0

Environment:

  1. Radius Server : FreeRadius
  2. Radius Client : TinyRadius

I am setting up RADIUS server in our organization. I want to secure my RADIUS server so that client needs to provide two things to connect and communicate securely with RADIUS server

  1. Radius Client Secret
  2. Client's certificate. 2 way SSL mutual Authentication.

Does Radius server support the 2 way SSL Authentication of its clients or does it only support Secret Key based authentication? I am using TinyRadius in my test client to connect to FreeRadius server.

I understand the fact that there are a limited number of Radius clients in an enclosed environment, like ours, where each client has its own unique key which it uses to send authentication requests to Radius. But, my concern is to make my Radius server aware that it only processes the requests of its intended clients.

piet.t
  • 11,718
  • 21
  • 43
  • 52
learner
  • 906
  • 2
  • 10
  • 39

1 Answers1

0

Does Radius server support the 2 way SSL Authentication of its clients or does it only support Secret Key based authentication?

As far I know use of SSL is not part of the RADIUS protocol and the shared key is used to secure the communication (RADIUS was meant to be lightweight which ssl is not).

However if you really need that, you may still implement SSL over the TCP (TinyRadius is IMHO relatively easy to extend), on the server side you will need some tls termination (wouldn't an ssh tunnel fulfill the same for you?)

gusto2
  • 11,210
  • 2
  • 17
  • 36