Questions about proxying to other servers over TLS

Alan DeKok aland at
Wed Mar 5 17:00:48 CET 2014

stefan.paetow at wrote:
> I have a quick question... Am I correct in saying that if I want to do all my proxying over TLS to another server, I have to define the default realm in /etc/raddb/sites-enabled/tls and comment it out in proxy.conf?

  No.  The files don't matter.  The configuration does.

  You could just make the default home servers use tls.  The realm will
automatically pick that up when you tell it to use the home servers.
But the realm can be defined anywhere.

> And additionally, I have to define the proxy server as a client in the "clients radsec" section and as a server further down in the file? 

  The configuration on the home server has to list the proxy as a client.

  I'm not sure why you'd want to list the same machine as both a client
and a server.  If you're proxying, you list the other machine as a home
server.  If you're the home server, you list the proxy as a client.

  Alan DeKok.

More information about the Freeradius-Users mailing list