FreeRadius secuirty…trying to understand?
-
I am looking to setup FreeRadius to help secure my setup. Is it more secure? It only prevents others from login on? I don't need to give out the SSID password…just the FreeRadius password, thereby keeping the SSID password private? Is it a rat nest of complication if I use certificates? Does it prevent access to other VLANs?
I installed the package, googled a lot but struggling to get my head around the value...
Any htoughts?
Thank in advance,
V -
https://en.wikipedia.org/wiki/RADIUS
https://en.wikipedia.org/wiki/IEEE_802.1X
https://en.wikipedia.org/wiki/IEEE_802.11i-2004
-
"Is it a rat nest of complication if I use certificates? Does it prevent access to other VLANs?"
What exactly are you wanting to accomplish? What are you using for the wifi part..
You could use certs via eap-tls for your devices on their own vlan.. You could allow them to access whatever other networks you want via rules on pfsense. While sure you could run a wpa enterprise network where users could log in via username/password you give them. Most users do not get how to do this, etc. What device are they using? Phone, tablet - laptop?
It's prob easier and less complicated to just run a guest SSID on your wifi. This network would/should be isolated from the rest of your network so what does it matter if you give out the SSID. You could run a captive portal behind that where they have to know another piece of info - use a voucher you give them, etc.
What hardware are you working with for your AP and your switch(es)?
-
Its not tricky :-
https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS
The only issue you may have is that some of the clients may not support WPA enterprise, if this is the case you'll need the WPA enterprise and WPA2 SSIDs to sit on the same subnet.
Ubiquity John :-
https://forum.pfsense.org/index.php?topic=142930.msg779070#msg779070
-
Well there you go then.. He has everything he needs to run guest wifi and vlans..