I've tried forwarding UDP, TCP and UDP/TCP port 1812 and 1813 to the AP
inside the LAN but the m0n0wall is blocking packets of non-udp type (radius
protocol type) coming from the Radius server. They are not marked as UDP
nor TCP and I know on a PIX you have to specify the Radius protocol just as
you have to do with GRE for PPTP tunnels. I've even setup a sniffer on the
Radius server (Windows 2003 box with IAS) and have verified the use of the
Radius protocol. Any ideas? Thanks.
From: SDamron [mailto:sdamron at gmail dot com]
Sent: Monday, July 17, 2006 7:59 PM
To: Clayton Cannon
Subject: Re: [m0n0wall] Using a internet based RADIUS server and M0N0WALL
Just allow port 1812 and 1813 upd and tcp. That generally fixes it.
On 7/17/06, Clayton Cannon <Clayton dot Cannon at neighbortofamily dot org> wrote:
> The firewall is m0n0wall. The clients attempting to authenticate are WIFI
clients using an AP which is on the network behind the firewall. The Radius
server is on the Internet and the AP is to authenticate logins to it.
Problem is when the Radius server answers, m0n0wall blocks the communication
back to the AP. I have attempted to make rules to allow the communication
but I do not see an option for the Radius protocol to be allowed.
> From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> Sent: Mon 7/17/2006 5:24 PM
> To: Clayton Cannon; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Using a internet based RADIUS server and
> Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> Verzonden: ma 17/07/2006 21:24
> Aan: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: [m0n0wall] Using a internet based RADIUS server and
> >I have setup a public Radius & CA server which I plan to use to
> >manage the wifi access of the enterprise I manage. The problem I am
> >having is that the Radius packets keep getting blocked at the
> >firewall when the Radius server responds to a Radius authentication
> >attempt. Has anyone had experience with authenticating LAN clients
> >with a internet based Radius server or even a central Radius server with
WAN links provided by IpSEC tunnels?
> 1) which firewall, the m0n0wall one?
> 2) can you make a 'image' of your setup?
> M0n0's CP handles internet radius systems without any problem by default.
"Nothing on earth can overcome an absolutely non-resistant person."