RADIUS client-server connection across internet
Hans-Christian Esperer
hc at hcesperer.org
Fri Oct 11 15:45:50 CEST 2019
On Thu, Oct 10, 2019 at 09:01:08AM -0400, Alan DeKok wrote:
> > My understanding is having a RADIUS server listening directly on the
> > internet would be bad security-wise, and should not be done, is this
> > correct?
>
> Yes.
Yes, because the communication between radius server and radius client
(AP, switch,...) would be unencrypted? Or yes, because you consider the
radius server to have a high attack surface and thus should never be
publicly reachable, even though access to it is controlled via the
clients.conf file?
-HC
More information about the Freeradius-Users
mailing list