...

Currently (10th June 2011) there are some bugs with handling unreachable remote proxies which causes the daemon to die. A few of these have already been dealt with via bug reports but some still lurk. Also, the certificate checking/verification code does not currently work - we hope to be able to verify the certificate issuer and OID as we do with RADIATOR and RadSecProxy. Note that this software only does RADSEC/TLS with TCP - DTLS over UDP is not yet an option. Clients are 'radsec' only and the standard naslist or naslist imported from SQL won't operate with radsec. Include Pagevitalaaa-flrvitalaaa-flr

VitalAAA

To set up a federation-level RADIUS proxy server for VitalAAA you must change the following configuration files:

• server_properties
• method_dispatch
• clients

You must also download the following files from http://www.eduroam.org/downloads/docs/eduroam-cookbookscripts.zip:

• aaa.pf
• error.pf
• proxy.pf
• prepare.pfserver_properties file:

Radius-Acct-Address = "*:1813"
Radius-Auth-Address = "*:1812"
Database-Address = "0"
Radius-CharSet = UTF8
Delimiter-Precedence = "@"
Suffix-Delimiters = "@"

method_dispatch file:

radius             Auth 1             prepare             setWorkingVars
radius             acct 4              aaa                   dropRadiusAcct

clients file

Add the lines with the eduroam proxy server and the local RADIUS servers to the clients file:

192.87.106.34          <eduroam_secret>
130.225.242.109      <eduroam_secret>
<192.168.1.10>                <local_server_secret>
<192.168.1.20>                <local_server_secret>

Gauging your federation's performance

...