8 Jan
2018
8 Jan
'18
7:47 a.m.
Hi Yusuf,
On 05.01.18 14:13, Yusuf Güngör wrote:
Radius clients who are behind NAT can successfully initiate traffic to radius server over radsecproxy. Can radius server initiate traffic for CoA requests to clients which are behind NAT over radsecproxy(via already established TLS connection with the clients)?
Radsecproxy does not support CoA requests/responses at all; neither plain UDP nor TLS. After a quick glance at that RFC, I doubt CoA is well suited for proxies, as each proxy would have to know each and every NAS by its identifier or IP address. This simply doesn't scale.
A side note: RFC 3576 was obsoleted by RFC 5176
Best regards, Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle@switch.ch, www.switch.ch