Modify

Opened 4 years ago

Last modified 21 months ago

#16969 new defect

WPAD/Radius:EAP/PEAP/TLS/TTLS problems

Reported by: anonymous Owned by: developers
Priority: highest Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: eap radius Cc:

Description

Situation:
Model TP-Link TL-WR1043N/ND v2
Firmware Version OpenWrt Barrier Breaker r41293 / LuCI Trunk (svn-r10375)

Three identical pieces of hardware as above.
Vlans in place and virtual access points running.
Freeradius on pfsense - configuration well tested and proven.

opkg update
opkg remove wpad-mini
opkg install wpad
wifi

-> works

Error Situation - reproducible:
reboot any of the three routers
after that any VAP/WPA2-APs will work fine, while authentication requests from clients of radius authenticated /wpa2 don't get forwarded any longer:

An ubuntu client says:
Jul 2 18:56:42 telos NetworkManager[1025]: <warn> Activation (wlan0/wireless): association took too long.

The pfsense log does not show up anything regarding radius...

SSH to any TL-WR1043N v2 -> execute wifi -> works again.

Could it be, that this crippled wpad-mini gets started instead of wpad-full from overlayfs?

I plea for removal of wpad-mini. Replace it with wpad by default.

Thnx

Attachments (0)

Change History (5)

comment:1 Changed 3 years ago by anonymous2

I can confirm that using the same hardware in the same scenario resulted in a delayed then failed authentication using WPA2-Enterprise.

comment:2 Changed 22 months ago by anonymous

I'm now seeing this in freeradius2-2.2.8-2, on OpenWRT 15.05.1 Chaos Calmer, on an ar71xx router. My clients are wpad on localhost and wpad on another router across the network.

When radiusd starts, it runs correctly for a while and responds to requests. After some indeterminate time, it suddenly starts taking 100% CPU time and not responding to one or both of my Radius clients.

I try launching radiusd with -x -xx, and it reveals that, after some time, with no obvious prelude, it will suddenly emit a constant stream of:
Info: Ready to process requests.
After up to a few seconds of thousands of these messages, the logger stops in the middle of a line, and doesn't show any more messages. After an hour or so, the logger comes back, and the log fills with more of these:
Info: Ready to process requests.

comment:3 Changed 22 months ago by anonymous

anonymous from 10 hours ago here:

This problem is also somewhat inconsistent. freeradius2-2.2.8-2 on OpenWRT 15.05 did not have this problem on my router. Then I installed freeradius2-2.2.9-1 from git master, and so far, 8 hours later, it hasn't blown up.

Here is a copy of the log lines from shortly before it goes haywire:
Mon Apr 25 21:57:42 2016 : Info: Finished request 211.
Mon Apr 25 21:57:42 2016 : Debug: Going to the next request
Mon Apr 25 21:57:42 2016 : Debug: Thread 2 waiting to be assigned a request
Mon Apr 25 21:57:42 2016 : Debug: Waking up in 0.6 seconds.
Mon Apr 25 21:57:43 2016 : Debug: Waking up in 3.2 seconds.
Mon Apr 25 21:57:46 2016 : Info: Cleaning up request 201 ID 119 with timestamp +8261
Mon Apr 25 21:57:46 2016 : Debug: Waking up in 0.6 seconds.
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 202 ID 120 with timestamp +8261
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 203 ID 121 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 204 ID 122 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 205 ID 123 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 206 ID 124 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 207 ID 125 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 208 ID 126 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 209 ID 127 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 210 ID 128 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Cleaning up request 211 ID 129 with timestamp +8262
Mon Apr 25 21:57:47 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.
Mon Apr 25 22:08:46 2016 : Info: Ready to process requests.

comment:4 Changed 22 months ago by anonymous

Oh never mind. Now it's exploded.

comment:5 Changed 21 months ago by anonymous

It looks like something in FreeRADIUS is extremely fragile.
http://lists.freeradius.org/pipermail/freeradius-users/2015-December/081448.html

So far, with 2.2.9-1 on OpenWRT 15.05.1, I have tried using separate RADIUS processes to listen to localhost and Ethernet, and I tried disabling threads. Each time, the localhost copy keeps running, but after some time, usually many hours, the Ethernet copy goes into an infinite loop and stops responding.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.