Proxy EAP-TLS

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Nov 2 22:49:26 CET 2016


with more recent versions of FR (i believe its in 3.1.x but might be in latest 3.0.x), there are
more TLS check systems - these can be called and the auth proxied to another system

please note, for your EAP-TTLS, you are proxying the inner-tunnel (post EAP termination) to
another server for auth'ing - a client with cryptobinding enabled wont like that...and future clients with EAP-TTLS
may not (I believe the HS2.0 is moving down the root of trust anchor)

alan


More information about the Freeradius-Users mailing list