Setting up RADIUS authentication and authorisation in a FreeBSD environment

This technical report describes the physical and configurative set up of FreeBSD machines to simulate Remote Authentication Dial-In User Service (RADIUS) authentication and authorisation for the LIFE project. This set up will be used to conduct user identity traffic interception tests. In real-world Point-to-Point (PPP) dial-up connections customers use modems to dial-in to their Internet Service provider (ISP) and access network resources. To initiate dial-up a customer enters their username and password then dials-in to their ISP via a specified telephone number. The dial-up request is directed to an ISP's Network Access Server (NAS). The NAS will not allow the customer to access network resources until they confirm the customer has an account. The NAS contacts a RADIUS server to request authentication of the customer and upon confirming the customer username and password are valid, the customer is allowed to complete their PPP connection. Typically the customer is also allocated an IP address by the RADIUS server. In this report we simulate a user machine initiating a PPP connection to an ISP NAS and having their username and password authenticated by a RADIUS server, upon which they are allowed to access network resources through the NAS. The configuration and set up were kept simple and the accounting feature of RADIUS was not used as it is not important to our aim.