Terminate TLS and proxy PEAP

fuki lukas.akermann at unifr.ch
Thu Sep 13 11:56:16 CEST 2007




Phil Mayers wrote:
> 
> On Thu, 2007-09-13 at 01:25 -0700, fuki wrote:
> 
> You can certainly terminate the PEAP and still proxy the inner
> EAP-MSCHAP to another radius server; however as far as I am aware,
> FreeRadius doesn't yet have support for the various health state
> attributes, or for that matter >1 set of data inside the PEAP tunnel.
> 
> In particular if you are talking about the Vista built-in health check
> packets, that uses PEAPv2 which FreeRadius doesn't support, and you
> won't be able to terminate.
> 

Yes I'm talking about the Vista build-in health check packets. I used a
packet sniffer to analyze the submitted packets and compared them with the
PEAPv2 specification
(http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10#page-11,
2.1.4. Version Negotiation). According the specification PEAP v0 is used by
Vista, so it should be possible to use FreeRadius as proxy to decrypt the
packages, to analyze the health state (has to be implemented) and to proxy
the inner
EAP-MSCHAP to another radius server?

-- 
View this message in context: http://www.nabble.com/Terminate-TLS-and-proxy-PEAP-tf4434055.html#a12651948
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list