From hvn at open.com.au Mon Sep 29 11:07:43 2025 From: hvn at open.com.au (Heikki Vatiainen) Date: Mon, 29 Sep 2025 14:07:43 +0300 Subject: [RADIATOR] Radiator Version 4.30 released - new features, enhancements and bug fixes Message-ID: <1ed6ec3b-558a-44c0-846c-22fde7f67ccd@open.com.au> We are pleased to announce the release of Radiator version 4.30 This version contains support for RADIUSdesk, some new features, enhancements and bug fixes. See below for the details. https://radiatorsoftware.com/radiator-4-30-released/ As usual, the new version is available to current licensees and evaluators from: https://radiatorsoftware.com/downloads/ Licensees with expired access contracts can renew at: https://radiatorsoftware.com/renewal-order/ Meet Radiator The Radiator team will be attending multiple industry events in October: Wireless Global Congress EMEA and Network X in Paris, and WPLC in Prague. See you there! https://radiatorsoftware.com/meet-radiator-at-wgc-paris-network-x-and-wlpc-prague/ Radiator Core case study Check out the new case study from the Radiator Core deployment we did for Elisa, tier 1 operator in Finland: https://radiatorsoftware.com/radiator-case-study-elisa/ An extract from the history file https://radiatorsoftware.com/products/radiator/history/ is below: ----------------------------- Revision 4.30 (2025-09-26) major Radius protocol security fix, some new features, enhancements and bug fixes Selected compatibility notes, enhancements and fixes Support RedHat Enterprise Linux 10 and its derivatives. Support RADIUSdesk, a powerful and user-friendly RADIUS management platform. Unisphere-Act-Data-Rate-Dn and Unisphere-Ipv6-Acct-Input-Packets were missing from the default RADIUS dictionary and Unisphere-Act-Data-Rate-Up and Unisphere-Ipv6-Acct-Output-Octets, respectively, were used as the attribute names instead. Other major updates to VENDOR 4874 Unisphere ERX attributes. Time::Piece Perl module is now required. This module is included in the Perl core distribution. EAP-pwd now requires Net::SSLeay. Known caveats and other notes TLSv1.3 remains disabled by default for TLS based EAP methods and Stream based classes, such as RadSec. TLSv1.3 testing reports are welcome. EAP-FAST needs Net::SSLeay 1.94 or later to function correctly with OpenSSL 1.1.1 and later. Radiator 5.0 will remove obsolete modules, update some default parameters, enable TLSv1.3 when possible and add a number of TLS and other updates. Release 5 is in preparation but may not be the next release yet. Detailed changes Support Server Name Indication (SNI) configuration with AuthBy RADSEC. New string parameter TLS_SNIHostname can be configured within AuthBy RADSEC for all Hosts or separately for each Host. Requested by Stefan Paetow. Update ServerHTTP support and other information help texts. Update Juniper's VENDOR 4874 attribute list with JUNOS_v18-4.dct and Juniper web site attribute lists. Several new attributes are added, such as Unisphere-Deactivate-Service. Some attributes have new alias names that match the currently documented names. Add to goodies dictionary files named dictionary.juniper-4874-erx and dictionary.juniper-4874-unisphere for compatibility with systems that use ERX- or Unisphere- prefix for VENDOR 4874 attributes. Update sample certificates to expire on Sep 17 14:52:53 2027 GMT. Add AuthBy RADIUSdeskSQL. RADIUSdesk is a powerful and user-friendly RADIUS management platform designed to simplify the administration of network authentication and accounting. See configuration sample radiusdesksql.cfg in Radiator goodies directory. For RADIUSdesk, see https://radiusdesk.com Ensure that OpenSSL global error queue is always cleared before calling SSL_read function for Stream modules, such as RadSec. This avoids late errors that were already handled without clearing the error queue. StreamStateChangeHook is now called every time a connection attempt fails. This allows catching links that never get connected when Radiator starts as opposed to only catching transitions from connected to disconnected state. Diameter CER and CEA messages now include all locally configured source addresses with SCTP. Previously only one Host-IP-Address was added. Fixes to recently added DiaPeerDef support in DiaClient derived modules. Enhance Diameter support in AuthBy DIAMETER and other DiaClient derived classes. The Diameter connections can now be configured with DiaPeerDef clauses. Load balancing over multiple peers is supported with the ProxyAlgorithm parameter. Currently supported is hash balance with Session-Id attribute. This requires installation of Radiator Service Provider pack. Fix a memory leak caused by timed out Diameter answers in DiaClient. This affects AuthBy DIAMETER and other derived classes such as AuthBy AKAWX in Radiator SIM Pack. StatusServer parameter now has a new option named uptime. This option adds to reply server uptime and, in case of RadSec, connection uptime. Requires Time::Piece Perl module which is included in the Perl core distribution. Fix Error-Code value 202 (Invalid-EAP-Packet) handling to match RFC 4072 section 6.2 definition. Fix a number of Perl stderr warnings which litter logs but are otherwise harmless. EAP-pwd now clears OpenSSL error queue to ensure old entries in the error queue are not processed as new errors. Add AccountingHook to ServerTACACSPLUS. The hook runs when a TACACS+ Accounting request is received. It can be used for special processing of TACACS+ Accounting requests. Update goodies files create-cisco-cmd.pl and createavpairs.pl. Add new VENDOR 62676 RADIUSdesk to the default Radius dictionary. Note: these attributes use prefix 'Rd-' instead of vendor name based 'RADIUSdesk-'. Add statistics counters to sent and received Status-Server probes and responses. New StatsLog configuration parameter StatsCounterGroups needs to be set to log the new counters. Add StreamStateChangeHook for Stream based classes and HostStateChangeHook for AuthBy RADIUS based classes. These allow calling a hook when a Stream peer, such as RadSec or Diameter, changes state between unreachable and reachable. Similarly HostStateChangeHook is called when a Host within AuthBy RADIUS or its derived modules changes state. Update goodies files radsec-client.cfg and goodies/proxy.cfg with sample hooks. -- Heikki Vatiainen Radiator Software, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software