PfSense as AP 802.1x Authentication.



  • Hi people, I'm really getting a hard time on this.
    Here's the issue:
    I have pfSense RC-1 as a dual WAN gateway working like a charm for several AP's in my network with FreeRadius installed on the box for 802.1x authentication, but the authentication works only for these AP's, not for local hostap and the reason is: When local hostap try to authenticate against local FreeRadius it's using one of WAN gateways as a source, since the address it's dynamic I have no way to create a client based on source IP.
    I created a client with IP 0.0.0.0 and manually edited the clients.conf to add the line "netmask=0", this way works  but at every reboot pfSense recreates the file and I have to edit again…The GUI doesn't have a field for network mask so...
    IMHO I think the bridge created between LAN and WLAN interface must use the bridge address to reach the local Freeradius and not some of the WAN gateways, but I have no idea how to do this, if I use WPA/PSK I have no problems, the wifi clients can navigate the internet and local network.

    Any ideas?
    Thanks in advance.



  • Anyone?



  • I have never tried this, but logically, why not just create a NAS client for loopback?  127.0.0.1  I am not sure if this will work given I haven't done my homework on this kind of build, but for conjecture it is the local device making the request to the authentication server, or in this case itself.

    give it a whirl I suppose, I'd like to know if this works myself  :)


Log in to reply