FreeRADIUS Proxy+CoA+TLS
Alan DeKok
aland at deployingradius.com
Sat Feb 24 01:49:05 CET 2018
> On Feb 23, 2018, at 5:39 PM, Goitom Seyoum via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> My team is evaluating freeradius if we can use it for a project. The
> requirements we have where we see freeradius can be a solution are the
> support of proxy, CoA and TLS.
FreeRADIUS does all that...
> The network structure looks like:
>
> AP/Controller <-----LinkA-----> freeradius proxy <-----LinkB-----> cloud
> server
>
>
> LinkA uses RADIUS over UDP
> LinkB uses RadSec over TLS
>
> From cloud server CoA messages will be sent over LinkB.
Nope. There's no standard which allows that. No RADIUS server implements that.
> So far my team has verified the following working:
> 1 - Proxy + TLS
> 2 - Proxy + CoA
>
> But we are unable to verify Proxy + TLS + CoA, is this supported/possible
> with freeradius?
It's not possible in *RADIUS*.
> If it is possible, our goal is to use the same LinkB connection/socket that
> was established by the first Access-Request for cloud server initiated CoA
> messages. Is it possible to configure the proxy to listen CoA messages via
> that same socket used for sending auth+acct requests?
No.
This was discussed in the IETF. There was no consensus about how to do this, or whether it was a good idea.
That being said, we're always happy to accept patches. This might be possible without too many code changes.
Alan DeKok.
More information about the Freeradius-Users
mailing list