Hi guys, I am trying to make dynamic VLANs work on OpenWRT 21 release and miserably failing at it. I have followed the wiki for freeradius setup and then for dynamic VLANs setup. I am successful in making the freeradius work without dynamic VLANs on the 21 release. In past, dynamic VLANs were working successfully with OpenWRT release 18 with the same configuration.
I have narrowed down the issue to the way OpenWRT is forming bridges in new releases. In past as far as I understood, after assigning the name and type to an interface i.e config device 'vlanX
, option type 'bridge'
and option ifname 'eth0.X'
, only the interface becomes the bridge.
In OpenWRT 21 release the whole VLAN becomes the bridge, on setting the option dynamic_vlan '1'
on an android-client, it is giving "ip obtain failure error" while with the option set to 2 only the authentication from the radius server then it immediately "dissociates"
.Here are my configurations:
network
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option description 'lan'
option ports '0t 4'
config device
option name 'br-vlan2'
option type 'bridge'
list ports 'eth0.2'
option bridge_empty '1'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.12.1'
option device 'br-vlan2'
wireless
onfig wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'redacted'
option auth_server '127.0.0.1'
option auth_secret 'Flying Dutchman'
option auth_port '1812'
option short_preamble '0'
option skip_inactivity_poll '1'
option disassoc_low_ack '0'
option encryption 'wpa2'
option dynamic_vlan '2'
option 'vlan_tagged_interface' 'eth0'
option 'vlan_bridge' 'br-vlan'
option 'vlan_naming' '0'
hostapd-conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=AU
ieee80211d=1
hw_mode=g
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
beacon_int=100
dtim_period=2
channel=acs_survey
bss=wlan1-1
ctrl_interface=/var/run/hostapd
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=0
skip_inactivity_poll=1
preamble=0
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=testing123
eapol_key_index_workaround=1
ieee8021x=1
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=Flying Dutchman
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-EAP
okc=0
disable_pmksa_caching=1
dynamic_vlan=2
vlan_naming=1
vlan_bridge=br-vlan
vlan_no_bridge=
vlan_tagged_interface=eth0
vlan_file=/var/run/hostapd-wlan1-1.vlan
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
config_id=1f3c4e77dec01aae5c60e46edaf14f84
bssid=[redacted]
authorize
"username" Cleartext-Password := "password"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-ID = "2"
Radius Log
Fri May 20 06:02:41 2022 : Debug: (8) Received Access-Request Id 198 from 127.0.0.1:42593 to 127.0.0.1:1812 length 243
Fri May 20 06:02:41 2022 : Debug: (8) User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) Called-Station-Id = "[bssid-redacted]:Flying Dutchman"
Fri May 20 06:02:41 2022 : Debug: (8) NAS-Port-Type = Wireless-802.11
Fri May 20 06:02:41 2022 : Debug: (8) Service-Type = Framed-User
Fri May 20 06:02:41 2022 : Debug: (8) NAS-Port = 1
Fri May 20 06:02:41 2022 : Debug: (8) Calling-Station-Id = "[redacted]"
Fri May 20 06:02:41 2022 : Debug: (8) Connect-Info = "CONNECT 54Mbps 802.11g"
Fri May 20 06:02:41 2022 : Debug: (8) Acct-Session-Id = "6F15CF928BCDE380"
Fri May 20 06:02:41 2022 : Debug: (8) Attr-186 = 0x000fac04
Fri May 20 06:02:41 2022 : Debug: (8) Attr-187 = 0x000fac04
Fri May 20 06:02:41 2022 : Debug: (8) Attr-188 = 0x000fac01
Fri May 20 06:02:41 2022 : Debug: (8) Framed-MTU = 1400
Fri May 20 06:02:41 2022 : Debug: (8) EAP-Message = 0x020c00251900170303001a0000000000000003313dd22794699cbafd7f8cb0d061e14d3def
Fri May 20 06:02:41 2022 : Debug: (8) State = 0x8e3d1b5f8931027ea2a5775956759b52
Fri May 20 06:02:41 2022 : Debug: (8) Message-Authenticator = 0xd0a01734c932441a5690f918c2f0cd30
Fri May 20 06:02:41 2022 : Debug: (8) Restoring &session-state
Fri May 20 06:02:41 2022 : Debug: (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
Fri May 20 06:02:41 2022 : Debug: (8) &session-state:TLS-Session-Version = "TLS 1.2"
