Communication between hostap and Radius Server (several hops away)
dgdiniz at gmail.com
Wed Mar 24 12:01:41 EDT 2010
Thanks M. Braun. One more question, even with EAP-TTLS the MSK is sent
only with MD5 encryption, with Radius Shared Secret as seed, right?
On Wed, Mar 24, 2010 at 11:19 AM, <michael-dev at fami-braun.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Douglas Diniz schrieb:
>> Hi, I have several terminals with hostap installed. I need to
>> authenticate them in a Radius Server (Freeradius), but the radius
>> server is several hops away from the terminals. Do I need some type of
>> proxy to do this?
> Radius is UDP over IP or IPv6. So as long as your network layer is setup
> correctly (e.g. routing is fine), this should not be a problem.
> If you cannot route directly to the target radius server or if you
> have to split serveral reals to different radius servers, you'll need to
> setup a proxy radius server. This proxy radius server may also serve one
> or more realms on its own, thus it does not need to be a proxy-only server.
>> I also need to encrypt the packets between hostap
>> and freeradius. Someone could give me some directions?
> Regarding user credentials, using EAP with TTLS avoids this.
> For any further needs, just use IPsec or any kind of VPN.
> M. Braun
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
More information about the HostAP