WPA(2) Enterprise + FreeRadius
I would like to use WPA2 enterprise with FreeRadius.
I followed this guide: http://hubpages.com/technology/How-to-Set-Up-a-Radius-Server-on-pfSense-Using-the-FreeRadius-Package
All is working. I'm just wondering is it really this simple to setup? ;D
At the moment my iPhone 6S (iOS 9.0.2) is connected without any problems.
yeah its pretty simple, there are some gotchas if you want to use eap-tls with ios devices wanting password on the p12 that isn't done with cert manager.
Indeed it was easy. :D
I have it running with TLS with my self-signed cert on my pfSense box and did not need to do anything on my iPhone.
Only thing I got was a question to trust the certificate on iOS (probably due to being self-signed).
radiusd: Login OK: [Panja] (from client panja-radius port 0 via TLS tunnel)
That is not using eap-tls there difference
Ok, sorry my bad.
EAP-TLS is more secure?
I am using PEAP right?
Btw pity I have a few devices that cannot be setup with WPA2 enterprise.
I need to add a separate SSID with WPA2 personal for those devices.
yeah it is a pity devices that do not support wpa2 enterprise, means you still have to run a psk ssid for those - I have a nest thermostat and a harmony smart hub (remote control) for example that I have looked into if they would be adding. And doesn't seem like any plans to do so..
Yeah eap-tls is more secure, each device that connects needs cert installed from the CA, not just a username password and trusting the server cert. The server also has to see and validate the cert issued to the device. Its a bit more work setting it up to be sure because you have to create the certs for each device. Best option for a laptop would be to store this cert on a smartcard for example.. But this is difficult on a ipad or smartphone, etc..
Issue ran into is that cert manager in pfsense does not put a password on the .p12 - but in ios it will not allow you to import without. So have to run it through openssl putting a psssword on it.
Thanks for the very clear answer!
I'm probably going to run 2.4GHz with WPA2 AES Personal and 5GHz with WPA2 Enterprise.
The devices I have that do not support WPA Enterprise are also devices that do not have 5GHz support (printer, Logitech Squeezebox).