RADIUS client-server connection across internet

Aaron Peschel aaron.peschel at gmail.com
Thu Oct 10 09:34:57 CEST 2019

I'm looking to connect a Point to Site VPN endpoint to a RADIUS server
across the internet, and I'm looking for some guidance on whether my
understanding is correct.

My understanding is having a RADIUS server listening directly on the
internet would be bad security-wise, and should not be done, is this

Instead, a better architecture would be to connect the RADIUS server and
client over a secured channel, like a Site to Site VPN connection.

Is my understanding correct here? Would it be fine to connect a client to
the server over the internet directly? Is there an alternative simpler
solution that I am overlooking?

Thank you,

-Aaron Peschel

More information about the Freeradius-Users mailing list