fix freeradius2 update
This is an installation and usage question so I have moved it.
Freeradius2 and LEDE are both long obsolete-- you should migrate to OpenWrt 19.07.5 and freeradius3.
0.0.0.0 means the server will listen on all IPv4 addresses, which is how services on OpenWrt are usually configured. The firewall can be used to block certain interfaces if required. By default the firewall blocks any incoming request on the WAN port.
client.conf sets up which clients are allowed to connect to your server. RADIUS requests from IPs not specified will be ignored. If the client is local (an AP running on this router), it should use localhost and the 127.0.0.1 loopback network.
As I said before, this is usually what you want rather than a specific IP. The server is listening on all interfaces, which is confirmed by netstat. Requests arriving on 192.168.1.1 will be seen by freeradius and potentially served(*), if the OpenWrt firewall allows it. And if this is your br-lan interface, the default firewall will allow it.
- Though your only allowed client is 127.0.0.1, so freeradius will ignore 192.168.1.X.
- Access from localhost would be broken if you did configure to listen only on 192.168.1.1.
What is not working?
The next step is to attempt to authenticate a client on the AP while radiusd -X is still running, and a whole lot of messages should appear as it serves the request.
I understand your point. but I will associate radiusd with coovachilli
Obviously then coovachilli needs to be properly configured, which is another big messy ball of wax.
If you're starting new with this I'd really really recommend using current versions of OpenWrt, freeradius 3, and chilli.
If something is indeed broken in LEDE, it's not ever going to be fixed. Users are expected to upgrade to current versions. If you find bugs in the current version then something can be done about it.
As a basic security feature, the IP that the client originates the request from needs to be in the freeradius server's whitelist of client IPs.
If chilli and freeradius are running on the same machine usually you would request from localhost to localhost, and not the LAN interface.
(post deleted by author)
It should be like other services: run /etc/init.d/chilli enable once to create a link in /etc/rc.d that will execute on boot.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.