Fri May 20 06:02:41 2022 : Debug: (8) # Executing section authorize from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (8) authorize {
Fri May 20 06:02:41 2022 : Debug: (8) policy filter_username {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) -> TRUE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ / /) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ / /) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.\./ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.\./ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.$/) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.$/) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@\./) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@\./) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) } # if (&User-Name) = notfound
Fri May 20 06:02:41 2022 : Debug: (8) } # policy filter_username = notfound
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling preprocess (rlm_preprocess)
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from preprocess (rlm_preprocess)
Fri May 20 06:02:41 2022 : Debug: (8) [preprocess] = ok
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (8) suffix: Checking for suffix after "@"
Fri May 20 06:02:41 2022 : Debug: (8) suffix: No '@' in User-Name = "username", looking up realm NULL
Fri May 20 06:02:41 2022 : Debug: (8) suffix: No such realm "NULL"
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (8) [suffix] = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) eap: Peer sent EAP Response (code 2) ID 12 length 37
Fri May 20 06:02:41 2022 : Debug: (8) eap: Continuing tunnel setup
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) [eap] = ok
Fri May 20 06:02:41 2022 : Debug: (8) } # authorize = ok
Fri May 20 06:02:41 2022 : Debug: (8) Found Auth-Type = eap
Fri May 20 06:02:41 2022 : Debug: (8) # Executing group from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (8) authenticate {
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authenticate]: calling eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) eap: Expiring EAP session with state 0x8e3d1b5f8931027e
Fri May 20 06:02:41 2022 : Debug: (8) eap: Finished EAP session with state 0x8e3d1b5f8931027e
Fri May 20 06:02:41 2022 : Debug: (8) eap: Previous EAP request found for state 0x8e3d1b5f8931027e, released from the list
Fri May 20 06:02:41 2022 : Debug: (8) eap: Peer sent packet with method EAP PEAP (25)
Fri May 20 06:02:41 2022 : Debug: (8) eap: Calling submodule eap_peap to process data
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Continuing EAP-TLS
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Peer sent flags ---
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: [eaptls verify] = ok
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Done initial handshake
Fri May 20 06:02:41 2022 : Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: [eaptls process] = ok
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Session established. Decoding tunneled attributes
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: PEAP state phase2
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: EAP method MSCHAPv2 (26)
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Got tunneled request
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: EAP-Message = 0x020c00061a03
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Setting User-Name to username
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Sending tunneled request to inner-tunnel
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: EAP-Message = 0x020c00061a03
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: State = 0xcbd8c861cad4d24bb8af9dc7872e7809
Fri May 20 06:02:41 2022 : Debug: (8) Virtual server inner-tunnel received request
Fri May 20 06:02:41 2022 : Debug: (8) EAP-Message = 0x020c00061a03
Fri May 20 06:02:41 2022 : Debug: (8) FreeRADIUS-Proxied-To = 127.0.0.1
Fri May 20 06:02:41 2022 : Debug: (8) User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) State = 0xcbd8c861cad4d24bb8af9dc7872e7809
Fri May 20 06:02:41 2022 : WARNING: (8) Outer and inner identities are the same. User privacy is compromised.
