Then the log that the m0n0wall is having doesn't make any sense to me. It
states that it is blocking the communication even while I have the rule
setup to allow it. Please have a look at these screenshots...
Notice on the firewall log entries, the communication from 22.214.171.124 to
10.10.0.5 is the Radius communication. It is of type UDP but has no port
information. Very strange and sadly very blocked.
From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
Sent: Tuesday, July 18, 2006 9:15 AM
To: Clayton Cannon; SDamron; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Using a internet based RADIUS server and M0N0WALL
Radius protocol just runs over normal UDP and isn't different then a normal
Jonathan De Graeve
jonathan dot de dot graeve at imelda dot be
Always read the manual for the correct way to do things because the number
of incorrect ways to do things is almost infinite
> -----Oorspronkelijk bericht-----
> Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> Verzonden: dinsdag 18 juli 2006 14:52
> Aan: SDamron; m0n0wall at lists dot m0n0 dot ch
> Onderwerp: RE: [m0n0wall] Using a internet based RADIUS server and
> I've tried forwarding UDP, TCP and UDP/TCP port 1812 and 1813 to the
> inside the LAN but the m0n0wall is blocking packets of non-udp type
> (radius protocol type) coming from the Radius server. They are not
> marked as
> nor TCP and I know on a PIX you have to specify the Radius protocol
> you have to do with GRE for PPTP tunnels. I've even setup a sniffer
> Radius server (Windows 2003 box with IAS) and have verified the use of
> Radius protocol. Any ideas? Thanks.
> -----Original Message-----
> From: SDamron [mailto:sdamron at gmail dot com]
> Sent: Monday, July 17, 2006 7:59 PM
> To: Clayton Cannon
> Subject: Re: [m0n0wall] Using a internet based RADIUS server and
> Just allow port 1812 and 1813 upd and tcp. That generally fixes it.
> On 7/17/06, Clayton Cannon <Clayton dot Cannon at neighbortofamily dot org>
> > The firewall is m0n0wall. The clients attempting to authenticate
> clients using an AP which is on the network behind the firewall. The
> Radius server is on the Internet and the AP is to authenticate logins
> to it.
> Problem is when the Radius server answers, m0n0wall blocks the
> communication back to the AP. I have attempted to make rules to allow
> but I do not see an option for the Radius protocol to be allowed.
> > ________________________________
> > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > Sent: Mon 7/17/2006 5:24 PM
> > To: Clayton Cannon; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Using a internet based RADIUS server and
> > M0N0WALL
> > Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> > Verzonden: ma 17/07/2006 21:24
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] Using a internet based RADIUS server and
> > M0N0WALL
> > >I have setup a public Radius & CA server which I plan to use to
> > >manage the wifi access of the enterprise I manage. The problem I
> > >having is that the Radius packets keep getting blocked at the
> > >firewall when the Radius server responds to a Radius authentication
> > >attempt. Has anyone had experience with authenticating LAN clients
> > >with a internet based Radius server or even a central Radius server
> WAN links provided by IpSEC tunnels?
> > >
> > 1) which firewall, the m0n0wall one?
> > 2) can you make a 'image' of your setup?
> > M0n0's CP handles internet radius systems without any problem by
> > J.
> "Nothing on earth can overcome an absolutely non-resistant person."