RADIUS client-server connection across internet
Alan DeKok
aland at deployingradius.com
Thu Oct 10 15:01:08 CEST 2019
On Oct 10, 2019, at 3:34 AM, Aaron Peschel <aaron.peschel at gmail.com> wrote:
>
> I'm looking to connect a Point to Site VPN endpoint to a RADIUS server
> across the internet, and I'm looking for some guidance on whether my
> understanding is correct.
>
> My understanding is having a RADIUS server listening directly on the
> internet would be bad security-wise, and should not be done, is this
> correct?
Yes.
> Instead, a better architecture would be to connect the RADIUS server and
> client over a secured channel, like a Site to Site VPN connection.
Yes.
> Is my understanding correct here? Would it be fine to connect a client to
> the server over the internet directly? Is there an alternative simpler
> solution that I am overlooking?
RADIUS over TLS. FreeRADIUS supports it, as does radsecproxy.
Alan DeKok.
More information about the Freeradius-Users
mailing list