Radsec with AWS ALB

Fabian11 — Wed, 05 Feb 2025 13:22:19 GMT

Hi everyone,

we are thinking about implementing radsec, but I don't want to have to change the certificated manually, so I'm wondering if I could simply add an AWS application load balancer between our access points and the radius server. Then we could automatically change the certificates and we don't have to change anything on the radius server...

Your thoughts?

Re: Radsec with AWS ALB

mloraditch — Wed, 05 Feb 2025 14:39:49 GMT

I am somewhat confused with what you are describing about manual vs automatic. You still need a complete chain of trust for the connection to be secure all the way through. There are other reasons to want a load balancer, but all items (Dashboard, Load Balancer, Radius Server) need a cert and need to trust the other certs. So the thing that doesn't support automation will still need to be updated.

Are you trying to create a RADSEC connection between just the dashboard and the load balancer and then the load balancer would be having an unencrypted connection to the RADIUS server? I suppose if the load balancer supports that, in theory it would work but I've not heard of that sort of functionality before.

topic Radsec with AWS ALB in Wireless

Radsec with AWS ALB

Re: Radsec with AWS ALB