Skip to main content

Learn about FreeRADIUS


GovWifi currently has a set of six RADIUS servers. These servers control network access with AAA authentication. Exchange with Supplicant


  • Runs on port 1812.
  • Requests user details stored in the database via the Authentication API.


  • We do not have different levels of access so this is a NOOP.


  • Runs on Port 1813. Although port 1813 is open and running GovWifi does not perform any accounting.
  • We don’t block accounting requests, but we don’t do anything with them –– instead our configuration returns a NOOP. If an organisation requires accounting, they can enable it on their local infrastructure.


FreeRADIUS is configured using a language called Unlang.

We favor keeping all complex functionality in the backend APIs, instead of in Unlang.

This way it is easier to test and change in the future.


FreeRADIUS Server

This is the software installed on our RADIUS servers.

It is open source and can be found on Github.

FreeRADIUS server

The RADIUS Healthcheck

The Route53 healthcheck connects to port 3000 on a specific FreeRADIUS servers. For example: http://12.345.678.91:3000/

A Ruby process listens on port 3000. When it receives a request for "/", it automatically runs an eapol_test command, which then connects to the Authentication API and returns a 200 response in case a successful response is received.

The configuration for the healthcheck eapol_test can be found on GitHub.

If you need to manually test the healthcheck in a radius docker container you can do: eapol_test -c /usr/src/healthcheck/peap-mschapv2.conf -s $(echo $HEALTH_CHECK_RADIUS_KEY)

The secret can also be found by logging in as a GovWifi administrator( for staging you would login here ), switching to the GDS CTS organisation, then selecting “Locations” and scrolling to “Health check user”

It should also be noted that the last login of the health check user is no longer recorded in the User database.

The failure of the health check does not actually trigger a new Radius docker container to be spawned. It only sends a notification email to .

You can learn more about the healthcheck here.

This page was last reviewed on 13 July 2021. It needs to be reviewed again on 13 January 2022 by the page owner #govwifi .
This page was set to be reviewed before 13 January 2022 by the page owner #govwifi. This might mean the content is out of date.