RadSec is now available

Alan DeKok aland at deployingradius.com
Fri May 13 11:05:36 CEST 2011


  I've pushed changes to the git "master" branch which enable RadSec to
work.

  So far, all I've done is to test the server proxying to itself. i.e.
opening an outgoing radsec connection, then accepting it, and doing TLS.

  Please download && test it.

  For now, it only accepts one type of packet on a RadSec socket, so
doing "auth+acct" is not possible.  That can be fixed later.

  I *believe* that the code is stable.  90% of it is the pre-existing
rlm_eap_tls code, which has been moved to the server core.  The rest is
a bit of "glue" code to tie the TLS code into the sockets.

  The result is that the TLS configuration is *identical* in EAP-TLS and
in RadSec.  Even better, all of the features of EAP-TLS, like
certificate checking, OCSP, etc. are automatically features of RadSec.

  Alan DeKok.



More information about the Freeradius-Devel mailing list