Setting up EAP-TLS for 802.1X Wireless



  • Hi guys,

    Currently, I have already installed and properly set up my FreeRadius on my pfSense box.

    The following is what I did:

    1. Setup an account/password on the user section
    2. Setup an authentication interface for FreeRadius to listen to
    3. Create a CA, server and client certificate in Cert Manager
    4. Set FreeRadius to use certificates created in pfSense Cert Manager
    5. Install CA cert on my wireless clients
    6. Setup my wireless clients to establish wireless connection using either 802.1X EAP-TLS/TTLS/PEAP with the CA Certs and the account/password created in Step 1

    Ok, everything works fine. My wireless clients is able to authenticate properly with FreeRadius, however, WITHOUT the client cert.

    I maybe wrong but isn't RADIUS suppose to check my wireless client for it's client server and verify for it's validity before accepting the authentication? Did I misunderstood how EAP-TLS works?

    If I'm right, how do I setup FreeRadius to check for client cert before accepting a wireless client into the network?

    Thanks in advance.

    P.S - I have enabled 'Check Cert Issuer' and 'Check Client Certificate CN' option found in 'EAP' tab.


Log in to reply