RADIUS service address filtering
For additional security, you may choose to limit access to RADIUS services by entering an IP address for a specific network adapter or by adding a list of IP addresses (such as for VPN servers). This ensures that RADIUS services are not accessed by unauthorized hosts.
To configure address filtering:
- Navigate to the
config.propertiesfile in the installation folder of the RADIUS application. If the application is installed with the default settings, the path of the file is as follows:C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\user\config\radius\ - Open the
config.propertiesfile with any text editor. - To limit access to a network adapter, add the following entry to the file and replace the IP address with the IP you wish to use:
Whereragent.network.bind = <IP address><IP address>represents the IP you wish to use. For example, to accept a connection where10.10.10.110is the adapter IP address, enter the following:ragent.network.bind = 10.10.10.110 - To limit client access, add the following entry to the file and replace the IP address with the IPs you wish to use:
Whereragent.network.accept.allow_list = <IP address>, <IP address>, <IP address><IP address>represents the IP you wish to use. For example, to accept packets from a client using 10.10.10.15, 10.10.10.16, or 10.10.10.17:ragent.network.accept.allow_list=10.10.10.15, 10.10.10.16, 10.10.10.17Note that
ragent.network.accept.white_listwas deprecated in RADIUS agent version 2.14.0 and is replaced byragent.network.accept.allow_listin version 2.14.0 and later. - Save the file and restart the
okta-radiusservice for your changes to take effect.