radius authentication via TCP/TLS
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Sat Jul 4 01:33:25 UTC 2026
I would second Alex's suggestion. I use socat in a similar fashion to run a Status-Server check for a series of hosts (given that I cannot proxy a Status-Server check).
It works fine :-)
Kind regards
Stefan Paetow
Federated Roaming Technical Specialist
eduroam(UK), Jisc – 20 years of free Wi-Fi for the UK R&E sector
email/teams: stefan.paetow at jisc.ac.uk
gpg: 0x3FCE5142
For eduroam support, please contact the eduroam team via help at jisc.ac.uk and mark it for eduroam’s attention.
I am not available on Mondays and Fridays between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer).
Note: I don’t expect a reply outside of your working hours, since I work internationally with colleagues in different nationalities with different religions, customs, and holidays. Reply when it is convenient for you.
Jisc is a registered charity (in England and Wales under charity number 1149740; in Scotland under charity number SC053607) and a company limited by guarantee registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc's registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice
From: Freeradius-Users <freeradius-users-bounces+stefan.paetow=jisc.ac.uk at lists.freeradius.org> on behalf of Alexander Clouter via Freeradius-Users <freeradius-users at lists.freeradius.org>
Date: Thursday, 2 July 2026 at 06:42
To: Freeradius-Users <freeradius-users at lists.freeradius.org>
Cc: Alexander Clouter <alex+freeradius at coremem.com>
Subject: Re: radius authentication via TCP/TLS
On Wed, 1 Jul 2026, at 10:00, Alan Smith via Freeradius-Users wrote:
> I would like to check the use of Radius over TLS on TCP 2083 for some
> of the clients.
One option is to run a TLS proxy.
Run in one terminal:
socat -d TCP-LISTEN:1812 OPENSSL:192.0.2.1:2083,cafile=...,commonname=...,certificate=...
Then run your RADIUS checks in another with:
printf 'User-Name = bob\nUser-Password = hello\n' | radclient -x -P tcp 127.0.0.1 auth radsec
It is a little 'ghetto', but can help you avoid writing a bunch of Python or running another RADIUS server.
Cheers
-
List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=05%7C02%7Cstefan.paetow%40jisc.ac.uk%7C7b35b430fec24626bf0908ded7fcb016%7C48f9394d8a144d2782a6f35f12361205%7C0%7C0%7C639185677476220725%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jjJzD1M7yJg86qLLGN9RijCjwW8bKadnHRaYnh1I1UY%3D&reserved=0<http://www.freeradius.org/list/users.html>
More information about the Freeradius-Users
mailing list