Hi Alan, Thanks for the quick reply. We have APs which located at different locations. APs are behind nat. Clients authenticated over cloud radius server. But the radius server can not make CoA requests to APs if there is not firewall rules exist. For some reason we can not add firewall rules to forward CoA port to APs. Using the same TLS connection is not a must for us if there exists any other methods to send CoA requests to APs. So, can we use freeradius as proxy to achieve this purpose? Thanks. 9 Oca 2018 6:09 PM tarihinde "Alan DeKok" <aland@deployingradius.com> yazdı: On Jan 9, 2018, at 9:43 AM, Yusuf Güngör <1yusufgungor@gmail.com> wrote:
Radius clients who are behind NAT can successfully initiate traffic to radius server over freeradius proxy.
Can radius server initiate traffic for CoA requests to clients which are behind NAT over freeradius (via already established TLS connection with the clients) ?
No. There is no standard specification for this behaviour. No RADIUS server *or* NAS supports it.
Does freeradius support CoA-Requests over tls? (RFC 3576 - RFC 5176)
According to the docs and config files... yes.
I have found a similar question which sent to mail list at 2014. ( http://lists.freeradius.org/pipermail/freeradius-users/ 2014-June/072715.html )
Can i learn if it is not supported still?
Feel free to send patches. But the larger question is why? And what NAS supports this? You can add this to FreeRADIUS all you want, but nothing else supports it. So it's a cute idea, but utterly useless in practice. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html