Cloud Radius Server
Fajar A. Nugraha
list at fajar.net
Thu Sep 27 16:51:46 CEST 2012
On Thu, Sep 27, 2012 at 9:34 PM, Michael Geary
<mgeary at greataukwireless.com> wrote:
> I would be managing the Radius servers hosted by like HostGator or Rackspace
> or someone like that.
>> So the other networks have separate internet connectivity?
>>
>
> Yes, they are located throughout Vermont, New Hampshire and Massachusetts
>> In theory you can solve this with RADSEC. In practice, virtually no NAS
>> supports RADSEC, so you are left with IPSec or some other VPN as an option,
>> or just live with it.
>>
>
> Thank you, I was thinking of connecting them to the internal networks via
> OpenVPN or IPSec
Two last comments from me:
(1) I assume you already have a plan on how to keep your users data
synchronized between the servers?
There are many ways to do this, like db replication, LDAP multi-master
replication, or even plain-old rsync of users file.
Accounting is somewhat similar, but since (depending on your setup)
it's probably easier since you don't have to keep them synchronized.
It might be enough to just pull accounting data from all servers
regularly to do centralized processing.
(2) openvpn is good, but in my experience I had trouble reconnecting
after network failure if openvpn is run on udp (the default). Using
tcp doesn't have this problem (although it introduce other problems,
like longer retries, which in my case was acceptable).
--
Fajar
More information about the Freeradius-Users
mailing list