RADIUS client-server connection across internet
alan.buxey at gmail.com
Sun Oct 13 12:50:25 CEST 2019
In systems like eduroam is expected that yes, the local wireless
infrastructure (or usually just the controller's) can talk to the RADIUS
server, just add is the case for broadband routers we they can all talk to.
But on the internet public facing side is expected that the RADIUS server
only has remote access to/from the national radius proxy servers for that
Obviously that changes with RADSEC but then it's all better encrypted so ...
For local attacks, most wireless vendors have pretty good controls to
stop/limit attacks (eg password ones) in the EAP authentication channel
More information about the Freeradius-Users