Starting the freeRADIUS server with the
-X flag will enable verbose logging.
This is managed through the GovWifi Terraform. Due to the volume of transactions on production, enabling this may have an impact on performance.
A better way to use this would be to enable it on staging and to have the client who is having trouble connect to that IP.
Production and staging logs can be found in CloudWatch under
It will contain all the details of the authentication request which can be used to diagnose issues.
You can get help from the FreeRADIUS community by asking questions on their user mailing list.
You will need to sign up before you can ask questions or gain access to the archives.
In order to simulate UDP requests locally, there is a tool called eapol_test.
This is currently used in full-stack automated testing and health checking.
Common error messages
Error: Ignoring request to auth address * port 1812 bound to server default from unknown client
This means that the client isn’t whitelisted by the RADIUS server.
invalid Request Authenticator! (Shared secret is incorrect.)
The server knows the IP but it failed to authenticate with its pre-shared key.