Sven Hartge sven at svenhartge.de
Sun Nov 27 00:12:52 CET 2011

Sven Hartge <sven at svenhartge.de> wrote:

> Yes, this is kind of weak. And because of this weakness a protocol like
> RADsec has been developed, which is essentially
> RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole
> RADIUS session.

Addition: The first FreeRADIUS version to include native RADsec support
will be 3.0. To use it with a version below that, you usually proxy your
normal RADIUS request through a software like radsecproxy.

But again: this is normally only used between RADIUS servers across a
insecure network and not betweens a client (meaning an AP or a
modem-server, etc.) and its RADIUS server.


Sigmentation fault. Core dumped.

More information about the Freeradius-Users mailing list