EAP-TTLS/EAP-TLS with freeRADIUS

[Sven Hartge]

Mr Dash Four <mr.dash.four at googlemail.com> wrote:

>> Addition: The first FreeRADIUS version to include native RADsec
>> support will be 3.0. To use it with a version below that, you usually
>> proxy your normal RADIUS request through a software like radsecproxy.

> Very interesting indeed. How about tunnelling (via ssh for example) -
> is that a similar technique?

Very unusual. Normally, you only control one of two RADIUS servers, one
being the one in your network and the other one being located in some
other organization.

Of course you can create a tunnel between the two servers, but this
would be custom, non-standard setup.

>> But again: this is normally only used between RADIUS servers across a
>> insecure network and not betweens a client (meaning an AP or a
>> modem-server, etc.) and its RADIUS server.

> If there is something I learned about such things, it is that when it
> comes to security issues one can *never* be too careful!

Well, if you cannot trust your own internal network, then you have other
problems than securing your RADIUS authentication.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.