Fri May 20 06:02:41 2022 : Debug: (8) server inner-tunnel {
Fri May 20 06:02:41 2022 : Debug: (8) session-state: No cached attributes
Fri May 20 06:02:41 2022 : Debug: (8) # Executing section authorize from file /etc/freeradius3/sites-enabled/inner-tunnel
Fri May 20 06:02:41 2022 : Debug: (8) authorize {
Fri May 20 06:02:41 2022 : Debug: (8) policy filter_username {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) -> TRUE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ / /) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ / /) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.\./ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.\./ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.$/) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /\.$/) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@\./) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (8) if (&User-Name =~ /@\./) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) } # if (&User-Name) = notfound
Fri May 20 06:02:41 2022 : Debug: (8) } # policy filter_username = notfound
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling inner-eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Peer sent EAP Response (code 2) ID 12 length 6
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: No EAP Start, assuming it's an on-going EAP conversation
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from inner-eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) [inner-eap] = updated
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling chap (rlm_chap)
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from chap (rlm_chap)
Fri May 20 06:02:41 2022 : Debug: (8) [chap] = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap)
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap)
Fri May 20 06:02:41 2022 : Debug: (8) [mschap] = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (8) suffix: Checking for suffix after "@"
Fri May 20 06:02:41 2022 : Debug: (8) suffix: No '@' in User-Name = "username", looking up realm NULL
Fri May 20 06:02:41 2022 : Debug: (8) suffix: No such realm "NULL"
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (8) [suffix] = noop
Fri May 20 06:02:41 2022 : Debug: (8) update control {
Fri May 20 06:02:41 2022 : Debug: (8) &Proxy-To-Realm := LOCAL
Fri May 20 06:02:41 2022 : Debug: (8) } # update control = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling files (rlm_files)
Fri May 20 06:02:41 2022 : Debug: (8) files: users: Matched entry username at line 1
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: FROM 3 TO 0 MAX 3
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: Examining Tunnel-Type
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: APPENDING Tunnel-Type FROM 0 TO 0
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: Examining Tunnel-Medium-Type
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: APPENDING Tunnel-Medium-Type FROM 1 TO 0
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: Examining Tunnel-Private-Group-Id
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: APPENDING Tunnel-Private-Group-Id FROM 2 TO 0
Fri May 20 06:02:41 2022 : Debug: (8) files: ::: TO in 0 out 0
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from files (rlm_files)
Fri May 20 06:02:41 2022 : Debug: (8) [files] = ok
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling expiration (rlm_expiration)
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from expiration (rlm_expiration)
Fri May 20 06:02:41 2022 : Debug: (8) [expiration] = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling logintime (rlm_logintime)
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from logintime (rlm_logintime)
Fri May 20 06:02:41 2022 : Debug: (8) [logintime] = noop
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: calling pap (rlm_pap)
Fri May 20 06:02:41 2022 : WARNING: (8) pap: Auth-Type already set. Not setting to PAP
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authorize]: returned from pap (rlm_pap)
Fri May 20 06:02:41 2022 : Debug: (8) [pap] = noop
Fri May 20 06:02:41 2022 : Debug: (8) } # authorize = updated
Fri May 20 06:02:41 2022 : WARNING: (8) You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request.
Fri May 20 06:02:41 2022 : Debug: (8) Found Auth-Type = inner-eap
Fri May 20 06:02:41 2022 : Debug: (8) # Executing group from file /etc/freeradius3/sites-enabled/inner-tunnel
Fri May 20 06:02:41 2022 : Debug: (8) authenticate {
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authenticate]: calling inner-eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Expiring EAP session with state 0xcbd8c861cad4d24b
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Finished EAP session with state 0xcbd8c861cad4d24b
