[RADIATOR] Problem with Radsec connections

Heikki Vatiainen hvn at open.com.au
Mon Nov 4 14:36:28 UTC 2019 

On 31/10/2019 18.23, Pedro Simões wrote:

> After an upgrade from a VM to a physical machine, we started having 
> problems with Radsec on Radiator (This is Radiator 4.23).
> 
>  From what we have managed to find, when we try to start a connection to 
> a remote Radsec radius the first steps occurs, and we receive a reply.
> 
> At the second communication, when we tries to send the public part of 
> our certificate an error occurs.

I would check the TLS_* configuration variables and see that all files 
exists that the variables refer to.

> On our Radiator we have the following message, referring a Net::SSLeay 
> error:
> 
> Wed Oct 30 03:38:28 2019 698096: ERR: StreamTLS could not create SSL: 
> Net::SSLeay::new failed: 284759: 1 - error:140BA0C3:SSL 
> routines:SSL_new:null ssl ctx

Can you check your log file starting from Radiator start. Are there any 
error messages that preceed this problem. It seems that OpenSSL CTX 
structure, from which structures for individual SSL connections are 
created from, is not correctly set up.

> ,Inappropriate ioctl for device

This is system errno related string. I'd say this is not relevant on 
your case.

> There is some strange thing that we have found. The connection first is 
> sent to 193.136.195.229 and after that is referred as localhost 
> (localhost (193.136.195.229:2083)).

This seems to be caused by dynamically created AuthBy RADSEC not 
resetting default name that the TCP stream is connecting to. This 
appears to be just confusing debugging and not related to, for example, 
something trying to connect to 'localhost'.

To summarise: I'd check the previous log messages to see if there are 
any problems leading to Net::SSLeay::new() error.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.

More information about the radiator mailing list