Accounting NOT broken in v1.0.11 (was: Accounting badly broken in v1.0.11)
gunther.mayer at googlemail.com
Sun Apr 20 23:05:47 UTC 2008
wlan at mac.com wrote:
> I'm not certain of the problems reported by previously. Gunther, can
> you confirm that chilli is indeed getting the responses? Otherwise,
> the behavior he describes is, basically, retransmission doing its job.
> I have heard reports of v1.0.11 already "in the wild" without major
> problems. You are also encouraged to test the svn version.
I carried out the packet dumps again from the box that runs chilli and
even though the replies were delivered fine it turns out that it was a
firewall rule of mine that dropped them like a hot potato. I had to use
the coaport option together with coanoipcheck (because my PoD packets
would come through an openvpn tunnel, not from any of the defined
radiusservers) so tried to harden my setup by doing the checking in the
firewall. Unfortunately in the process I didn't realise that the coaport
option also causes all Accounting Requests to be sent from that port
which is where my assumptions broke down.
To cut a long story short it was my stupidity rather than your code that
caused the mess and the behaviour I saw indeed was just chilli trying to
retransmit whatever it never received a reply for. The radauth stuff of
course ran flawlessly so that I could log in fine, which is why I never
detected the problem when I did my initial firewall testing.
I apologise for jumping to conclusions despite days of debugging...
In the end I can recommend v1.0.11 for all purposes.
More information about the Chilli