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Previous EAP request found for state 0xcbd8c861cad4d24b, released from the list
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Peer sent packet with method EAP MSCHAPv2 (26)
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Calling submodule eap_mschapv2 to process data
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Sending EAP Success (code 3) ID 12 length 4
Fri May 20 06:02:41 2022 : Debug: (8) inner-eap: Freeing handler
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authenticate]: returned from inner-eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) [inner-eap] = ok
Fri May 20 06:02:41 2022 : Debug: (8) } # authenticate = ok
Fri May 20 06:02:41 2022 : Debug: (8) # Executing section post-auth from file /etc/freeradius3/sites-enabled/inner-tunnel
Fri May 20 06:02:41 2022 : Debug: (8) post-auth {
Fri May 20 06:02:41 2022 : Debug: (8) update outer.session-state {
Fri May 20 06:02:41 2022 : Debug: (8) User-Name := &User-Name -> 'username'
Fri May 20 06:02:41 2022 : Debug: (8) } # update outer.session-state = noop
Fri May 20 06:02:41 2022 : Debug: (8) if (0) {
Fri May 20 06:02:41 2022 : Debug: (8) if (0) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (8) } # post-auth = noop
Fri May 20 06:02:41 2022 : Debug: (8) } # server inner-tunnel
Fri May 20 06:02:41 2022 : Debug: (8) Virtual server sending reply
Fri May 20 06:02:41 2022 : Debug: (8) Tunnel-Type = VLAN
Fri May 20 06:02:41 2022 : Debug: (8) Tunnel-Medium-Type = IEEE-802
Fri May 20 06:02:41 2022 : Debug: (8) Tunnel-Private-Group-Id = "2"
Fri May 20 06:02:41 2022 : Debug: (8) MS-MPPE-Encryption-Policy = Encryption-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) MS-MPPE-Send-Key = 0x2348a4bcedb2d874d2bfa050d456fc8e
Fri May 20 06:02:41 2022 : Debug: (8) MS-MPPE-Recv-Key = 0x5a241e61bad9d5e5f3108dc9f90b0cec
Fri May 20 06:02:41 2022 : Debug: (8) EAP-Message = 0x030c0004
Fri May 20 06:02:41 2022 : Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000
Fri May 20 06:02:41 2022 : Debug: (8) User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Got tunneled reply code 2
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Type = VLAN
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Medium-Type = IEEE-802
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Private-Group-Id = "2"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Send-Key = 0x2348a4bcedb2d874d2bfa050d456fc8e
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Recv-Key = 0x5a241e61bad9d5e5f3108dc9f90b0cec
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: EAP-Message = 0x030c0004
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Got tunneled reply RADIUS code 2
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Type = VLAN
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Medium-Type = IEEE-802
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunnel-Private-Group-Id = "2"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Send-Key = 0x2348a4bcedb2d874d2bfa050d456fc8e
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: MS-MPPE-Recv-Key = 0x5a241e61bad9d5e5f3108dc9f90b0cec
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: EAP-Message = 0x030c0004
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: Tunneled authentication was successful
Fri May 20 06:02:41 2022 : Debug: (8) eap_peap: SUCCESS
Fri May 20 06:02:41 2022 : Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Fri May 20 06:02:41 2022 : Debug: (8) eap: Sending EAP Request (code 1) ID 13 length 46
Fri May 20 06:02:41 2022 : Debug: (8) eap: EAP session adding &reply:State = 0x8e3d1b5f8630027e
Fri May 20 06:02:41 2022 : Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (8) [eap] = handled
Fri May 20 06:02:41 2022 : Debug: (8) } # authenticate = handled
Fri May 20 06:02:41 2022 : Debug: (8) Using Post-Auth-Type Challenge
Fri May 20 06:02:41 2022 : Debug: (8) # Executing group from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (8) Challenge { ... } # empty sub-section is ignored
Fri May 20 06:02:41 2022 : Debug: (8) session-state: Saving cached attributes
Fri May 20 06:02:41 2022 : Debug: (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
Fri May 20 06:02:41 2022 : Debug: (8) TLS-Session-Version = "TLS 1.2"
Fri May 20 06:02:41 2022 : Debug: (8) User-Name := "username"
Fri May 20 06:02:41 2022 : Debug: (8) Sent Access-Challenge Id 198 from 127.0.0.1:1812 to 127.0.0.1:42593 length 0
Fri May 20 06:02:41 2022 : Debug: (8) EAP-Message = 0x010d002e190017030300239304ada92bc6a5700bb73e5e8f9d2dcb1786924b9a3cbc63d663b5cd21a1a51dca975e
Fri May 20 06:02:41 2022 : Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000
Fri May 20 06:02:41 2022 : Debug: (8) State = 0x8e3d1b5f8630027ea2a5775956759b52
Fri May 20 06:02:41 2022 : Debug: (8) Finished request
Fri May 20 06:02:41 2022 : Debug: Waking up in 4.6 seconds.
