how many clients use TCP Radius

Florin Andrei florin at andrei.myip.org
Wed May 4 03:01:38 CEST 2016


On 2016-05-03 17:56, Alan DeKok wrote:
> On May 3, 2016, at 8:45 PM, Florin Andrei <florin at andrei.myip.org> 
> wrote:
>> 
>> What clients actually use Radius over TCP? I can't find anything out 
>> there that's widely deployed and can query a Radius server over TCP. 
>> E.g. the Cisco documentation for routers, etc. seems to indicate that 
>> they only do UDP.
> 
>   Most things only do UDP.
> 
>> The reason why I'm asking - I'm looking into setting up authentication 
>> for a variety of clients, with Radius used as a transport protocol, 
>> and I'm wondering if it's worth the trouble to even think about 
>> enabling TCP, or promising I could offer TCP.
> 
>   Don't use TCP.  Use TLS over TCP.  The RADIUS over TCP RFC says this
> explicitly.

Yup. I was looking at Radsec the other day. The problem is, if a lot of 
clients out there only do UDP, then Radsec is not really an option, 
unfortunately.

I can't find even a single example of a client that can connect to a 
Radius server via TCP. Not custom-written clients that someone wrote 
specifically to do that, but devices or apps that are in fairly common 
use and just employ Radius for authentication.

-- 
Florin Andrei
http://florin.myip.org/


More information about the Freeradius-Users mailing list