Possible to use pfSense’s Freeradius server w/ a traditional Wifi router network?
-
I would like to use the Freeradius server in pfSense to protect WiFi devices on a network that uses a traditional WiFi hardware router. I’m running pfSense in a VirtualBox VM on a computer in the network.
I know that pfSense is usually used as its own router with its own LAN, but in my case I don’t need that, I simply want to use its Freeradius server to protect the WiFi devices on the hardware network.
Is there a way to “disable” pfSense working as a router (making it not have its own LAN, ect..) so its Freeradius server can simply be used to protect the hardware router’s local network?— Or at least is there a way to have its Freeradius server available to protect the devices on the hardware network via opening ports in pfSense’s firewall? I would rather avoid the Firewall option, however.
Of course I would also need to access pfSense’s web interface from the devices on the hardware network as well.
Is is possible to configure pfSense in such a manner?
Thanks for your help.
-
@pfsense_forum_user said in Possible to use pfSense’s Freeradius server w/ a traditional Wifi router network?:
Is is possible to configure pfSense in such a manner?
You want to use it as just a freeradius server, and nothing else? Why would you not just fire up freeradius on a docker or VM?
-
I like pfSense’s web interface. I tried to install and manage Freeradius using the command line in Ubuntu but it was cumbersome. When you say to implement it in a docker or VM, do you mean running in an Ubuntu VM instance, for example? Or is there a standalone Freeradius application that I can run in a VM that has a web interface? Thanks for your help.
-
@pfsense_forum_user there are some gui for freerad.. daloRADIUS comes to mind.. there is https://radiusdesk.com/
But to answer your question, sure pfsense could be used as just your radius server and doesn't actually have to be the firewall router on our network..
-
That is good to know. I’ve looked online to find information about how to do that, but I haven’t found anything.
Could you give me pointers about how to go about configuring pfSense that way? I already have an instance running in a VM that I can access with a Lubuntu VM on its LAN.
-
I have looked into daloRadius before, which looks interesting, but I think that is an additional installation that works with a Freeradius server that has already been installed using the command line.
Is RADIUSdesk a font-end to a Freeradius instance that has already been installed similar to daloRadius? Or is it it’s own Freeradius server as well?
I would like to stick with pfSense if possible. Thanks for your help.
-
.. Also I would rather keep the factory firmware on the router.
-
.. One more thing, I previously mentioned that I would rather not open ports in the pfSense firewall, but actually that would be fine if it would be the easiest and most effective method.
-
@pfsense_forum_user what does it matter what ports? There is nothing else your going to be running on it other than freerad an the webgui? Any Any rule would be fine..
-
Yes, I will only be using the GUI and the Freeradius server. I have Freeradius currently running in pfSense.
I’m just learning pfSense so I’m not familiar with how to give access of those two things to the pfSense WAN. Could you give me some specific pointers for doing that?
I have tried to allow access to the GUI from the WAN but nothing that I tried worked.
-
@pfsense_forum_user did you create a lan as well.. Out of the box if pfsense only has a 1 interface it will put the antilock out there "the wan" and would allow gui access out of the box.
-
pfSense’s web admin page is at 10.0.0.1, and I can access from an Lubuntu VM in pfSense’s LAN, but I’m not able to access it from browsers on the WAN. I tried entering the same IP address in the WAN browsers but nothing happened, then I tried some instructions that I saw online but nothing worked. I also saw that it is possible to establish a VPN into the pfSense WAN but I suppose that would be overkill.
-
@pfsense_forum_user lay out your network.. How do you have your VMs setup - are you natting yoru vm.. What vm software are you running on?
So pfsense wan IP is 10.0.0.1 on your vm and this is bridged to your 10.0.0/24 network? And a client on this same network say 10.0.0.2 can not access it? Then you have something wrong with your VM setup to your network.
When you setup pfsense and only 1 interface, this would be pfsense wan, and it would have the antilock out rule set so any device on this wan network would be able to access the web gui.
If you can not then there is something else going on in your network, like your VM is behind a nat on your vm software, or its not actually bridged to your physical network, etc
-
I’m using VirtualBox on OS X, and I have two adapters specified for it. Adapter 1 is “bridged” as “en0:ethernet”, and Adapter 2 is “Internal Network” as “intent”.
-
Which setting would you recommend for only one interface? Bridged adapter or internal network?
-
@pfsense_forum_user I haven't used virtual box in long time.. It sure wouldn't be internal network, you need to bridge it to your normal network so you can access it.
Here I just set this up as vm on my nas. Its on my lan network 192.168.9/24 it got an IP from my dhcp server on my network.
I accessed the IP from my pc on the network that it got, walked thru the wizard and changed the password and there you go I am in. As you can see the default rules are anti lock out for gui with source of any. And it even auto disabled the block rfc1918 because its on a rfc1918 network.
-
Sorry I guess these are pretty basic questions. I presume I should use bridged.
-
Thanks, I'll do some experimentation, it is good to know that the two adapters were causing issues.
-
Awsome.. that works. I can now access it from the computers on the hardware network. Do you think it will work unmodified with Freeradius in the same way?
-
@pfsense_forum_user well the default rules only allow access to the web gui, you would need to create a rule to allow your freerad ports.. 1812 is common, but since its not really doing anything other then webgui and freerad you could prob just set an any rule..