Secure tunnel to freeradius
Hi We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code. Thanks Rahul
Does freeradius support RFC 6614 for the same? On Mon, Aug 5, 2013 at 5:07 PM, Rahul Godbole <rahulmg1983@gmail.com> wrote:
Hi
We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius.
Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code.
Thanks Rahul
On 5 Aug 2013, at 13:11, Rahul Godbole <rahulmg1983@gmail.com> wrote:
RFC 6614
That's encryption between the NAS and the RADIUS server, and yes FreeRADIUS 3.0 does support radsec. But chances are your NAS doesn't. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
Hi,
Does freeradius support RFC 6614 for the same?
'tls' virtual server in HEAD version of FreeRADIUS (currently version 3 in beta) if you NEED to tick to FreeRADIUS 2.x (as you 'need' to secure) - then RADSECProxy can be put in as a brudge between your remote and the FR instance alan
On 5 Aug 2013, at 12:37, Rahul Godbole <rahulmg1983@gmail.com> wrote:
Hi
We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius.
Um, yes, that'd be EAP.
Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code.
eap.conf or mods-available/eap Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
Hi,
We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius.
NAS or supplicant? a supplicant never talks to the RADIUS - its all done via the NAS. there are plenty of options to you - you already have thought about one method - use a VPN (DTLS/IPsec based...up to you) to tunnel the RADIUS though. or , if the NAS can do it, think about RADSEC - FreeRADIUS 3 supports RADSEC and its the way to go unless you want to forget RADIUS and use DIAMETER instead. alan
Rather I need a secure channel between a 802.1x Network Access Device ( like an access point ) and freeradius. On Mon, Aug 5, 2013 at 5:59 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius.
NAS or supplicant? a supplicant never talks to the RADIUS - its all done via the NAS.
there are plenty of options to you - you already have thought about one method - use a VPN (DTLS/IPsec based...up to you) to tunnel the RADIUS though.
or , if the NAS can do it, think about RADSEC - FreeRADIUS 3 supports RADSEC and its the way to go unless you want to forget RADIUS and use DIAMETER instead.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Arran Cudbard-Bell -
Rahul Godbole