EAP-TTLS/EAP-TLS with freeRADIUS

[Sven Hartge]

Sven Hartge <sven at svenhartge.de> wrote:

> Yes, this is kind of weak. And because of this weakness a protocol like
> RADsec has been developed, which is essentially
> RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole
> RADIUS session.

Addition: The first FreeRADIUS version to include native RADsec support
will be 3.0. To use it with a version below that, you usually proxy your
normal RADIUS request through a software like radsecproxy.

But again: this is normally only used between RADIUS servers across a
insecure network and not betweens a client (meaning an AP or a
modem-server, etc.) and its RADIUS server.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.