Currently (10th June 2011) there are some bugs with handling unreachable remote proxies which causes the daemon to die. A few of these have already been dealt with via bug reports but some still lurk. Also, the certificate checking/verification code does not currently work - we hope to be able to verify the certificate issuer and OID as we do with RADIATOR and RadSecProxy. Note that this software only does RADSEC/TLS with TCP - DTLS over UDP is not yet an option. Clients are 'radsec' only and the standard naslist or naslist imported from SQL won't operate with radsec.
To set up a federation-level RADIUS proxy server for VitalAAA you must change the following configuration files:
You must also download the following files from http://www.eduroam.org/downloads/docs/eduroam-cookbookscripts.zip:
Radius-Acct-Address = "*:1813" Radius-Auth-Address = "*:1812" Database-Address = "0" Radius-CharSet = UTF8 Delimiter-Precedence = "@" Suffix-Delimiters = "@"
radius Auth 1 prepare setWorkingVars radius acct 4 aaa dropRadiusAcct
Add the lines with the eduroam proxy server and the local RADIUS servers to the clients file:
22.214.171.124 <eduroam_secret> 126.96.36.199 <eduroam_secret> <192.168.1.10> <local_server_secret> <192.168.1.20> <local_server_secret>
Gauging your federation's performance