Is it possible to do Auth, Accounting and COA over single client initiated RADSEC session?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jun 26 10:34:09 CEST 2014
On 26 Jun 2014, at 00:46, Smc Kms <smckms at cleverlittlebunny.com> wrote:
> Dear FreeRadius users and developers.
>
> I'm working on a project where we need client devices to connect to our FreeRadius server over the internet using a single RADSEC connection that each client device would initiate.
>
> We would like all radius traffic to go over this single connection including Auth, Accounting, and COA messages.
Heh, that's kinda cool. So even behind NAT or over a WAN link with a dynamic connection you can still signal the NAS. I can definitely see the utility in that, but I don't think it's currently supported.
You'd have to have internal routing within FreeRADIUS to send the CoA back out, I guess all clients with active connections would become CoA 'home servers'.
> I have been working with the TLS configuration and see that it supports Auth+Acct only, and so far I have not figured out how to get COA messages to go back down the same connection.
> Is this already supported by FreeRadius, and how would I configure my server to support it?
>
> If this is not currently supported, is this a feature that is in consideration for future development?
RFC6614 does not deal with this scenario, so no and probably no, unless you're willing to do the dev work.
If you weren't hoping to take advantage of NAT traversal or the fact that the NAS was connecting inbound to FreeRADIUS, then you can just add the NAS as home servers in different realms, and establish an outbound TCP connection back to the NAS. You should be able to send CoA that way, though the code path probably hasn't been tested.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140626/0d005588/attachment.pgp>
More information about the Freeradius-Users
mailing list