Sanitized tls.conf from a working Radius TLS Proxy on the latest FR 3.x from GIT. Alan did push out an update which enabled Radius Accounting over TLS a week or two ago. Alan thanks for your assistance getting this feature working. ================================================== home_server remote_endpoint1 { ipaddr = %ip_addr% port = 2083 type = auth+acct secret = secret proto = tcp status_check = none tls { private_key_file = ${certdir}/cert.key certificate_file = ${certdir}/cert.csrb64.cer ca_file = /usr/local/etc/raddb/certs/ca.crt dh_file = ${certdir}/dh random_file = ${certdir}/random fragment_size = 8192 ca_path = ${cadir} cipher_list = "DEFAULT" } } home_server_pool proxy_endpoint { type = fail-over home_server = remote_endpoint1 } home_server_pool tls { type = fail-over home_server = tls } realm %realm% { auth_pool = proxy_endpoint acct_pool = proxy_endpoint } ================================================= Chris Teague -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+chris.teague=mybrighthouse.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, April 01, 2015 9:31 AM To: FreeRadius users mailing list Subject: Re: Proxying between RADIUS servers using TLS On Apr 1, 2015, at 9:11 AM, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
So for TLS it should look how?
Home server pools, and home servers. This has been in the server since v2.0.0. The realm "accthost" config has been deprecated since 2008. :( And see raddb/sites-available/tls. There's complete documentation there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.