[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: FreeRADIUS Proxy+CoA+TLS
From: Alan DeKok <aland () deployingradius ! com>
Date: 2018-02-24 0:49:05
Message-ID: 47BAEC9A-D4EF-4A5D-9E39-BBBC828E49D2 () deployingradius ! com
[Download RAW message or body]
> On Feb 23, 2018, at 5:39 PM, Goitom Seyoum via Freeradius-Users \
> <freeradius-users@lists.freeradius.org> wrote:
> My team is evaluating freeradius if we can use it for a project. The
> requirements we have where we see freeradius can be a solution are the
> support of proxy, CoA and TLS.
FreeRADIUS does all that...
> The network structure looks like:
>
> AP/Controller <-----LinkA-----> freeradius proxy <-----LinkB-----> cloud
> server
>
>
> LinkA uses RADIUS over UDP
> LinkB uses RadSec over TLS
>
> From cloud server CoA messages will be sent over LinkB.
Nope. There's no standard which allows that. No RADIUS server implements that.
> So far my team has verified the following working:
> 1 - Proxy + TLS
> 2 - Proxy + CoA
>
> But we are unable to verify Proxy + TLS + CoA, is this supported/possible
> with freeradius?
It's not possible in *RADIUS*.
> If it is possible, our goal is to use the same LinkB connection/socket that
> was established by the first Access-Request for cloud server initiated CoA
> messages. Is it possible to configure the proxy to listen CoA messages via
> that same socket used for sending auth+acct requests?
No.
This was discussed in the IETF. There was no consensus about how to do this, or \
whether it was a good idea.
That being said, we're always happy to accept patches. This might be possible \
without too many code changes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic