CoA Over TLS (radsec) Support

Alan DeKok aland at
Tue Jan 9 16:08:48 CET 2018

On Jan 9, 2018, at 9:43 AM, Yusuf Güngör <1yusufgungor at> wrote:
> Radius clients who are behind NAT can successfully initiate traffic to
> radius server over freeradius proxy.
> Can radius server initiate traffic for CoA requests to clients which are
> behind NAT over freeradius (via already established TLS connection with the
> clients) ?

  No.  There is no standard specification for this behaviour.  No RADIUS server *or* NAS supports it.

> Does freeradius support CoA-Requests over tls? (RFC 3576 - RFC 5176)

  According to the docs and config files... yes.

> I have found a similar question which sent to mail list at 2014. (
> )
> Can i learn if it is not supported still?

  Feel free to send patches.

  But the larger question is why?  And what NAS supports this?

  You can add this to FreeRADIUS all you want, but nothing else supports it.  So it's a cute idea, but utterly useless in practice.

  Alan DeKok.

More information about the Freeradius-Users mailing list