On Wed, May 15, 2002 at 11:54:38AM -0400, Alan DeKok wrote: > > Yes, but the number that support IPSec tunneling of radius packets is > > about equal to the number that support EAP authentication. :\ > > I'm curious if there would be any use/interest in hacking FreeRADIUS > to "encrypt" packets it's sending to a proxy. > > Pro: Some minor peace of mind > > Con: It's only interopable with itself. > > Con: There's no guarantee that anything we can come up with will be > secure or even useful. Let the RADIUS server to be just that. IPSec is network layer protocol and should stay there. Why bloat freeRADIUS server?
Actually, you did a great job and you can extend freeras as you want but, IMHO wouldn't be better to make it more stable. Bug hunting isn't so challenging like adding new features, I know. BTW, it is easy to set-up IPSec tunnel between machine on which RADIUS server running and NAS on most operating systems today. If NAS supports IPSec ;-) Milan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
