Hi Alan another follow-up question about the configuration of RadSec clients: 1a) in the default FreeRADIUS tls configuration is a statement „clients = radsec“ under the listen{} subsection —> this references the clients {} subsection in the same file (/etc/freeradius/sites-available/tls) —> if I configure the clients in /etc/freeradius/clients.conf directly, I can just remove / outcomment the statement „clients = radsec“ and it will just allow / accept all configured clients in clients.conf for RadSec; is this assumption correct? 1b) and if so, will only clients be allowed for RadSec in /etc/freeradius/clients.conf, that have the proto statement configured for tls or tcp (please see next question as well)? *** 2a) in the default FreeRADIUS tls configuration there is a statement „proto = tcp“ under the listen{} subsection, see example below: listen { ipaddr = * port = 2083 # # TCP and TLS sockets can accept Access-Request and # Accounting-Request on the same socket. # # auth = only Access-Request # acct = only Accounting-Request # auth+acct = both # coa = only CoA / Disconnect requests # type = auth+acct # For now, only TCP transport is allowed. proto = tcp 2b) in the FreeRADIUS RadSec configuration example online (https://www.freeradius.org/documentation/freeradius-server/3.2.8/howto/proto...) is an example with „proto = tls“: clients radsec { ... # Direct connections from the test client client radseccli { ipaddr = 172.23.0.2 proto = tls virtual_server = default —> when I configure the „proto = tls“ in the client subsection in /etc/freeradius/clients.conf, the debug states: /etc/freeradius/clients.conf[32]: Client does not have the same TLS configuration as the listener —> when I change this to „proto = tcp“ in the client subsection in /etc/freeradius/clients.conf as well, the FR service is started. *** Thanks for the clarification on this in advance. Regards Dominic