[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: FreeRADIUS Proxy+CoA+TLS
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2018-02-24 0:49:05
Message-ID: 47BAEC9A-D4EF-4A5D-9E39-BBBC828E49D2 () deployingradius ! com
[Download RAW message or body]


> On Feb 23, 2018, at 5:39 PM, Goitom Seyoum via Freeradius-Users \
> <freeradius-users@lists.freeradius.org> wrote: 
> My team is evaluating freeradius if we can use it for a project. The
> requirements we have where we see freeradius can be a solution are the
> support of proxy, CoA and TLS.

  FreeRADIUS does all that...

> The network structure looks like:
> 
> AP/Controller <-----LinkA-----> freeradius proxy <-----LinkB----->  cloud
> server
> 
> 
> LinkA uses RADIUS over UDP
> LinkB uses RadSec over TLS
> 
> From cloud server CoA messages will be sent over LinkB.

  Nope.  There's no standard which allows that.  No RADIUS server implements that.

> So far my team has verified the following working:
> 1 - Proxy + TLS
> 2 - Proxy + CoA
> 
> But we are unable to verify Proxy + TLS + CoA, is this supported/possible
> with freeradius?

  It's not possible in *RADIUS*.

> If it is possible, our goal is to use the same LinkB connection/socket that
> was established by the first Access-Request for cloud server initiated CoA
> messages. Is it possible to configure the proxy to listen CoA messages via
> that same socket used for sending auth+acct requests?

  No.

  This was discussed in the IETF.  There was no consensus about how to do this, or \
whether it was a good idea.

  That being said, we're always happy to accept patches.  This might be possible \
without too many code changes.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]