Hi guys I know, there is a documentation page about RadSec: https://www.freeradius.org/documentation/freeradius-server/3.2.8/howto/proto... But I have some general questions about the RadSec implementation on FR 3.2.x, which I think are not answered in the above documentation page: 1. When I want to proxy RADIUS requests to other RADIUS servers over RadSec (TLS/2083): a) do I have to configure the home servers in /etc/freeradius/sites-enabled/tls as well, only in the tls file or only in the proxy.conf? --> I did a test with configuring them only in /etc/freeradius/proxy.conf and the requests were proxied over TLS/2083 to the configured RADIUS proxy servers: home_server xyz-TLS { type = auth+acct ipaddr = 1.2.3.4 proto = tcp port = 2083 secret = radsec tls { private_key_file = ${certdir}/radsec.key certificate_file = ${certdir}/radsec.pem ca_file = ${cadir}/radsec-ca.pem fragment_size = 8192 } response_window = 20 zombie_period = 40 status_check = status-server check_interval = 30 num_answers_to_alive = 3 } b) what about a mixed deployment, where some of the RADIUS proxy / home servers are accessed over RADIUS (UDP/1812) and some others are access over RadSec (TCP/2083)? 2. When I want to answer RADIUS requests from other RADIUS proxy servers over RadSec (TCP/2083): a) do I have to configure the clients in /etc/freeradius/sites-enabled/tls as well or only in the tls file? If only in the tls file, I can remove them from the clients.conf file, correct? b) same as 1.a), what about a mixed deployment; some RADIUS clients are RADIUS (UDP/1812), some are RadSec (TCP/2083)? Thanks and regards Dominic _________________________________ Universität Bern Abteilung Informatikdienste Dominic Stalder Network Engineer Hochschulstrasse 6 CH-3012 Bern Tel. +41 (0)31 684 38 18 dominic.stalder@unibe.ch<mailto:dominic.stalder@unibe.ch> www.id.unibe.ch _________________________________