RADIUS ports 1812 and 1813 proxing issue

Hi all!
Can you please gave some tips to configure proxy access to my site on 1812 and 1813 RADIUS ports. Our project need client get us on this ports.
Use Pro plan on CloudFlare.
Thank you in advance.

You’d need an Enterprise plan and Spectrum to proxy that, otherwise that won’t work and your records need to be unproxied.

Thanks for quick reply!
Is there any way of workflow so that the web ports are proxied, but the RADIUS ports are not? Now our clients get access to the server’s web pages, but all requests for ports 1812 and 1813 are deleted. Is it possible to bypass them somehow? Processing them (1812 and 1813) by Cloudflare systems is not required.

You can have different hostnames. One for everything HTTP based, another one for these ports.

This is an interesting solution. The domain names of the RADIUS server and the webserver are currently registered on the clients’ equipment and they match. We can change the address of the RADIUS server, though we have to do a lot of manual work on a LOT of equipment. But in the end, if the bad guys do not recognize our RADIUS server hostname, then they will not be able to send spam and carry out DDoS attacks. Cloudflare perfectly protects against this in terms of server addresses, but will bad guys be able to get the real address of our RADIUS server in any way. What do you think?

Well, considering that these hostnames will be unproxied, a simple DNS resolution will certainly show the origin addresses. Of course you can choose names which are not that easily guessable, but that would be still a bit security-through-obscurity.

Do you actually need these servers on DNS? Otherwise you could leave them out altogether and only use them via their IP addresses.

Moving away from domain names and leaving only IP addresses is a great idea. True, it may not be as flexible as a solution with a domain name, but from an “unofficial” domain. If there is a need to reconfigure server addresses, this domain name can help. Thus, if we exclude the possibility of data sniffing in subnets with our equipment, then it will be unrealistic for them to find out the address of the RADIUS server.
Thanks a lot for the tip! You helped a lot.
Best wishes!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.