Using Let's Encrypt with freeradius- Successes and Failures

StarkJohan · Mar 11, 2017, 2:49 PM

I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
https://forum.pfsense.org/index.php?topic=126862.0

reggie14 · Mar 12, 2017, 1:15 AM

@StarkJohan:

I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
https://forum.pfsense.org/index.php?topic=126862.0

Have you tried restarting pfSense yet? I don't think hand-edits to the config files stick after a reboot. Do they?

doktornotor · Mar 12, 2017, 7:51 AM

No, this certainly won't stick.

StarkJohan · Mar 12, 2017, 2:32 PM

The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice. Probably because I haven't edited the "radiusd.conf"? Can't say much about the CA-stuff you're trying to achieve though.

reggie14 · Mar 12, 2017, 8:37 PM

It it possible to install freeradius3 manually? Even if StarkJohan's method works, I'd still need to set up different wifi networks to take advantage of it. freeradius3 allows you to use different CA certificates on a single instance.

doktornotor · Mar 12, 2017, 8:41 PM

@StarkJohan:

The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice.

This will "stick" exactly until you've clicked "Save" somewhere in the FreeRADIUS package GUI.

StarkJohan · Mar 13, 2017, 5:26 AM

doktornotor is of course correct, saving in the GUI overwrites the configs which is important to remember if doing manual edits.

The question in this case was if it "sticks" after reboot, which it actually does. In my case the GUI settings of the freeradius package has been "set it and forget it" so I'm still happy.

doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

doktornotor · Mar 13, 2017, 9:38 AM

@StarkJohan:

doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

Hmmm, the PHP code alone is ~4400 lines – not counting 800+ lines of input validation (not yet merged)… ::)

StarkJohan · Mar 13, 2017, 9:57 AM

So maybe not this week? ;D

doktornotor · Mar 13, 2017, 10:33 AM

Yeah, bingo. Frankly, before anything gets potentially added, crap like the built-in certificate manager needs to be flushed down the drain.

reggie14 · Mar 13, 2017, 4:46 PM

What are the prospects for a freeradius3 package? freeradius2 is already not getting fixes- only critical security patches- so at some point folks will need to decide whether to create a new package or drop it entirely.