EAP-TTLS/EAP-TLS with freeRADIUS
sven at svenhartge.de
Sun Nov 27 00:12:52 CET 2011
Sven Hartge <sven at svenhartge.de> wrote:
> Yes, this is kind of weak. And because of this weakness a protocol like
> RADsec has been developed, which is essentially
> RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole
> RADIUS session.
Addition: The first FreeRADIUS version to include native RADsec support
will be 3.0. To use it with a version below that, you usually proxy your
normal RADIUS request through a software like radsecproxy.
But again: this is normally only used between RADIUS servers across a
insecure network and not betweens a client (meaning an AP or a
modem-server, etc.) and its RADIUS server.
Sigmentation fault. Core dumped.
More information about the Freeradius-Users