salt-encrypted VSAs?

Bjørn Mork bjorn at
Thu Aug 25 13:08:18 CEST 2005


I was hoping to send a few salt-encrypted VSAs to an ERX using
FreeRADIUS Version 1.0.4, but I can't find any examples of how to do
that.  Is it possible, and if so, how?

The format of the VSAs is documented on

My initial (far fetched) attempt was to modify dictionary.erx like

VENDOR          ERX     4874

ATTRIBUTE       ERX-Virtual-Router-Name                 1       string
ATTRIBUTE       ERX-LI-Action                           58      integer encrypt=1
ATTRIBUTE       ERX-Med-Dev-Handle                      59      string  encrypt=1
ATTRIBUTE       ERX-Med-Ip-Address                      60      ipaddr  encrypt=1
ATTRIBUTE       ERX-Med-Port-Number                     61      integer encrypt=1


VALUE   ERX-LI-Action   off     0
VALUE   ERX-LI-Action   on      1
VALUE   ERX-LI-Action   noop    2

I also tried the other documented encrypt-values, with no success.  As
probably should be expected?  

The ERX seems to just ignore Access-Accept packets with any of these
attributes.  They are not even logged as received.  Not much help

Cisco has a bit better documentation with some examples (but not for
FreeRADIUS) here:

Does anyone have an idea of how to do this with FreeRADIUS? 


More information about the Freeradius-Users mailing list