Secure tunnel to freeradius
Hi We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code. Thanks Rahul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
Does freeradius support RFC 6614 for the same? On Mon, Aug 5, 2013 at 5:07 PM, Rahul Godbole rahulmg1...@gmail.com wrote: Hi We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code. Thanks Rahul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
On 5 Aug 2013, at 12:37, Rahul Godbole rahulmg1...@gmail.com wrote: Hi We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. Um, yes, that'd be EAP. Can someone please tell me whether any such thing is supported in radius? Is yes, it would be great if I you could point me to the corresponding config files and code. eap.conf or mods-available/eap Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
On 5 Aug 2013, at 13:11, Rahul Godbole rahulmg1...@gmail.com wrote: RFC 6614 That's encryption between the NAS and the RADIUS server, and yes FreeRADIUS 3.0 does support radsec. But chances are your NAS doesn't. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
Hi, We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. NAS or supplicant? a supplicant never talks to the RADIUS - its all done via the NAS. there are plenty of options to you - you already have thought about one method - use a VPN (DTLS/IPsec based...up to you) to tunnel the RADIUS though. or , if the NAS can do it, think about RADSEC - FreeRADIUS 3 supports RADSEC and its the way to go unless you want to forget RADIUS and use DIAMETER instead. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
Hi, Does freeradius support RFC 6614 for the same? 'tls' virtual server in HEAD version of FreeRADIUS (currently version 3 in beta) if you NEED to tick to FreeRADIUS 2.x (as you 'need' to secure) - then RADSECProxy can be put in as a brudge between your remote and the FR instance alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure tunnel to freeradius
Rather I need a secure channel between a 802.1x Network Access Device ( like an access point ) and freeradius. On Mon, Aug 5, 2013 at 5:59 PM, a.l.m.bu...@lboro.ac.uk wrote: Hi, We have a a supplicant that is our own box doing client 802.1x authentication using freeradius. We do not establish a TLS/IPSec connection between the supplicant and freeradius. We need to establish a secure channel between the supplicant and freeradius. NAS or supplicant? a supplicant never talks to the RADIUS - its all done via the NAS. there are plenty of options to you - you already have thought about one method - use a VPN (DTLS/IPsec based...up to you) to tunnel the RADIUS though. or , if the NAS can do it, think about RADSEC - FreeRADIUS 3 supports RADSEC and its the way to go unless you want to forget RADIUS and use DIAMETER instead. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html