[Chilli] Chilli Digest, Vol 50, Issue 2

Sat Jan 11 15:34:17 UTC 2014

Hi Luis,

You might wanna use the configuration parameter nasip which gets used in the
RADIUS NAS-IP-Address attribute
Using you vpn assign VPNIP for you radius server and set attributes
nasip=vpnipassign to your nas on your chilli.conf

With this even if the disconnection is frequently happening on the ADSL line
the connecting between radius and the nas is still the same.

Regards
Danny

-----Original Message-----
From: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org] On Behalf
Of chilli-request at coova.org
Sent: 11 January 2014 16:00
To: chilli at coova.org
Subject: Chilli Digest, Vol 50, Issue 2

Send Chilli mailing list submissions to
	chilli at coova.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
or, via email, send a message with subject or body 'help' to
	chilli-request at coova.org

You can reach the person managing the list at
	chilli-owner at coova.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Chilli digest..."

Today's Topics:

   1. coova - freeradius connection problem (Luis Ferreira)
   2. Re: coova - freeradius connection problem (Luis Ferreira)

----------------------------------------------------------------------

Message: 1
Date: Sat, 11 Jan 2014 01:17:23 -0100
From: "Luis Ferreira" <lferreira at cabocom.cv>
To: <chilli at coova.org>
Subject: [Chilli] coova - freeradius connection problem
Message-ID: <02b701cf0e73$4817a210$d846e630$@cabocom.cv>
Content-Type: text/plain; charset="us-ascii"

Hi everyone,

In our setup, we (as many others) are using ADSL routers for internet. 

For centralization purposes , I've got a central Radius server, serving
requests from several NAS.

For reliability purposes, I've configured a VPN to pass the requests more
efficiently and reliably (VPN on TCP mode).

The problem I'm experience is that when ADSL is disconnected (every 18
hours, the connection is reseted by our ISP or if there is a failure), in
the time that chilli cannot connect to freeradius, online users get stuck (
chilli fail to send accounting info to radius), and that causes erratic
behavior on the account, like cannot login sometime after,  mysql radacct
shows zero bytes of traffic or no change on the actual traffic.

One of the things that I've done was creating a script to zap stalled
accounts on radius (checking accounting packets and terminating with radzap,
if disconnect packet is not enough). That is good enough to unlock the
account on radius, but not on chilli.

The problem is on chilli because if I try to login on other NAS, the account
works perfectly, so the supposed radius reply "User Already logged in" only
happen on the erratic NAS.

The only real option that I have to restart chilli to kill those sessions
and do a clean start.

Is there any toughts on how to fix this or to debug it further?

This is quite annoying, since there is almost every single day locked
accounts, and my solution has been restart chilli in the morning on a daily
basis.

Regards,

Luis Ferreira

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.coova.org/pipermail/chilli/attachments/20140111/96936f28/attac
hment-0001.html>

------------------------------

Message: 2
Date: Sat, 11 Jan 2014 09:25:20 -0100
From: "Luis Ferreira" <lferreira at cabocom.cv>
To: <chilli at coova.org>
Subject: Re: [Chilli] coova - freeradius connection problem
Message-ID: <02ca01cf0eb7$705cfce0$5116f6a0$@cabocom.cv>
Content-Type: text/plain; charset="us-ascii"

Hi,

Thanks for the reply.

Knowing that ISP change is not a viable option, what can be actually done on
chilli to (let's call it) Re-close a session (even if it's not showing on
radius and chilli)

Is it something that can be done (even if it's on code).

IMO only solution is get a better ISP or host local RADIUS servers. I don't
know much about RADIUS proxying but look into that maybe it caches when
disconnected until reconnected.

On Fri, Jan 10, 2014 at 6:17 PM, Luis Ferreira <lferreira at cabocom.cv> wrote: