Chris Parker <[EMAIL PROTECTED]> wrote: > That could be solved by establishing an IPSec tunnel between our radius > and your servers, setting up a direct network connection ( peering point ) > for exchange of radius/authentication traffic, or installing a server > at our colo facility so auth traffic never crosses a third-party network. > > > Anybody making NAS boxes that support IPSec tunnelling? > > Yes, but the number that support IPSec tunneling of radius packets is > about equal to the number that support EAP authentication. :\
I'm curious if there would be any use/interest in hacking FreeRADIUS to "encrypt" packets it's sending to a proxy. Pro: Some minor peace of mind Con: It's only interopable with itself. Con: There's no guarantee that anything we can come up with will be secure or even useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
