First of all thanks to everybody. I know that vpn (in my situation I use AES in esp and ike) is a perfect (about) solution. In my infrastructure vpn authenticates machines/computer/box (network card) and radius authenticates users. Can I made an eap/tls connction above a vpn? That is before I create an ipsec connction and after I made up a eap/tls? I don't think so because vpn works at layer 3 and eap at layer 2...is exactly?
Java support ssl (JSSE), is it hard/difficult made a java-client with ssl that talk with a radius server? Bye, -> more security that what an IPSEC VPN provides? This brings me back to -> Alans question: what exactly are you trying to secure here? The Radius -> packets between the NAS and the server? something between the user and -> the NAS? What the endpoints of the VPN that you are currently using? -> -> Openssl works with C & C++ and you can run SSL without a browser -> (thats what even EAP-TLS/TTLS and PEAP do). Dont know much^H^H^H^H -> anything about SSL support in Java or running Java/xml apps without -> a browser! ~~~~~~~~~~~~~~~ Rudi Verago [vLAiN] [EMAIL PROTECTED] ~~~~~~~~~~~~~~~ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
