FreeRadius2 EAP-TLS



  • I am working on getting FreeRadius setup for WPA2 Enterprise. I have followed the instructions here (https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS) and have PEAP working, now I am trying to get EAP-TLS working.

    I am pushing my certs to an iPhone via Apple Configurator (when I specify PEAP it works fine). When I specify EAP-TLS and give it the proper certs it does not work.

    In the FreeRadius EAP settings I have Choose Cert Manager checked which should use the Firewall Cert manager (this is where I have created all my certs) and I have selected the proper certs.

    When I look at the eap.conf file it looks to me like it is not using the pfSense Cert Manager and the certs I have created and instead is using the FreeRadius certs.

    Does anyone know how to get EAP-TLS to use the pfSense certificate manager?

    An excerpt from eap.conf:

    certdir = ${confdir}/certs
    cadir = ${confdir}/certs
    private_key_password = whatever
    private_key_file = ${certdir}/server_key.pem
    certificate_file = ${certdir}/server_cert.pem
    CA_file = ${cadir}/ca_cert.pem
    dh_file = ${certdir}/dh
    random_file = ${certdir}/random
    fragment_size = 1024
    include_length = yes
    check_crl = no
    CA_path = ${cadir}

    and from radiusd.conf: confdir = ${raddbdir}



  • Looking more closely it looks like it did copy my certs in to this directory, but didn't remove: "private_key_password = whatever" from the eap.conf.

    I have tried manually commenting that out and will test.


Log in to reply