Proxying between RADIUS servers using TLS

Teague, Christopher J. Chris.Teague at mybrighthouse.com
Wed Apr 1 15:44:31 CEST 2015


Sanitized tls.conf from a working Radius TLS Proxy on the latest FR 3.x from GIT. Alan did push out an update which enabled Radius Accounting over TLS a week or two ago.

Alan thanks for your assistance getting this feature working.

==================================================

home_server remote_endpoint1 {
        ipaddr = %ip_addr%
        port = 2083
        type = auth+acct
        secret = secret
        proto = tcp
        status_check = none

        tls {
                private_key_file = ${certdir}/cert.key
                certificate_file = ${certdir}/cert.csrb64.cer
                ca_file = /usr/local/etc/raddb/certs/ca.crt
                dh_file = ${certdir}/dh
                random_file = ${certdir}/random
                fragment_size = 8192
                ca_path = ${cadir}
                cipher_list = "DEFAULT"
        }

}

home_server_pool proxy_endpoint {
                type = fail-over
                home_server = remote_endpoint1
}
home_server_pool tls {
                 type = fail-over
                 home_server = tls
}
realm %realm% {
               auth_pool = proxy_endpoint
               acct_pool = proxy_endpoint
}

=================================================

Chris Teague

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+chris.teague=mybrighthouse.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, April 01, 2015 9:31 AM
To: FreeRadius users mailing list
Subject: Re: Proxying between RADIUS servers using TLS

On Apr 1, 2015, at 9:11 AM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk> wrote:
> So for TLS it should look how?

  Home server pools, and home servers.  This has been in the server since v2.0.0.

  The realm "accthost" config has been deprecated since 2008. :(

  And see raddb/sites-available/tls.  There's complete documentation there.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

________________________________

CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.



More information about the Freeradius-Users mailing list