Accounting NOT broken in v1.0.11 (was: Accounting badly broken in v1.0.11)

Gunther Mayer gunther.mayer at googlemail.com
Sun Apr 20 23:05:47 UTC 2008


wlan at mac.com wrote:
> I'm not certain of the problems reported by previously. Gunther, can 
> you confirm that chilli is indeed getting the responses? Otherwise, 
> the behavior he describes is, basically, retransmission doing its job. 
> I have heard reports of v1.0.11 already "in the wild" without major 
> problems.  You are also encouraged to test the svn version.
Hi David,

I carried out the packet dumps again from the box that runs chilli and 
even though the replies were delivered fine it turns out that it was a 
firewall rule of mine that dropped them like a hot potato. I had to use 
the coaport option together with coanoipcheck (because my PoD packets 
would come through an openvpn tunnel, not from any of the defined 
radiusservers) so tried to harden my setup by doing the checking in the 
firewall. Unfortunately in the process I didn't realise that the coaport 
option also causes all Accounting Requests to be sent from that port 
which is where my assumptions broke down.

To cut a long story short it was my stupidity rather than your code that 
caused the mess and the behaviour I saw indeed was just chilli trying to 
retransmit whatever it never received a reply for. The radauth stuff of 
course ran flawlessly so that I could log in fine, which is why I never 
detected the problem when I did my initial firewall testing.

I apologise for jumping to conclusions despite days of debugging...

In the end I can recommend v1.0.11 for all purposes.

Gunther



More information about the Chilli mailing list