I would second Alex's suggestion. I use socat in a similar fashion to run a Status-Server check for a series of hosts (given that I cannot proxy a Status-Server check). It works fine :-) Kind regards Stefan Paetow Federated Roaming Technical Specialist eduroam(UK), Jisc – 20 years of free Wi-Fi for the UK R&E sector email/teams: stefan.paetow@jisc.ac.uk gpg: 0x3FCE5142 For eduroam support, please contact the eduroam team via help@jisc.ac.uk and mark it for eduroam’s attention. I am not available on Mondays and Fridays between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer). Note: I don’t expect a reply outside of your working hours, since I work internationally with colleagues in different nationalities with different religions, customs, and holidays. Reply when it is convenient for you. Jisc is a registered charity (in England and Wales under charity number 1149740; in Scotland under charity number SC053607) and a company limited by guarantee registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc's registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice From: Freeradius-Users <freeradius-users-bounces+stefan.paetow=jisc.ac.uk@lists.freeradius.org> on behalf of Alexander Clouter via Freeradius-Users <freeradius-users@lists.freeradius.org> Date: Thursday, 2 July 2026 at 06:42 To: Freeradius-Users <freeradius-users@lists.freeradius.org> Cc: Alexander Clouter <alex+freeradius@coremem.com> Subject: Re: radius authentication via TCP/TLS On Wed, 1 Jul 2026, at 10:00, Alan Smith via Freeradius-Users wrote:
I would like to check the use of Radius over TLS on TCP 2083 for some of the clients.
One option is to run a TLS proxy. Run in one terminal: socat -d TCP-LISTEN:1812 OPENSSL:192.0.2.1:2083,cafile=...,commonname=...,certificate=... Then run your RADIUS checks in another with: printf 'User-Name = bob\nUser-Password = hello\n' | radclient -x -P tcp 127.0.0.1 auth radsec It is a little 'ghetto', but can help you avoid writing a bunch of Python or running another RADIUS server. Cheers - List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=05%7C02%7Cstefan.paetow%40jisc.ac.uk%7C7b35b430fec24626bf0908ded7fcb016%7C48f9394d8a144d2782a6f35f12361205%7C0%7C0%7C639185677476220725%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jjJzD1M7yJg86qLLGN9RijCjwW8bKadnHRaYnh1I1UY%3D&reserved=0<http://www.freeradius.org/list/users.html>