FreeRADIUS Proxy+CoA+TLS

Alan DeKok aland at deployingradius.com
Sat Feb 24 01:49:05 CET 2018


> On Feb 23, 2018, at 5:39 PM, Goitom Seyoum via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> My team is evaluating freeradius if we can use it for a project. The
> requirements we have where we see freeradius can be a solution are the
> support of proxy, CoA and TLS.

  FreeRADIUS does all that...

> The network structure looks like:
> 
> AP/Controller <-----LinkA-----> freeradius proxy <-----LinkB----->  cloud
> server
> 
> 
> LinkA uses RADIUS over UDP
> LinkB uses RadSec over TLS
> 
> From cloud server CoA messages will be sent over LinkB.

  Nope.  There's no standard which allows that.  No RADIUS server implements that.

> So far my team has verified the following working:
> 1 - Proxy + TLS
> 2 - Proxy + CoA
> 
> But we are unable to verify Proxy + TLS + CoA, is this supported/possible
> with freeradius?

  It's not possible in *RADIUS*.

> If it is possible, our goal is to use the same LinkB connection/socket that
> was established by the first Access-Request for cloud server initiated CoA
> messages. Is it possible to configure the proxy to listen CoA messages via
> that same socket used for sending auth+acct requests?

  No.

  This was discussed in the IETF.  There was no consensus about how to do this, or whether it was a good idea.

  That being said, we're always happy to accept patches.  This might be possible without too many code changes.

  Alan DeKok.




More information about the Freeradius-Users mailing list