RADIUS
Getting up and running with the Keyless RADIUS appliance on Docker
For use with VPNs, and other Network Access Systems, Keyless provides a Docker container that can be used to authenticate via the RADIUS protocol. The Keyless RADIUS connector is provided in the form of a Docker image. The docker image is provided through a package which builds the image locally through a Dockerfile.
The docker image and all the required configuration parameters are provided to you during your onboarding. If you did not have one or more of these items, please reach out to [email protected].

Networking requirements

The RADIUS connector acts as a RADIUS server towards the VPN and needs to be reachable via UDP on ports 1812-1813 from the VPN servers.
Additionally, the RADIUS server needs to be able to reach TCP port 443 of our backend server. The URL of our backend servers was provided to you during your onboarding. If you do not have the URL, please reach out to [email protected]
Last, the RADIUS server needs to be able to resolve DNS names. Typically, this functionality is provided by the Docker host environment.
If required, the IP of our backend server was also provided during your onboarding process.

Downloading and running the RADIUS connector

As mentioned, a username and a password are required to download the connector. Both the clients.conf configuration file and the startup script is provided in the keyless-radius.zip file which was provided to you during your onboarding.
Create a .env file containing the following parameters provided to you by Keyless
KL_DOMAIN=...
KL_TENANT=...
KL_AUTHORIZATION_HEADER=...
Configure the IP address and shared secret for all your VPN servers in this file
./clients/clients.conf
Build and run the image using the script
./start_keyless_radius.sh

Troubleshooting

If you encounter issues, try the debug mode and please check the logs of the provided connector. You can also stop and delete the connector with the command below.
# Start container in debug mode (-X)
docker run -v /full/path/to/clients:/etc/raddb/clients/ -v /dev/urandom:/dev/random --name keyless-radius -p 1812-1813:1812-1813/udp -d keyless-radius -X
​
# Read logs from container
docker exec -it keyless-radius tail -f /var/log/freeradius/radius.log
​
# Delete, rebuild and restart the container
./start_keyless_radius.sh
​