Using Let's Encrypt with freeradius- Successes and Failures
-
I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.
It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
https://forum.pfsense.org/index.php?topic=126862.0 -
I haven't looked into this but I would assume you'd be able to specify different CA-options if you were to run multiple (or virtual) freeradius instances. I'm doing this to provide different user lists to different VLAN-tagged SSIDs.
It's rather easy to setup but has to be done manually. I did a quick and dirty write up a couple of days ago:
https://forum.pfsense.org/index.php?topic=126862.0Have you tried restarting pfSense yet? I don't think hand-edits to the config files stick after a reboot. Do they?
-
No, this certainly won't stick.
-
The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice. Probably because I haven't edited the "radiusd.conf"? Can't say much about the CA-stuff you're trying to achieve though.
-
It it possible to install freeradius3 manually? Even if StarkJohan's method works, I'd still need to set up different wifi networks to take advantage of it. freeradius3 allows you to use different CA certificates on a single instance.
-
The changes I have made to my setup actually does stick after reboot. Tested and confirmed twice.
This will "stick" exactly until you've clicked "Save" somewhere in the FreeRADIUS package GUI.
-
doktornotor is of course correct, saving in the GUI overwrites the configs which is important to remember if doing manual edits.
The question in this case was if it "sticks" after reboot, which it actually does. In my case the GUI settings of the freeradius package has been "set it and forget it" so I'm still happy.
doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?
-
doktornotor, would you think that there would be any realistic way to include the option of adding virtual servers using the GUI in the freeradius package in the future?
Hmmm, the PHP code alone is ~4400 lines – not counting 800+ lines of input validation (not yet merged)… ::)
-
So maybe not this week? ;D
-
Yeah, bingo. Frankly, before anything gets potentially added, crap like the built-in certificate manager needs to be flushed down the drain.
-
What are the prospects for a freeradius3 package? freeradius2 is already not getting fixes- only critical security patches- so at some point folks will need to decide whether to create a new package or drop it entirely.