WAN IP for FreeRadius

I want to authenticate my local network users with an aws hosted radius server.

I have successfully set up a radius server and tested successfully using radtest. Now, my question is: how do I connect my local network so that when a user tried to login(with WPA2-Enterprise), the request would be authenticated against the cloud server?

I tried searching for an answer but all the information I could found online uses LAN IP e.g. 192.168.x.x in clients.config. I also tried this:

client my-wan-ip {
  secret = "mysecret"
  shortname = "my short name"
}

It doesn’t work as radtest would fail with “No reply from server”.

I also tried this:

client 0.0.0.0/0 {
  secret = "mysecret"
  shortname = "my short name"
}

It doesn’t work also with the message “radclient: Can’t add new socket: Too many open sockets”

Anyone could help?

Answer

You connect it the same way regardless of where it is hosted. You do,however, need to check all the firewalls are allowing the traffic to and from the hosted server (both on the radius server network and the radius client networks).

It may be useful to use tcpdump to help see if the packets are leaving and entering the appropriate places.

Attribution
Source : Link , Question Author : Standstill , Answer Author : davidgo

Leave a Comment