Secure tunnel to freeradius

A.L.M.Buxey at A.L.M.Buxey at
Mon Aug 5 14:29:07 CEST 2013


>    We have a a supplicant that is our own box doing client 802.1x
>    authentication using freeradius. We do not establish a TLS/IPSec
>    connection between the supplicant and freeradius. We need to establish a
>    secure channel between the supplicant and freeradius.

NAS or supplicant?  a supplicant never talks to the RADIUS - its all done
via the NAS. 

there are plenty of options to you - you already have thought about one
method - use a VPN (DTLS/IPsec based...up to you) to tunnel the RADIUS though.

or , if the NAS can do it, think about RADSEC - FreeRADIUS 3 supports 
RADSEC and its the way to go unless you want to forget RADIUS and use DIAMETER


More information about the Freeradius-Users mailing list