Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Let's Encrypt with freeradius- Successes and Failures

    ACME
    3
    12
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StarkJohan
      last edited by

      I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

      It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
      https://forum.pfsense.org/index.php?topic=126862.0

      1 Reply Last reply Reply Quote 0
      • R
        reggie14
        last edited by

        @StarkJohan:

        I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

        It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
        https://forum.pfsense.org/index.php?topic=126862.0

        Have you tried restarting pfSense yet?  I don't think hand-edits to the config files stick after a reboot.  Do they?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          No, this certainly won't stick.

          1 Reply Last reply Reply Quote 0
          • S
            StarkJohan
            last edited by

            The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice. Probably because I haven't edited the "radiusd.conf"? Can't say much about the CA-stuff you're trying to achieve though.

            1 Reply Last reply Reply Quote 0
            • R
              reggie14
              last edited by

              It it possible to install freeradius3 manually?  Even if StarkJohan's method works, I'd still need to set up different wifi networks to take advantage of it.  freeradius3 allows you to use different CA certificates on a single instance.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @StarkJohan:

                The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice.

                This will "stick" exactly until you've clicked "Save" somewhere in the FreeRADIUS package GUI.

                1 Reply Last reply Reply Quote 0
                • S
                  StarkJohan
                  last edited by

                  doktornotor is of course correct, saving in the GUI overwrites the configs which is important to remember if doing manual edits.

                  The question in this case was if it "sticks" after reboot, which it actually does. In my case the GUI settings of the freeradius package has been "set it and forget it" so I'm still happy.

                  doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    @StarkJohan:

                    doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

                    Hmmm, the PHP code alone is ~4400 lines – not counting 800+ lines of input validation (not yet merged)…  ::)

                    1 Reply Last reply Reply Quote 0
                    • S
                      StarkJohan
                      last edited by

                      So maybe not this week?  ;D

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Yeah, bingo. Frankly, before anything gets potentially added, crap like the built-in certificate manager needs to be flushed down the drain.

                        1 Reply Last reply Reply Quote 0
                        • R
                          reggie14
                          last edited by

                          What are the prospects for a freeradius3 package?  freeradius2 is already not getting fixes- only critical security patches-  so at some point folks will need to decide whether to create a new package or drop it entirely.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.