RADIUS service address filtering

For additional security, you may choose to limit access to RADIUS services by entering an IP address for a specific network adapter or by adding a list of IP addresses (such as for VPN servers). This ensures that RADIUS services are not accessed by unauthorized hosts.

To configure address filtering:

Navigate to the config.properties file in the installation folder of the RADIUS application. If the application is installed with the default settings, the path of the file is as follows: C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\user\config\radius\
Open the config.properties file with any text editor.
To limit access to a network adapter, add the following entry to the file and replace the IP address with the IP you wish to use: ragent.network.bind = <IP address> Where <IP address> represents the IP you wish to use. For example, to accept a connection where 10.10.10.110 is the adapter IP address, enter the following: ragent.network.bind = 10.10.10.110
To limit client access, add the following entry to the file and replace the IP address with the IPs you wish to use: ragent.network.accept.allow_list = <IP address>, <IP address>, <IP address> Where <IP address> represents the IP you wish to use. For example, to accept packets from a client using 10.10.10.15, 10.10.10.16, or 10.10.10.17: ragent.network.accept.allow_list=10.10.10.15, 10.10.10.16, 10.10.10.17
Note that ragent.network.accept.white_list was deprecated in RADIUS agent version 2.14.0 and is replaced by ragent.network.accept.allow_list in version 2.14.0 and later.
Save the file and restart the okta-radius service for your changes to take effect.

Next steps

Configure optional client IP reporting

Configure optional Okta group membership information for authorization