dynamic-authorization with TLS

Alan DeKok aland at deployingradius.com
Sun Dec 20 20:15:53 CET 2020

On Dec 20, 2020, at 1:17 PM, murugesh pitchaiah <murugesh.pitchaiah at gmail.com> wrote:
> My understanding is freeradius should receive the coa packets. And then it
> just forwards same to the NAS. Am I right?

  It can do that if you configure it.  See sites-available/coa-relay in recent releases.  You night need to use the v3.0.x branch from GitHub, though.  It has some fixes for CoA and TLS.

> In that case there should be some originator of the coa packets who has TLS
> connection with freeradius server. Please advise if any well known
> application exist.

  No, that's not necessary.  FreeRADIUS can receive packets over plain UDP, and proxy them to the NAS over TLS.

> I see the originate-coa site in freeradius can do same. But not sure if
> that supports TLS.

  See the v3.0.x branch on GitHub.  It has fixes for this.

  Alan DeKok.

More information about the Freeradius-Users mailing list