[RADIATOR] Problems with radiator to radsecproxy TLS connections

[Elmar Dreher]

Hello all,

i am systemadministrator for eduroam at the university of Konstanz.
We are using radiator and radsecproxy:
1. Radiator is hosted in an Application Zone
2. Radsecproxy is hosted in a DMZ and connected to the DFN for eduroam purposes
3. OS on both environments is Ubuntu 12.04

The setup is the following:
1. All connection (beetween radiator and radsecproxy) are implemented by using TLS
2. On radiator the RADSEC implementaion is used to realize TLS connetion from and to radsecproxy
3. Radiator an radsecproxy are redundant (2 radiators and 2 radsecproxies) and are connected redundant


Now the problem:
Soemtimes it happens that the connection between radsecproxy <-> radiator is broken (experience has shown after 5 to 6 weeks):
At case of an eduroam Login attempt radsecproxy or radiator is logging that the remote peer isn't available.
Looking an the network connection with netstat -tapen everythink looks ok.

Does everbody have the same experience with this architecture or does have an idea or hint what could be the problem or how to solve the problem (we already have a weekly reboot of all radsecproxy and radiator services and everything works fine).

 Many greetings from Konstanz, Elmar Dreher