[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>
 To:  "Clayton Cannon" <Clayton dot Cannon at neighbortofamily dot org>, "SDamron" <sdamron at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Using a internet based RADIUS server and M0N0WALL
 Date:  Tue, 18 Jul 2006 15:14:32 +0200
Radius protocol just runs over normal UDP and isn't different then a
normal UDP 'connection'

Kind Regards

J.

-- 
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------

> -----Oorspronkelijk bericht-----
> Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> Verzonden: dinsdag 18 juli 2006 14:52
> Aan: SDamron; m0n0wall at lists dot m0n0 dot ch
> Onderwerp: RE: [m0n0wall] Using a internet based RADIUS server and
> M0N0WALL
> 
> I've tried forwarding UDP, TCP and UDP/TCP port 1812 and 1813 to the
AP
> inside the LAN but the m0n0wall is blocking packets of non-udp type
> (radius
> protocol type) coming from the Radius server.  They are not marked as
UDP
> nor TCP and I know on a PIX you have to specify the Radius protocol
just
> as
> you have to do with GRE for PPTP tunnels.  I've even setup a sniffer
on
> the
> Radius server (Windows 2003 box with IAS) and have verified the use of
the
> Radius protocol.  Any ideas?  Thanks.
> 
> 
> -----Original Message-----
> From: SDamron [mailto:sdamron at gmail dot com]
> Sent: Monday, July 17, 2006 7:59 PM
> To: Clayton Cannon
> Subject: Re: [m0n0wall] Using a internet based RADIUS server and
M0N0WALL
> 
> Just allow port 1812 and 1813 upd and tcp.  That generally fixes it.
> 
> On 7/17/06, Clayton Cannon <Clayton dot Cannon at neighbortofamily dot org>
wrote:
> > The firewall is m0n0wall.  The clients attempting to authenticate
are
> WIFI
> clients using an AP which is on the network behind the firewall.  The
> Radius
> server is on the Internet and the AP is to authenticate logins to it.
> Problem is when the Radius server answers, m0n0wall blocks the
> communication
> back to the AP.  I have attempted to make rules to allow the
communication
> but I do not see an option for the Radius protocol to be allowed.
> >
> >
> >
> > ________________________________
> >
> > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > Sent: Mon 7/17/2006 5:24 PM
> > To: Clayton Cannon; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Using a internet based RADIUS server and
> > M0N0WALL
> >
> >
> > Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> > Verzonden: ma 17/07/2006 21:24
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] Using a internet based RADIUS server and
> > M0N0WALL
> >
> > >I have setup a public Radius & CA server which I plan to use to
> > >manage the wifi access of the enterprise I manage.  The problem I
am
> > >having is that the Radius packets keep getting blocked at the
> > >firewall when the Radius server responds to a Radius authentication
> > >attempt.  Has anyone had experience with authenticating LAN clients
> > >with a internet based Radius server or even a central Radius server
> with
> WAN links provided by IpSEC tunnels?
> > >
> >
> > 1) which firewall, the m0n0wall one?
> > 2) can you make a 'image' of your setup?
> >
> > M0n0's CP handles internet radius systems without any problem by
> default.
> >
> > J.
> >
> >
> 
> 
> --
> -------------------------------
> "Nothing on earth can overcome an absolutely non-resistant person."