[RADIATOR] Proxy does not catch the Request
SinTeZ Wh1te
sintezwh1te at gmail.com
Fri Dec 13 07:40:27 UTC 2019
Hello!
We have a problem with some RADIUS packets.
Radiator don't catch these packets. But other packets with same host, same
values - Radiator sees and forwarding to another host.
It is not a routing/networking issue since i see on Radiator server (using
tcpdump) that the requests arrives correctly on 1821 port.
But nothing gets logged (using Trace 4).
There are a lot of ignored packets, and i can't understand what wrong with
our configuration.
radius-accounting.cfg
----------------
<Client DEFAULT>
Identifier Client-DEFAULT
Secret -----
DupInterval 0
</Client>
<AuthBy RADIUS>
Identifier Proxy1
Host 192.168.144.3
Secret -----
AuthPort
AcctPort 1821
ReplyHook file:"/etc/radiator/proxy.pl"
UseExtendedIds
IgnoreReplySignature
</AuthBy>
<AuthBy RADIUS>
Identifier Proxy2
Host 192.168.144.18
Secret -----
AuthPort
AcctPort 1821
ReplyHook file:"/etc/radiator/proxy2.pl"
AddToReply Class=Proxy2
UseExtendedIds
IgnoreReplySignature
</AuthBy>
<AuthBy HANDLER>
Identifier ForwardToProxy2
HandlerId Proxy2
</AuthBy>
<Handler Class=Proxy2>
AuthBy Proxy2
</Handler>
<Handler>
Identifier Proxy1
RejectHasReason
AuthBy Proxy1
</Handler>
<Handler>
Identifier Proxy2
RejectHasReason
AuthBy Proxy2
</Handler>
----------------
Accounting-Request which not logged and forwarded from tcpdump
----------------
Frame 446: 497 bytes on wire (3976 bits), 497 bytes captured (3976 bits) on
interface 0
Interface id: 0 (eth0.144)
Interface name: eth0.144
Encapsulation type: Ethernet (1)
Arrival Time: Dec 12, 2019 23:20:28.338266344 RTZ 2
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1576182028.338266344 seconds
[Time delta from previous captured frame: 0.000001241 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 4.433944841 seconds]
Frame Number: 446
Frame Length: 497 bytes (3976 bits)
Capture Length: 497 bytes (3976 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:radius]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0), Dst:
Vmware_9d:fd:74 (00:50:56:9d:fd:74)
Destination: Vmware_9d:fd:74 (00:50:56:9d:fd:74)
Address: Vmware_9d:fd:74 (00:50:56:9d:fd:74)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0)
Address: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.144.22, Dst: 192.168.144.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable
Transport (0)
Total Length: 483
Identification: 0x4e2e (20014)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x896c [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.144.22
Destination: 192.168.144.8
User Datagram Protocol, Src Port: 56812, Dst Port: 1821
Source Port: 56812
Destination Port: 1821
Length: 463
Checksum: 0x2e0b [unverified]
[Checksum Status: Unverified]
[Stream index: 16]
[Timestamps]
[Time since first frame: 0.009830951 seconds]
[Time since previous frame: 0.000601348 seconds]
RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0xcc (204)
Length: 455
Authenticator: 37c7c07c413bcb782f2c1574e375ed0f
Attribute Value Pairs
AVP: t=User-Name(1) l=11 val=101179610
AVP: t=Acct-Status-Type(40) l=6 val=Interim-Update(3)
AVP: t=Acct-Session-Id(44) l=11 val=352027268
AVP: t=Event-Timestamp(55) l=6 val=Jul 12, 2017 23:19:30.000000000
RTZ 2
AVP: t=Acct-Input-Octets(42) l=6 val=1127113955
AVP: t=Acct-Output-Octets(43) l=6 val=728225336
AVP: t=Acct-Session-Time(46) l=6 val=451796
AVP: t=Acct-Input-Packets(47) l=6 val=8962801
AVP: t=Acct-Output-Packets(48) l=6 val=35607540
AVP: t=Acct-Delay-Time(41) l=6 val=0
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=Vendor-Specific(26) l=29 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
AVP: t=Vendor-Specific(26) l=22 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Framed-IP-Address(8) l=6 val=172.26.93.174
AVP: t=Framed-IP-Netmask(9) l=6 val=255.255.255.255
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Input-Gigawords(52) l=6 val=0
AVP: t=NAS-Identifier(32) l=9 val=RUrban3
AVP: t=NAS-Port(5) l=6 val=3028
AVP: t=NAS-Port-Id(87) l=32 val=ae0.demux0.3222168877:812-3028
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Output-Gigawords(53) l=6 val=11
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=23 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=31 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=63 vnd=The Broadband Forum(3561)
AVP: t=NAS-IP-Address(4) l=6 val=192.168.144.22
----------------
after 5 second another incoming packet was catched and logged (and has mark
[The response to this request is in frame 2187])
----------------
Frame 2076: 497 bytes on wire (3976 bits), 497 bytes captured (3976 bits)
on interface 0
Interface id: 0 (eth0.144)
