What proxy features does the freeradius server support?

Alan DeKok aland at deployingradius.com
Thu Oct 19 20:28:21 CEST 2017

On Oct 19, 2017, at 2:23 PM, work vlpl <thework.vlpl at gmail.com> wrote:
> Hello,
> I want to implement the following proxy scenario:
> 1. User send request with eap-ttls or eap-tls or peap-mschapv2.
> 2. Proxy freeradius server analyze this requeset
> 3. If username from these request has custom radius attribute which
> determines whether the request should be sent to.

  If the request has a custom attribute, then it doesn't matter what EAP type is being used.

> 4. Send original or new request with the same type as original, to the
> home server

  The server proxies packets as-is.  It doesn't change EAP types.

> 5. If home server return Accept, Accept- user, if no - reject.

  That's how proxying works.

> And I want to know is this possible or not ? If yes please give me
> some example. The protocols are eap-tls; eap-ttls; peap-mschapv2;

  It's not clear exactly what you're looking for.  If you want to proxy on a RADIUS attribute such as Calling-Station-Id, just do:

	if (Calling-Station-ID == "value") {
		update control {
			Proxy-To-Realm := "realm_name"

  That's really it.

  All of this is documented.

  Alan DeKok.

More information about the Freeradius-Users mailing list