Way to verify RADIUS status-server of proxy server over RadSec / TLS
Bjørn Mork
bjorn at mork.no
Fri May 9 15:14:09 UTC 2025
Alan DeKok <aland at deployingradius.com> writes:
>> To be honest, I let this interpret by an AI and this is what the AI
>> told me: "You’re trying to receive UDP packets on port 11812 and send
>> them via TLS/TCP using socat. That conceptually makes sense — it’s
>> what RADIUS-over-TLS (RadSec) does — but unfortunately, RADIUS over
>> TLS is not just “UDP in TLS over TCP”. RadSec uses a specific
>> framing: each RADIUS packet must be prefixed with a 2-byte length
>> field when encapsulated over TCP/TLS (per RFC 6614).“
>
> Please don't use AI for this kind of thing. It's garbage, and it
> lies to you. It's *worse* than doing nothing.
Funny. Wonder if the AI confused RADIUS over TLS with DNS over TCP?
Almost the same, I guess. At least for "intelligence" based on simple
extrapolation. If you know how one UDP based protocol translates to a
stream, then you can guess how all other UDP based protocols translates
to streams.
Bjørn
More information about the Freeradius-Users
mailing list