how many clients use TCP Radius
Florin Andrei
florin at andrei.myip.org
Wed May 4 03:21:18 CEST 2016
On 2016-05-03 18:07, Alan DeKok wrote:
> On May 3, 2016, at 9:01 PM, Florin Andrei <florin at andrei.myip.org>
> wrote:
>> I can't find even a single example of a client that can connect to a
>> Radius server via TCP.
>
> radclient?
>
>> Not custom-written clients that someone wrote specifically to do that,
>> but devices or apps that are in fairly common use and just employ
>> Radius for authentication.
>
> RADIUS over TCP is not intended to be used by anyone. TLS is better.
I'm sorry, I wasn't clear enough. I'm not looking for a test client. I
was just curious if it's worth the trouble to even think of doing
anything else besides UDP, if almost everybody in the real world uses
UDP. If it was a single FreeRadius frontend that I had to build, it
would be simple enough - I would enable TLS when needed. But I have to
build load balancers and a bunch of other infrastructure, and then I'll
probably have to think beforehand about TCP vs UDP.
If essentially everyone in the real world uses UDP, I'll throw a simple
LVS load balancer (kernel-based) in front of everything. But if there's
a substantial chance I'll stumble upon real world clients that can do
anything besides UDP, then that's a different infrastructure that will
have to be built (different load balancers, etc). I don't have any
control over what clients will be used.
I just don't have any idea what the real world Radius clients can and
cannot do, that's what I'm saying.
--
Florin Andrei
http://florin.myip.org/
More information about the Freeradius-Users
mailing list