Communication between hostap and Radius Server (several hops away)

Douglas Diniz dgdiniz
Wed Mar 24 09:01:41 PDT 2010

Thanks M. Braun. One more question, even with EAP-TTLS the MSK is sent
only with MD5 encryption, with Radius Shared Secret as seed, right?


On Wed, Mar 24, 2010 at 11:19 AM,  <michael-dev at> wrote:
> Hash: SHA1
> Hi,
> Douglas Diniz schrieb:
>> Hi, I have several terminals with hostap installed. I need to
>> authenticate them in a Radius Server (Freeradius), but the radius
>> server is several hops away from the terminals. Do I need some type of
>> proxy to do this?
> Radius is UDP over IP or IPv6. So as long as your network layer is setup
> correctly (e.g. routing is fine), this should not be a problem.
> If you cannot route directly to the target radius server or if you
> have to split serveral reals to different radius servers, you'll need to
> setup a proxy radius server. This proxy radius server may also serve one
> or more realms on its own, thus it does not need to be a proxy-only server.
>> I also need to encrypt the packets between hostap
>> and freeradius. Someone could give me some directions?
> Regarding user credentials, using EAP with TTLS avoids this.
> For any further needs, just use IPsec or any kind of VPN.
> Regards
> ?M. Braun
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAkuqH38ACgkQja4h02Y9mlfQwQCeMnpwvHPQQZUjno6zYxqAZm2+
> W1sAnjT0a4r9eBS/0nQ4tGFjwRkd1Z0K
> =ILgW

More information about the Hostap mailing list