RADIUS client-server connection across internet

Hans-Christian Esperer hc at hcesperer.org
Fri Oct 11 15:45:50 CEST 2019


On Thu, Oct 10, 2019 at 09:01:08AM -0400, Alan DeKok wrote:
> > My understanding is having a RADIUS server listening directly on the
> > internet would be bad security-wise, and should not be done, is this
> > correct?
> 
>   Yes.

Yes, because the communication between radius server and radius client
(AP, switch,...) would be unencrypted? Or yes, because you consider the
radius server to have a high attack surface and thus should never be
publicly reachable, even though access to it is controlled via the
clients.conf file?

-HC


More information about the Freeradius-Users mailing list