RADSEC is something for the future. Currently it's not recommended so don't worry about it for now.
clients.conf:
clients radsec {
client roaming0.govroam.uk {
ipaddr = 212.219.190.139
proto = tls
secret = radsec
}
client roaming1.govroam.uk {
ipaddr = 212.219.209.43
proto = tls
secret = radsec
}
client roaming2.govroam.uk {
ipaddr = 212.219.247.59
proto = tls
secret = radsec
}
client roaming3.govroam.uk {
ipaddr = 195.194.21.203
proto = tls
secret = radsec
}
}
sites-available/govroam:
listen {
ipaddr = *
port = 2083
type = auth
proto = tcp
clients = radsec
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/<yoursite>-server-cert.pem
certificate_file = ${certdir}/<yoursite>-key.pem
ca_file = ${cadir}/radsecCA-2019.pem
dh_file = ${certdir}/dh
fragment_size = 1071
include_length = yes
cipher_list = "DEFAULT"
cache {
enable = yes
lifetime = 24 # hours
max_entries = 255
}
require_client_cert = yes
verify {
}
}
}
proxy.conf:
realm "~.+$" {
auth_pool = govroam
nostrip
}
home_server_pool govroam {
home_server = roaming0
type = client-port-balance
}
home_server roaming0 {
ipaddr = 212.219.190.139
port = 2083
type = auth
secret = radsec
proto = tcp
status_check = status-server
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/<yoursite>-key.pem
certificate_file = ${certdir}/<yoursite>-client-cert.pem
ca_file = ${cadir}/radsecCA-2019.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
fragment_size = 1071
include_length = yes
cipher_list = "DEFAULT"
}
}