First steps towards RadSec support

Alan DeKok aland at
Sat Sep 19 08:25:33 CEST 2009

Alexander Clouter wrote:
> To me, the proxying of requests, especially EAP, made with FreeRADIUS 
> fits in perfectly with SCTP built in multiplexing....of course it would 
> run against the grain probably with all the UDP session handling 
> malarkey in there already.

  The issue is RADIUS session handling, not UDP session handling.
RADIUS can only have 256 packets between any (src ip/port,  dst ip/port)
key.  This is the same for TCP.

  Since SCTP adds the concept of "connections", where an end host may
have multiple addresses, this actually makes things *worse* for RADIUS,
because of the 256 packet limit.

> Of course, someone needs to produce patches...RFCs...and so on.  As that 
> person is not me...I'll leave that along side with all my other 
> why the IEEE decided that not using Token Ring-esque 
> stuff for wifi was a Good Idea(tm)[1] :-/

  All of the SCTP docs I've read say that converting a TCP application
to SCTP is about as simple as replacing TCP with SCTP in the source code.

  Since FR now has TCP transport... SCTP might not be that difficult.

  Alan DeKok.

More information about the Freeradius-Users mailing list