RADIUS client-server connection across internet

Alan DeKok aland at deployingradius.com
Thu Oct 10 15:01:08 CEST 2019

On Oct 10, 2019, at 3:34 AM, Aaron Peschel <aaron.peschel at gmail.com> wrote:
> I'm looking to connect a Point to Site VPN endpoint to a RADIUS server
> across the internet, and I'm looking for some guidance on whether my
> understanding is correct.
> My understanding is having a RADIUS server listening directly on the
> internet would be bad security-wise, and should not be done, is this
> correct?


> Instead, a better architecture would be to connect the RADIUS server and
> client over a secured channel, like a Site to Site VPN connection.


> Is my understanding correct here? Would it be fine to connect a client to
> the server over the internet directly? Is there an alternative simpler
> solution that I am overlooking?

  RADIUS over TLS.  FreeRADIUS supports it, as does radsecproxy.

  Alan DeKok.

More information about the Freeradius-Users mailing list