec 15 06:08:52 2009: DEBUG: StreamTLS Client Started for
> ipv6:<cut>:2083
> Tue Dec 15 06:08:52 2009: DEBUG: verifyFn start, hostname ipv6:<cut>
> Tue Dec 15 06:08:52 2009: DEBUG: verifyFn hostname after canonicalise
> <cut>
> Tue Dec 15 06:08:52 2009: DEBUG: Checking subjectAltName type 2, value
> <cut> against
> Fnet:<cut> against
> net:<cut> against
> Tue Dec 15 06:08:52 2009: ERR: Verification of certificate presented by
> ipv6:<cut> failed
> Tue Dec 15 06:08:52 2009: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
> 
> 
> I encountered the same problem with Radiator 4.4 when I tried to upgrade
> from Radiator 4.3.1 on - the same - Solaris-9 system.
> I reported this on September 9th 2009 on this list.
> 
> Any help is appreciated.
> 
> Kind regards,
> Patrick Renkens
>  Centre for Information Services (UCI)
>  Radboud University Nijmegen, Netherlands
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list