Re: [RADIATOR] Problem with Radsec connections

Mon, 04 Nov 2019 06:37:15 -0800 

On 31/10/2019 18.23, Pedro Simões wrote:
After an upgrade from a VM to a physical machine, we started having problems with Radsec on Radiator (This is Radiator 4.23). 


 From what we have managed to find, when we try to start a connection to 
a remote Radsec radius the first steps occurs, and we receive a reply.



At the second communication, when we tries to send the public part of 
our certificate an error occurs.



I would check the TLS_* configuration variables and see that all files 
exists that the variables refer to.



On our Radiator we have the following message, referring a Net::SSLeay 
error:



Wed Oct 30 03:38:28 2019 698096: ERR: StreamTLS could not create SSL: 
Net::SSLeay::new failed: 284759: 1 - error:140BA0C3:SSL 
routines:SSL_new:null ssl ctx



Can you check your log file starting from Radiator start. Are there any 
error messages that preceed this problem. It seems that OpenSSL CTX 
structure, from which structures for individual SSL connections are 
created from, is not correctly set up.



,Inappropriate ioctl for device



This is system errno related string. I'd say this is not relevant on 
your case.



There is some strange thing that we have found. The connection first is 
sent to 193.136.195.229 and after that is referred as localhost 
(localhost (193.136.195.229:2083)).



This seems to be caused by dynamically created AuthBy RADSEC not 
resetting default name that the TCP stream is connecting to. This 
appears to be just confusing debugging and not related to, for example, 
something trying to connect to 'localhost'.



To summarise: I'd check the previous log messages to see if there are 
any problems leading to Net::SSLeay::new() error.


Thanks,
Heikki

--
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator





















					Reply via email to