• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Using Let's Encrypt with freeradius- Successes and Failures

ACME
3
12
4.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    StarkJohan
    last edited by Mar 11, 2017, 2:49 PM

    I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

    It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
    https://forum.pfsense.org/index.php?topic=126862.0

    1 Reply Last reply Reply Quote 0
    • R
      reggie14
      last edited by Mar 12, 2017, 1:15 AM

      @StarkJohan:

      I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.

      It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
      https://forum.pfsense.org/index.php?topic=126862.0

      Have you tried restarting pfSense yet?  I don't think hand-edits to the config files stick after a reboot.  Do they?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by Mar 12, 2017, 7:51 AM

        No, this certainly won't stick.

        1 Reply Last reply Reply Quote 0
        • S
          StarkJohan
          last edited by Mar 12, 2017, 2:32 PM

          The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice. Probably because I haven't edited the "radiusd.conf"? Can't say much about the CA-stuff you're trying to achieve though.

          1 Reply Last reply Reply Quote 0
          • R
            reggie14
            last edited by Mar 12, 2017, 8:37 PM

            It it possible to install freeradius3 manually?  Even if StarkJohan's method works, I'd still need to set up different wifi networks to take advantage of it.  freeradius3 allows you to use different CA certificates on a single instance.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by Mar 12, 2017, 8:41 PM

              @StarkJohan:

              The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice.

              This will "stick" exactly until you've clicked "Save" somewhere in the FreeRADIUS package GUI.

              1 Reply Last reply Reply Quote 0
              • S
                StarkJohan
                last edited by Mar 13, 2017, 5:26 AM

                doktornotor is of course correct, saving in the GUI overwrites the configs which is important to remember if doing manual edits.

                The question in this case was if it "sticks" after reboot, which it actually does. In my case the GUI settings of the freeradius package has been "set it and forget it" so I'm still happy.

                doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by Mar 13, 2017, 9:38 AM

                  @StarkJohan:

                  doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?

                  Hmmm, the PHP code alone is ~4400 lines – not counting 800+ lines of input validation (not yet merged)…  ::)

                  1 Reply Last reply Reply Quote 0
                  • S
                    StarkJohan
                    last edited by Mar 13, 2017, 9:57 AM

                    So maybe not this week?  ;D

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by Mar 13, 2017, 10:33 AM

                      Yeah, bingo. Frankly, before anything gets potentially added, crap like the built-in certificate manager needs to be flushed down the drain.

                      1 Reply Last reply Reply Quote 0
                      • R
                        reggie14
                        last edited by Mar 13, 2017, 4:46 PM

                        What are the prospects for a freeradius3 package?  freeradius2 is already not getting fixes- only critical security patches-  so at some point folks will need to decide whether to create a new package or drop it entirely.

                        1 Reply Last reply Reply Quote 0
                        11 out of 12
                        • First post
                          11/12
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.