radius authentication via TCP/TLS

Alexander Clouter alex+freeradius at coremem.com
Thu Jul 2 05:41:29 UTC 2026


On Wed, 1 Jul 2026, at 10:00, Alan Smith via Freeradius-Users wrote:
> I would like to check the use of Radius over TLS on TCP 2083 for some 
> of the clients.

One option is to run a TLS proxy.

Run in one terminal:

socat -d TCP-LISTEN:1812 OPENSSL:192.0.2.1:2083,cafile=...,commonname=...,certificate=...

Then run your RADIUS checks in another with:

printf 'User-Name = bob\nUser-Password = hello\n' | radclient -x -P tcp 127.0.0.1 auth radsec

It is a little 'ghetto', but can help you avoid writing a bunch of Python or running another RADIUS server.

Cheers


More information about the Freeradius-Users mailing list