My FreeRADIUS server no longer starts since version 3.27-25 & core 199. I use it as an authentication server for a second, pure Wi-Fi router that only serves mobile devices. It has worked perfectly so far. See the log. The Radius server suddenly can no longer read the certificates. I have already renewed the certificates with even longer passwords, but the problem persists. Can I safely revert to an older version (24) of FreeRADIUS?
Hallo @redled
Welcome to the IPFire community.
The update to freeradius-3.2.7 was done in CU197 back in Sept 19th last year.. If FreeRadius was working for you with CU197 and CU198 then the problem can’t be related to an update of FreeRadius.
Looking at the error messages, I did some searching on them and found that other freeradius users were having similar messages after openssl was updated from 3.5.1 to 3.5.2
When FreeRadius was updated to 3.2.7 openssl was updated to 3.5.1
In CU199 openssl was updated from 3.5.1 to 3.5.4 (ie after 3.5.2)
I found an issue report in the FreeRadius github issues and it appears that they had a bug with specifying fips=no rather than -fips in their code and the newer versions of openssl would not accept the fips=no entry..
FreeRadius did a commit to fix this, which was issued in freeradius-3.2.8
I will create a patch to update freeradius to version 3.2.8, which should be able to get into CU200. When that goes into Testing phase it would be good if you can evaluate the update to confirm that the fix from freeradius resolves the issue.
2 Likes
Hallo @bonnietwin ,
thank you very much for your quick help. I found something similar regarding the OpenSSL update. I’ll wait for the test patch and then check that it works =)
Best regards,
Rico
@bonnietwin’s assessment sounds correct. It starts properly but then has an issue with OpenSSL. The two seem to have a love-hate relationship.
1 Like