Fri May 20 06:02:41 2022 : Debug: (9) Received Access-Request Id 199 from 127.0.0.1:42593 to 127.0.0.1:1812 length 252
Fri May 20 06:02:41 2022 : Debug: (9) User-Name = "username"
Fri May 20 06:02:41 2022 : Debug: (9) Called-Station-Id = "A0-63-91-A6-4D-A0:Flying Dutchman"
Fri May 20 06:02:41 2022 : Debug: (9) NAS-Port-Type = Wireless-802.11
Fri May 20 06:02:41 2022 : Debug: (9) Service-Type = Framed-User
Fri May 20 06:02:41 2022 : Debug: (9) NAS-Port = 1
Fri May 20 06:02:41 2022 : Debug: (9) Calling-Station-Id = "4C-66-41-41-6E-74"
Fri May 20 06:02:41 2022 : Debug: (9) Connect-Info = "CONNECT 54Mbps 802.11g"
Fri May 20 06:02:41 2022 : Debug: (9) Acct-Session-Id = "6F15CF928BCDE380"
Fri May 20 06:02:41 2022 : Debug: (9) Attr-186 = 0x000fac04
Fri May 20 06:02:41 2022 : Debug: (9) Attr-187 = 0x000fac04
Fri May 20 06:02:41 2022 : Debug: (9) Attr-188 = 0x000fac01
Fri May 20 06:02:41 2022 : Debug: (9) Framed-MTU = 1400
Fri May 20 06:02:41 2022 : Debug: (9) EAP-Message = 0x020d002e190017030300230000000000000004c571bdb9946d356451cfb505a88f37313e5e87f8661b26492ecd35
Fri May 20 06:02:41 2022 : Debug: (9) State = 0x8e3d1b5f8630027ea2a5775956759b52
Fri May 20 06:02:41 2022 : Debug: (9) Message-Authenticator = 0x4db15ef01bc190088166bfe502503fba
Fri May 20 06:02:41 2022 : Debug: (9) Restoring &session-state
Fri May 20 06:02:41 2022 : Debug: (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
Fri May 20 06:02:41 2022 : Debug: (9) &session-state:TLS-Session-Version = "TLS 1.2"
Fri May 20 06:02:41 2022 : Debug: (9) &session-state:User-Name := "username"
Fri May 20 06:02:41 2022 : Debug: (9) # Executing section authorize from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (9) authorize {
Fri May 20 06:02:41 2022 : Debug: (9) policy filter_username {
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name) -> TRUE
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name) {
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ / /) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ / /) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /@[^@]*@/ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /\.\./ ) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /\.\./ ) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /\.$/) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /\.$/) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /@\./) {
Fri May 20 06:02:41 2022 : Debug: No old matches
Fri May 20 06:02:41 2022 : Debug: (9) if (&User-Name =~ /@\./) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) } # if (&User-Name) = notfound
Fri May 20 06:02:41 2022 : Debug: (9) } # policy filter_username = notfound
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: calling preprocess (rlm_preprocess)
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: returned from preprocess (rlm_preprocess)
Fri May 20 06:02:41 2022 : Debug: (9) [preprocess] = ok
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: calling suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (9) suffix: Checking for suffix after "@"
Fri May 20 06:02:41 2022 : Debug: (9) suffix: No '@' in User-Name = "username", looking up realm NULL
Fri May 20 06:02:41 2022 : Debug: (9) suffix: No such realm "NULL"
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: returned from suffix (rlm_realm)
Fri May 20 06:02:41 2022 : Debug: (9) [suffix] = noop
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: calling eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (9) eap: Peer sent EAP Response (code 2) ID 13 length 46
Fri May 20 06:02:41 2022 : Debug: (9) eap: Continuing tunnel setup
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authorize]: returned from eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (9) [eap] = ok
Fri May 20 06:02:41 2022 : Debug: (9) } # authorize = ok
Fri May 20 06:02:41 2022 : Debug: (9) Found Auth-Type = eap
Fri May 20 06:02:41 2022 : Debug: (9) # Executing group from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (9) authenticate {
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authenticate]: calling eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (9) eap: Expiring EAP session with state 0x8e3d1b5f8630027e
