At 10:22 AM 5/15/2002 -0700, Raghu wrote: >Alan DeKok wrote: > > I'm curious if there would be any use/interest in hacking FreeRADIUS > > to "encrypt" packets it's sending to a proxy. > > > >http://www.ietf.org/internet-drafts/draft-ietf-pppext-eap-ttls-01.txt > >If my understanding is right, EAP-TTLS does just that. >Only after the successful handshake is done, >Radius attributes are passed,encrypted, to perform PAP, CHAP etc
Yes, but that has far less support ( at the moment ) than IPSec and is still draft. :\ You can set IPSec options and policy on a per-socket basis ( at least with *BSD ) via 'setsockopt()' and 'ipsec_set_policy()' calls. So the radius server *could* setup IPSec for specific clients/proxies... *BSD: http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=ipsec_set_policy Solaris: Supported in Solaris8 Linux: http://www.freeswan.org/intro.html Others: ? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
