freeradius proxy with 802.1x termination

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Jan 6 20:40:32 CET 2010


Hi,
> After doing some more digging, I think I am catching onto this... somewhat.
> 
> It sounds like I need to have the Radius Proxy, authenticate the Outer
> Identity of the EAP-TTLS session locally, while the Inner Identity is
> proxied to the Home Radius server.
> 
> I have setup the Outer identity to be Anonymous at outer which is proxied
> to LOCAL, while the Inner identity is @inner and proxied to Home
> Radius.  The problem is that when I run radiusd -x, I never see the
> @outer message, so the @inner is getting forwarded as an EAP, instead
> of only as a MS-CHAP-V2.
> 
> Anyone know what I am overlooking?  I have a crude understanding of
> this entire process at best, I know.  :)

if you only want to deal with the inner 'natively' then you'd probably want
to terminate the EAP on your FreeRADIUS box - ie use inner-tunnel
and then proxy the inner stuff from there. (see the big warnings)

alan



More information about the Freeradius-Users mailing list