PfSense + LDAP: Start TLS

pfSense Packages
Log in to reply
  • ?

    Hi,

    Some questions concerning the freeRADIUS implementation on pfSense:

    • Can you use ldap (389) port when you select TLS options (i.e. use StartTLS over 389)?  Or does this only work over ldaps?

    • Do you have to supply a copy of the server cert?  Normally with LDAP clients I only need the CA cert.  Does pfSense work if I only select the CA cert and leave the server cert as none?

    • Do any explicit firewall rules need to exist to allow traffic from the router to the LDAP server on the LAN?  Does the traffic get seen as coming from the gateway address on the LAN, or does the router automatically have access to the LAN net from the localhost?

    Regards,
    Rob.

    0
  • ?

    Solved.

    • Yes you can, the config option "start_tls" is used, independent of the protocol type.

    • No you do not, however there is some "faf" you have to go through to get FreeRadius to operate with only the CA cert, see here: https://forum.pfsense.org/index.php?topic=84564.0

    • No rules appear to be required, the router services have access onto the VLAN without explicit rules.

    Regards,
    Rob.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy