[RADIATOR] Radiator Version 4.30 released - new features, enhancements and bug fixes

Heikki Vatiainen hvn at open.com.au
Mon Sep 29 11:07:43 UTC 2025 

We are pleased to announce the release of Radiator version 4.30
This version contains support for RADIUSdesk, some new features, 
enhancements and bug fixes. See below for the details.
https://radiatorsoftware.com/radiator-4-30-released/

As usual, the new version is available to current licensees
and evaluators from:
https://radiatorsoftware.com/downloads/

Licensees with expired access contracts can renew at:
https://radiatorsoftware.com/renewal-order/

Meet Radiator
The Radiator team will be attending multiple industry events in October: 
Wireless Global Congress EMEA and Network X in Paris, and WPLC in 
Prague. See you there!
https://radiatorsoftware.com/meet-radiator-at-wgc-paris-network-x-and-wlpc-prague/

Radiator Core case study
Check out the new case study from the Radiator Core deployment we did 
for Elisa, tier 1 operator in Finland:
https://radiatorsoftware.com/radiator-case-study-elisa/

An extract from the history file
https://radiatorsoftware.com/products/radiator/history/ is below:

-----------------------------

Revision 4.30 (2025-09-26) major Radius protocol security fix, some new 
features, enhancements and bug fixes


       Selected compatibility notes, enhancements and fixes

Support RedHat Enterprise Linux 10 and its derivatives.

Support RADIUSdesk, a powerful and user-friendly RADIUS management platform.

Unisphere-Act-Data-Rate-Dn and Unisphere-Ipv6-Acct-Input-Packets were 
missing from the default RADIUS dictionary and 
Unisphere-Act-Data-Rate-Up and Unisphere-Ipv6-Acct-Output-Octets, 
respectively, were used as the attribute names instead. Other major 
updates to VENDOR 4874 Unisphere ERX attributes.

Time::Piece Perl module is now required. This module is included in the 
Perl core distribution.

EAP-pwd now requires Net::SSLeay.


       Known caveats and other notes

TLSv1.3 remains disabled by default for TLS based EAP methods and Stream 
based classes, such as RadSec. TLSv1.3 testing reports are welcome.

EAP-FAST needs Net::SSLeay 1.94 or later to function correctly with 
OpenSSL 1.1.1 and later.

Radiator 5.0 will remove obsolete modules, update some default 
parameters, enable TLSv1.3 when possible and add a number of TLS and 
other updates. Release 5 is in preparation but may not be the next 
release yet.


       Detailed changes

Support Server Name Indication (SNI) configuration with AuthBy RADSEC. 
New string parameter TLS_SNIHostname can be configured within AuthBy 
RADSEC for all Hosts or separately for each Host. Requested by Stefan 
Paetow.

Update ServerHTTP support and other information help texts.

Update Juniper's VENDOR 4874 attribute list with JUNOS_v18-4.dct and 
Juniper web site attribute lists. Several new attributes are added, such 
as Unisphere-Deactivate-Service. Some attributes have new alias names 
that match the currently documented names. Add to goodies dictionary 
files named dictionary.juniper-4874-erx and 
dictionary.juniper-4874-unisphere for compatibility with systems that 
use ERX- or Unisphere- prefix for VENDOR 4874 attributes.

Update sample certificates to expire on Sep 17 14:52:53 2027 GMT.

Add AuthBy RADIUSdeskSQL. RADIUSdesk is a powerful and user-friendly 
RADIUS management platform designed to simplify the administration of 
network authentication and accounting. See configuration sample 
radiusdesksql.cfg in Radiator goodies directory. For RADIUSdesk, see 
https://radiusdesk.com

Ensure that OpenSSL global error queue is always cleared before calling 
SSL_read function for Stream modules, such as RadSec. This avoids late 
errors that were already handled without clearing the error queue.

StreamStateChangeHook is now called every time a connection attempt 
fails. This allows catching links that never get connected when Radiator 
starts as opposed to only catching transitions from connected to 
disconnected state.

Diameter CER and CEA messages now include all locally configured source 
addresses with SCTP. Previously only one Host-IP-Address was added. 
Fixes to recently added DiaPeerDef support in DiaClient derived modules.

Enhance Diameter support in AuthBy DIAMETER and other DiaClient derived 
classes. The Diameter connections can now be configured with DiaPeerDef 
clauses. Load balancing over multiple peers is supported with the 
ProxyAlgorithm parameter. Currently supported is hash balance with 
Session-Id attribute. This requires installation of Radiator Service 
Provider pack.

Fix a memory leak caused by timed out Diameter answers in DiaClient. 
This affects AuthBy DIAMETER and other derived classes such as AuthBy 
AKAWX in Radiator SIM Pack.

StatusServer parameter now has a new option named uptime. This option 
adds to reply server uptime and, in case of RadSec, connection uptime. 
Requires Time::Piece Perl module which is included in the Perl core 
distribution.

Fix Error-Code value 202 (Invalid-EAP-Packet) handling to match RFC 4072 
section 6.2 definition. Fix a number of Perl stderr warnings which 
litter logs but are otherwise harmless.

EAP-pwd now clears OpenSSL error queue to ensure old entries in the 
error queue are not processed as new errors.

Add AccountingHook to ServerTACACSPLUS. The hook runs when a TACACS+ 
Accounting request is received. It can be used for special processing of 
TACACS+ Accounting requests. Update goodies files create-cisco-cmd.pl 
and createavpairs.pl.

Add new VENDOR 62676 RADIUSdesk to the default Radius dictionary. Note: 
these attributes use prefix 'Rd-' instead of vendor name based 
'RADIUSdesk-'.

Add statistics counters to sent and received Status-Server probes and 
responses. New StatsLog configuration parameter StatsCounterGroups needs 
to be set to log the new counters.

Add StreamStateChangeHook for Stream based classes and 
HostStateChangeHook for AuthBy RADIUS based classes. These allow calling 
a hook when a Stream peer, such as RadSec or Diameter, changes state 
between unreachable and reachable. Similarly HostStateChangeHook is 
called when a Host within AuthBy RADIUS or its derived modules changes 
state. Update goodies files radsec-client.cfg and goodies/proxy.cfg with 
sample hooks.


-- 
Heikki Vatiainen
Radiator Software, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software

More information about the radiator mailing list