RADIUS service address filtering

For additional security, you may choose to limit access to RADIUS services by entering an IP address for a specific network adapter or by adding a list of IP addresses (such as for VPN servers). This ensures that RADIUS services are not accessed by unauthorized hosts.

To configure address filtering:

  1. Navigate to the config.properties file in the installation folder of the RADIUS application. If the application is installed with the default settings, the path of the file is as follows:

    C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\user\config\radius\ 

  2. Open the config.properties file with any text editor.
  3. To limit access to a network adapter, add the following entry to the file and replace the IP address with the IP you wish to use:

    ragent.network.bind = <IP address>

    Where <IP address> represents the IP you wish to use. For example, to accept a connection where 10.10.10.110 is the adapter IP address, enter the following:

    ragent.network.bind = 10.10.10.110 

  4. To limit client access, add the following entry to the file and replace the IP address with the IPs you wish to use:
    ragent.network.accept.allow_list = <IP address>, <IP address>, <IP address>
    Where <IP address> represents the IP you wish to use. For example, to accept packets from a client using 10.10.10.15, 10.10.10.16, or 10.10.10.17:

    ragent.network.accept.allow_list=10.10.10.15, 10.10.10.16, 10.10.10.17

    Please note as of RADIUS agent v2.14.0 ragent.network.white_list has been deprecated and replaced with ragent.network.allow_list.

  5. Save the file and restart the okta-radius service for your changes to take effect.