Section 15. Interoperation with iPASS Roaming

15. Interoperation with iPASS Roaming

iPASS (TM) operate a Global Roaming system that can allow your users to log in at any cooperating ISP around the world. For more information, see iPASS website

. In order to interoperate you must enter into a commercial arrangement with iPASS. iPASS will then be able to provide the software that Radiator needs to communicate with the iPASS network.

iPASS regard roaming as two distinct products:

NetServer, where you originate authentication and accounting requests for users who dial in to your POP. The requests are sent to the iPASS network, where they are authenticated, possibly by someone else's Roam Server. This happens when someone else's customers dial in to your POP. We call this “outbound”.
RoamServer, where authentication and accounting requests arrive from the iPASS network. This happens when your customers dial in to someone else's POP. We call this “inbound”.

Radiator uses different methods for handling inbound and outbound iPASS requests, and each must be set up separately with Radiator and with iPASS.

15.1. iPASS Outbound

Outbound requests must be proxied to an NetServer, configured to work with the iPASS system. The NetServer is provided by iPASS. The NetServer may be run either on the same host as Radiator, or on a different host. If the NetServer is run on the same host as Radiator, it must be configured to use different ports to Radiator.

As an example, here is part of a typical configuration that will handle requests for local users from a file, and proxy all other realms to an NetServer running on another host:

# Local realm is handled locally
<Realm my.local.realm>
      <AuthBy FILE>
            Filename xxxxxx
      </AuthBy>
</Realm>
# Al other realms are proxied to NetServer on fred
<Realm DEFAULT>
      <AuthBy RADIUS>
            Host fred
            Secret mysecret
      </AuthBy>
</Realm>

Figure 22. Schematic diagram of how iPASS outbound requests are handled

In order to configure Radiator to handle outbound iPASS requests, you need to do the following things:

Enter into a commercial arrangement for iPASS to provide Net Server access to you. iPASS will provide you with an ISP partner number.
Download, install and configure the iPASS software. You will need to configure both the RoamServer and RADIUS server. This will involve configuring the package, requesting and receiving an encryption certificate, and submitting details of your server and realm to iPASS. Install the package in the normal place (/usr/ipass).
Test the installed iPASS package by using the test programs provided with it. Make sure it is really working properly before you go on to the next step.
Configure Radiator so that all realms that are not handled locally are forwarded to the NetServer.
Test Radiator with the radpwtst program to make sure that requests for non-local realms are forwarded to iPASS.

15.2. iPASS Inbound

Inbound requests are received by a special server that you also must get from iPASS called RoamServer. RoamServer receives requests from the iPASS network and then sends them to Radiator as ordinary RADIUS requests. Seethe following figure. RoamServer will usually run on the same host as Radiator, or possibly on a different host in your network.

Figure 23. Schematic diagram of how iPASS inbound requests are handled

In order to configure Radiator to handle inbound iPASS requests, you need to do the following things:

Enter into a commercial arrangement for iPASS to provide Roam Server access to you. iPASS will provide you with an ISP partner number.
Request the iPASS RoamServer software for your platform from iPASS.
Install and configure the RoamServer software according to the instructions included with it. This will involve configuring the package, requesting and receiving an encryption certificate, and submitting details of your server and realm to iPASS. Install the package in the normal place (/usr/ipass). If you have already done this for outbound requests above, you do not need to do it again.
Configure Radiator in the usual way for your local realms. Add a Client clause specifying the host where the RoamServer software is running, and the shared secret you configured into RoamServer:
```
<Client localhost>
      Secret secret
</Client>
<Realm ...>
      ....
```
Test that RoamServer sends requests to Radiator by using the test software provided with RoamServer.