Skip to main content

Test FreeRADIUS on the ECS task level

If you need to test the new FreeRADIUS ECS tasks manually (e.g. when the new Environmnet is created and Smoke tests are not deployed yet) you can use the steps listed below.


We will be using the ECS Exec so please ensure your machine is configured in line with the prerequisites listed, you can check your machines prerequisites here and you are connected to the VPN.

Get list of the FreeRADIUS tasks

You can check the FreeRADIUS task ID directly from the AWS Console or use following gds-cli command:

gds-cli aws <account-name> --region eu-west-2 -- aws ecs list-tasks --cluster frontend-fargate --service-name load-balanced-frontend

Connect to the FreeRADIUS tasks

Use the task ID obtained in the previous step and run the following command to estabilish ssh session to the task:

gds-cli aws <account-name> -- aws ecs execute-command --cluster frontend-fargate --task one_of_the_task_IDs_from_the_previous_step_here --container frontend-radius --interactive --command "/bin/sh"

Check the healthcheck’s config file name


ls -l /tmp/healthcheckpeap-mschapv2.conf.*

An example output:

-rw-------    1 root     root           393 May 11 13:41 /tmp/healthcheckpeap-mschapv2.conf.erb20230511-20-8hrusp

You need to make a note of the full path of listed filename as it will be used in the command in the next step (e.g. /tmp/healthcheckpeap-mschapv2.conf.erb20230511-20-8hrusp)

Run the Healthcheck test locally

You need to update the command with the name of healtcheck file captured in the previous step:

eapol_test -c /tmp/healthcheckpeap-mschapv2.conf.erb_random_string_here -s $HEALTH_CHECK_RADIUS_KEY


eapol_test -c /tmp/healthcheckpeap-mschapv2.conf.erb20230511-20-8hrusp -s $HEALTH_CHECK_RADIUS_KEY

Desired result output

EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 12 23 45 78 90 12 34 56 ......
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1  mismatch: 0

Healthchecks credential explained

HEALTH_CHECK_IDENTITY and HEALTH_CHECK_PASSWORD secrets are passed to the healtcheck from the Environmnet variables (you can check these using export command in the console).

HEALTH_CHECK_RADIUS_KEY is also passed from the Environmnet variables. It must match the secret injected to the FreeRADIUS configuration in Line 1 of following config file:


This page was last reviewed on 1 August 2023. It needs to be reviewed again on 1 February 2024 by the page owner #govwifi .
This page was set to be reviewed before 1 February 2024 by the page owner #govwifi. This might mean the content is out of date.