Preliminary roadmap
Milestone 1: rewrite (radsecproxy 1.8, June 2019) RELEASED
- rewrite supplement attribute
- rewrite modify vendor attribute
- rewrite whitelist
- autodetect status-server capability
Milestone 2: community requested features (radsecproxy 1.9, 05.2021) RELEASED
- specify source address/port per server
- Specify OpenSSL options (Ciphers, Protocol-Version) in tls config
- blocking startup for dynamic discovery
Milestone 3: dynamic discovery (radsecproxy 1.10, Q4 2021)
- internal dns resolver for dynamic discovery TESTING
- server load-balancing
- radius id exhaustion
- server SNI support
Milestone 4: DNS (radsecprox 2.0, Q4 2021)
- delayed dns resolving
- dns updates after startup
- reverify active connections after crl reload if cert has been revoked
- server pooling for dynamic discovery
Milestone 5: systemd integration: (radsecproxy 2.1, 2022)
- config reload
- systemd watchdog
- systemd ready
Misc stuff :
To be implemented whenever required prerequisites are available or specific use-cases apply
- handle multiple client/server certificates, dynamic certificate assignment (subject to openssl support, we might also consider other ssl libraries such as wolfSSL)
- log contents of attributes
- granular logging config
- use tcp/tls connections bidirectionally (send requests in both directions)
RFC 6929: Remote Authentication Dial-In User Service (RADIUS) Protocol Extensions
RFC 7930: Larger Packets for RADIUS over TCP