Fri May 20 06:02:41 2022 : Debug: (9) eap: Finished EAP session with state 0x8e3d1b5f8630027e
Fri May 20 06:02:41 2022 : Debug: (9) eap: Previous EAP request found for state 0x8e3d1b5f8630027e, released from the list
Fri May 20 06:02:41 2022 : Debug: (9) eap: Peer sent packet with method EAP PEAP (25)
Fri May 20 06:02:41 2022 : Debug: (9) eap: Calling submodule eap_peap to process data
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Continuing EAP-TLS
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Peer sent flags ---
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: [eaptls verify] = ok
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Done initial handshake
Fri May 20 06:02:41 2022 : Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: [eaptls process] = ok
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Session established. Decoding tunneled attributes
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: PEAP state send tlv success
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Received EAP-TLV response
Fri May 20 06:02:41 2022 : Debug: (9) eap_peap: Success
Fri May 20 06:02:41 2022 : Debug: (9) eap: Sending EAP Success (code 3) ID 13 length 4
Fri May 20 06:02:41 2022 : Debug: (9) eap: Freeing handler
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[authenticate]: returned from eap (rlm_eap)
Fri May 20 06:02:41 2022 : Debug: (9) [eap] = ok
Fri May 20 06:02:41 2022 : Debug: (9) } # authenticate = ok
Fri May 20 06:02:41 2022 : Debug: (9) # Executing section post-auth from file /etc/freeradius3/sites-enabled/default
Fri May 20 06:02:41 2022 : Debug: (9) post-auth {
Fri May 20 06:02:41 2022 : Debug: (9) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
Fri May 20 06:02:41 2022 : Debug: (9) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> TRUE
Fri May 20 06:02:41 2022 : Debug: (9) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
Fri May 20 06:02:41 2022 : Debug: (9) update reply {
Fri May 20 06:02:41 2022 : Debug: (9) &User-Name !* ANY
Fri May 20 06:02:41 2022 : Debug: (9) } # update reply = noop
Fri May 20 06:02:41 2022 : Debug: (9) } # if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) = noop
Fri May 20 06:02:41 2022 : Debug: (9) update {
Fri May 20 06:02:41 2022 : Debug: (9) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES128-GCM-SHA256'
Fri May 20 06:02:41 2022 : Debug: (9) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
Fri May 20 06:02:41 2022 : Debug: (9) &reply::User-Name += &session-state:User-Name[*] -> 'username'
Fri May 20 06:02:41 2022 : Debug: (9) } # update = noop
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[post-auth]: calling exec (rlm_exec)
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[post-auth]: returned from exec (rlm_exec)
Fri May 20 06:02:41 2022 : Debug: (9) [exec] = noop
Fri May 20 06:02:41 2022 : Debug: (9) policy remove_reply_message_if_eap {
Fri May 20 06:02:41 2022 : Debug: (9) if (&reply:EAP-Message && &reply:Reply-Message) {
Fri May 20 06:02:41 2022 : Debug: (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
Fri May 20 06:02:41 2022 : Debug: (9) else {
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[post-auth]: calling noop (rlm_always)
Fri May 20 06:02:41 2022 : Debug: (9) modsingle[post-auth]: returned from noop (rlm_always)
Fri May 20 06:02:41 2022 : Debug: (9) [noop] = noop
Fri May 20 06:02:41 2022 : Debug: (9) } # else = noop
Fri May 20 06:02:41 2022 : Debug: (9) } # policy remove_reply_message_if_eap = noop
Fri May 20 06:02:41 2022 : Debug: (9) } # post-auth = noop
Fri May 20 06:02:41 2022 : Debug: (9) Sent Access-Accept Id 199 from 127.0.0.1:1812 to 127.0.0.1:42593 length 0
Fri May 20 06:02:41 2022 : Debug: (9) MS-MPPE-Recv-Key = 0x204d0f4860b8e2565fdac4acc4094b304086498632c38a32c1777a5214e39172
Fri May 20 06:02:41 2022 : Debug: (9) MS-MPPE-Send-Key = 0x814975ac38435a8a45822326f292dbba10d2166703db2dff1acbb2459c0a39bd
Fri May 20 06:02:41 2022 : Debug: (9) EAP-Message = 0x030d0004
Fri May 20 06:02:41 2022 : Debug: (9) Message-Authenticator = 0x00000000000000000000000000000000
Fri May 20 06:02:41 2022 : Debug: (9) User-Name += "username"
Fri May 20 06:02:41 2022 : Debug: (9) Finished request
@ahmar16 any help will be greatly appreciated!