Interface name: eth0.144
Encapsulation type: Ethernet (1)
Arrival Time: Dec 12, 2019 23:20:33.338291848 RTZ 2
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1576182033.338291848 seconds
[Time delta from previous captured frame: 0.000005672 seconds]
[Time delta from previous displayed frame: 5.000025504 seconds]
[Time since reference or first frame: 9.433970345 seconds]
Frame Number: 2076
Frame Length: 497 bytes (3976 bits)
Capture Length: 497 bytes (3976 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:radius]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0), Dst:
Vmware_9d:fd:74 (00:50:56:9d:fd:74)
Destination: Vmware_9d:fd:74 (00:50:56:9d:fd:74)
Address: Vmware_9d:fd:74 (00:50:56:9d:fd:74)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0)
Address: LucentTe_d6:fc:c0 (00:05:86:d6:fc:c0)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.144.22, Dst: 192.168.144.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable
Transport (0)
Total Length: 483
Identification: 0x6b14 (27412)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x6c86 [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.144.22
Destination: 192.168.144.8
User Datagram Protocol, Src Port: 49785, Dst Port: 1821
Source Port: 49785
Destination Port: 1821
Length: 463
Checksum: 0x4a48 [unverified]
[Checksum Status: Unverified]
[Stream index: 17]
[Timestamps]
[Time since first frame: 5.009851203 seconds]
[Time since previous frame: 0.000005672 seconds]
RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0x7f (127)
Length: 455
Authenticator: 881201108d944ad51622c1b9e14bfee7
[The response to this request is in frame 2187]
Attribute Value Pairs
AVP: t=User-Name(1) l=11 val=101179610
AVP: t=Acct-Status-Type(40) l=6 val=Interim-Update(3)
AVP: t=Acct-Session-Id(44) l=11 val=352027268
AVP: t=Event-Timestamp(55) l=6 val=Jul 12, 2017 23:19:30.000000000
RTZ 2
AVP: t=Acct-Input-Octets(42) l=6 val=1127113955
AVP: t=Acct-Output-Octets(43) l=6 val=728225336
AVP: t=Acct-Session-Time(46) l=6 val=451796
AVP: t=Acct-Input-Packets(47) l=6 val=8962801
AVP: t=Acct-Output-Packets(48) l=6 val=35607540
AVP: t=Acct-Delay-Time(41) l=6 val=5
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=Vendor-Specific(26) l=29 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
AVP: t=Vendor-Specific(26) l=22 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Framed-IP-Address(8) l=6 val=172.26.93.174
AVP: t=Framed-IP-Netmask(9) l=6 val=255.255.255.255
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Input-Gigawords(52) l=6 val=0
AVP: t=NAS-Identifier(32) l=9 val=RUrban3
AVP: t=NAS-Port(5) l=6 val=3028
AVP: t=NAS-Port-Id(87) l=32 val=ae0.demux0.3222168877:812-3028
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Acct-Output-Gigawords(53) l=6 val=11
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=12 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=23 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=31 vnd=Juniper Networks/Unisphere(4874)
AVP: t=Vendor-Specific(26) l=63 vnd=The Broadband Forum(3561)
AVP: t=NAS-IP-Address(4) l=6 val=192.168.144.22
----------------
Only second packet was logged
----------------
Thu Dec 12 23:20:33 2019: DEBUG: Packet dump:
*** Received from 192.168.144.22 port 49785 ....
Code: Accounting-Request
Identifier: 127
Authentic: <136><18><1><16><141><148>J<213><22>"<193><185><225>K<254><231>
Attributes:
User-Name = "101179610"
Acct-Status-Type = Alive
Acct-Session-Id = "352027268"
Event-Timestamp = 1499890770
Acct-Input-Octets = 1127113955
Acct-Output-Octets = 728225336
Acct-Session-Time = 451796
Acct-Input-Packets = 8962801
Acct-Output-Packets = 35607540
Acct-Delay-Time = 5
Service-Type = Framed-User
Framed-Protocol = PPP
Unknown-4874-177 = Port speed: 30000000k
Acct-Authentic = RADIUS
Unisphere-Dhcp-Mac-Addr = "c0a5.dd11.6d13"
Framed-IP-Address = 172.26.93.174
Framed-IP-Netmask = 255.255.255.255
Unisphere-Input-Gigapkts = 0
Acct-Input-Gigawords = 0
NAS-Identifier = "RUrban3"
NAS-Port = 3028
NAS-Port-Id = "ae0.demux0.3222168877:812-3028"
NAS-Port-Type = Ethernet
Unisphere-Ouput-Gigapkts = 0
Acct-Output-Gigawords = 11
Unisphere-Ipv6-Acct-Input-Octets = 0
Unisphere-Ipv6-Acct-Output-Octets = 0
Unisphere-Ipv6-Acct-Output-Octets = 0
Unisphere-Ipv6-Acct-Output-Packets = 0
Unisphere-Ipv6-Acct-Input-Gigawords = 0
Unisphere-Ipv6-Acct-Output-Gigawords = 0
Unisphere-Virtual-Router = "default:default"
Unisphere-Pppoe-Description = "pppoe c0:a5:dd:11:6d:13"
DSLForum-Agent-Circuit-Id = <snipped>
DSLForum-Agent-Remote-Id = <snipped>
NAS-IP-Address = 192.168.144.22
----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20191213/a762323d/attachment-0001.html>
More information about the radiator
mailing list