The Rublon Authentication Proxy does not have to reside on the same network as your RADIUS/LDAP(S) server, such as FreeRADIUS, Active Directory, or OpenLDAP. You can install the Auth Proxy on a cloud-based server, such as an AWS instance, outside of your organization's private network. However, there are important considerations to keep in mind regarding network configuration and security.
Important: The Rublon Authentication Proxy requires the following ports to be open for proper communication:
RADIUS: UDP port 1812
LDAP: TCP port 389
LDAPS: TCP port 636
core.rublon.net: TCP port 443
Ensure firewalls and network policies do not block these ports.
Deployment Options for Rublon Authentication Proxy
1. Both the RADIUS/LDAP(S) server and Auth Proxy are inside a private corporate network
The Rublon Authentication Proxy can be installed on the same or different machine from your VPN or RADIUS/LDAP(S) server within the same private network. This setup keeps all authentication traffic within your secure network perimeter, reducing exposure to external threats.
2. One is inside a private corporate network and the other is on a cloud-based server
The Auth Proxy can also be installed on a cloud-based server located outside your organization's private network. In this scenario, you must properly configure network access to allow your on-premises RADIUS server to communicate with the Authentication Proxy over the internet. Make sure firewalls are not blocking any connections. This setup requires careful attention to security due to the transmission of sensitive authentication data over public networks. If you use RADIUS, we recommend that you avoid using PAP over the public internet. Instead, use more secure authentication protocols like EAP-MS-CHAPv2 (by setting proxy_requests to true in the Rublon Authentication Proxy config file) or implement VPN tunnels to secure the connection between the RADIUS/LDAP(S) server and the Rublon Auth Proxy.
3. Both the RADIUS/LDAP(S) server and the Rublon Authentication Proxy are hosted on a cloud-based server
In this scenario, both the RADIUS/LDAP(S) server and the Rublon Authentication Proxy are hosted within a cloud-based Virtual Private Cloud (VPC), creating a secure, isolated network environment. Users connect to your cloud-hosted service or VPN, which communicates with the Auth Proxy within the VPC. The Auth Proxy then connects to the RADIUS/LDAP(S) server also hosted in the VPC, ensuring all authentication traffic remains within a secure cloud environment.
Helpful Links
Do I have to install the Auth Proxy on a separate machine or the server hosting the VPN?
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article