Remote freeradius security
-
Hello!
I have a remote freeradius in my network and I want to connect cp to it.Can any one sniff usernames and passwords between cp and remote freeradius in my network? -
Yes u can. But if you use MSCHAPv2 with a certificate its only possible to MITM when the end device accepts the non legit server certificate.
-
Normally
, your portal interface would be a dedicated interface, something like OPT1, and your private Radius server would be on your LAN.
Mode paranoid: give your radius server another private interface, OPT2 - and use a crossed Ethernet cable - you'll be fine ;)Needless to say that mixing private servers and "public clients" on the same network segment is NOT a smart thing to do ….
-
I installed pfsense on virtualbox that is on debian server and when I tried to connect cp and freeradius (freeradius is on debian server) by host-only network (I setted host-only as opt1 not lan) it has not any ping and not connected.If I can do it I have not any problem with its security.Could u help me?
-
Well, ….
Now you told that everything is running on the same server, I guess your fine.
Everything will be a as safe as is your "virtualbox".
Not that I know anything about vitalization. I'm old-fashioned : router (pfSEnse) in a box, servers are in their own boxes, all of them are physical boxes. With wires and so in between them ;)
