Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Freerad iphone eap-tls log spam?

    Off-Topic & Non-Support Discussion
    2
    3
    1005
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpoz
      johnpoz LAYER 8 Global Moderator last edited by

      I was thinking if putting this in freerad package section.  But to be honest I believe its more a design issue with iphone than anything could set on freerad, or the wireless config.

      So I use eap-tls to auth my devices that support it.  currently this is 2 iphones (5s and 5c) and ipad (air2) and few laptops.  But laptops never do it because they actually go off ;)  I don't recall ever seeing it happen on my ipad either.  Will keep an eye out for it.  All running ios 9.3.4

      But the phones seem to auth every few minutes when not being used.  Which ends up generating lots of log spam..

      example
      Aug 7 08:03:49 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:55:04 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:48:48 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:46:37 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:44:12 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:36:51 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:35:30 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:33:48 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:31:31 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:30:48 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:29:18 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:27:25 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:26:49 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:26:21 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:18:48 radiusd 62035 Login OK: [j-iphone] (from client uapac port 0 cli AC-FD-EC-62-34-97) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2
      Aug 7 07:17:17 radiusd 62035 Login OK: [k-iphone] (from client uapac port 0 cli 80-00-6E-9D-EA-DE) A2-2A-A8-15-4F-07:unifi-ent 192.168.2.2

      Does anyone have any suggestions, is there some setting on the phone not to do this. I sure could not log it.. But kind of like to see when they auth or if they move to a different AP, etc.  But it does generate a lot of unwanted log entries then the phones are just sitting on the dresser charging ;)

      Guess could change them to the psk ssid before going to bed or just turning off the wifi..  I would post this on some apple community somewhere - but I don't think there would be much support for eap-tls wifi auth using freerad in that userbase…

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Seems like maybe it shuts off the radio to save power when they're asleep and they wake up periodically to check for notifications/new data/etc. Though I'd expect that to happen more frequently or on a more regular interval.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          yeah that is what it seems like to me as well.  I for now have just turned off logging of the auth.  Maybe I am just having a brain fart but I don't see a way to log just failures and not log good auth which would be better than no logging at all.

          While they are not doing it like every minute its does produce quite a bit of spam in the logs when you have 2 of them doing it every few minutes all night long, etc.

          Or be nice if you could set it somewhere on the phone to only do it say every hour or something when they are sleeping.  I will have to look through the iphone settings, but what is odd is not seeing it from the ipad and its on the same eap-tls network.  When I get a chance I will explore the difference in settings on the ipad vs the iphones.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy