Govroam

The Roaming solution for the public sector

User Tools

Site Tools


siteadmin:freeradius_radsec_configuration

RADSEC is something for the future. Currently it's not recommended so don't worry about it for now.

clients.conf:

clients radsec {
    client roaming0.govroam.uk {
        ipaddr = 212.219.190.139
        proto = tls
        secret = radsec
    }
    client roaming1.govroam.uk {
        ipaddr = 212.219.209.43
        proto = tls
        secret = radsec
    }
    client roaming2.govroam.uk {
        ipaddr = 212.219.247.59
        proto = tls
        secret = radsec
    }
    client roaming3.govroam.uk {
        ipaddr = 195.194.21.203
        proto = tls
        secret = radsec
    }
}

sites-available/govroam:

       listen {
           ipaddr = *
           port = 2083
           type = auth
        
           proto = tcp
        
           clients = radsec
        
           tls {
               certdir = ${confdir}/certs
               cadir = ${confdir}/certs
        
               private_key_password = whatever
               private_key_file = ${certdir}/<yoursite>-server-cert.pem
               certificate_file = ${certdir}/<yoursite>-key.pem
               ca_file = ${cadir}/radsecCA-2019.pem
               dh_file = ${certdir}/dh
               fragment_size = 1071
               include_length = yes
               cipher_list = "DEFAULT"
               cache {
                     enable = yes
                     lifetime = 24 # hours
                     max_entries = 255
               }

               require_client_cert = yes
               verify {
               }
           }
        }

proxy.conf:

realm "~.+$" {
    auth_pool = govroam
    nostrip
}

home_server_pool govroam {
    home_server = roaming0
    type = client-port-balance
}

home_server roaming0 {
    ipaddr = 212.219.190.139
    port = 2083
    type = auth
    secret = radsec
    proto = tcp
    status_check = status-server
 
    tls {
        certdir = ${confdir}/certs
        cadir = ${confdir}/certs
 
        private_key_password = whatever
        private_key_file = ${certdir}/<yoursite>-key.pem
        certificate_file = ${certdir}/<yoursite>-client-cert.pem
        ca_file = ${cadir}/radsecCA-2019.pem
 
        dh_file = ${certdir}/dh
        random_file = ${certdir}/random
        fragment_size = 1071
        include_length = yes
        cipher_list = "DEFAULT"                                                           
    }                                                                                     
                                                                                          
}                                                                                         
siteadmin/freeradius_radsec_configuration.txt · Last modified: 2023/04/05 12:00 by admin