Sven Hartge <s...@svenhartge.de> wrote: > Yes, this is kind of weak. And because of this weakness a protocol like > RADsec has been developed, which is essentially > RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole > RADIUS session.
Addition: The first FreeRADIUS version to include native RADsec support will be 3.0. To use it with a version below that, you usually proxy your normal RADIUS request through a software like radsecproxy. But again: this is normally only used between RADIUS servers across a insecure network and not betweens a client (meaning an AP or a modem-server, etc.) and its RADIUS server. Grüße, Sven. -- Sigmentation fault. Core dumped. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html