Freeradius EAP-TLS

[NilsS]

I would like to implement eap-tls in the freeradius plugin, is there already someone working on that?
Who is the maintainer of the current plugin?

I'm quite new to opnsense but i think i found the starting point in the templates, volt templates and the xml.

Maybe we could discuss a way to use additional virtual servers for other radius methods. EAP-TTLS and EAP-PEAP

I thought about selecting virtual servers per client.

[fabian]

There is no activity on the plugin at the moment - you can find it here: https://github.com/opnsense/plugins/tree/master/net/freeradius
The maintainer is Michael (mimugmail in the forum and GitHub).

[franco]

PS: You can see the maintainer from the details button of the firmware plugins list.

EDIT: Sorry, stupid me, the feature has not yet been released to 17.7. Please disregard.

[mimugmail]

Hi NilsS,

would be very cool if you have some ideas how to extend it.
I was doing some stuff to add EAP-TLS but didn't find the time yet.

Today I did some testing with IKEv2 and EAP-Radius, but I didn't get into radius, no fun to debug strongswan

[NilsS]

Ok,

i will try to build a config with multiple virtual servers listening on the same port. I found an example that should work.
I try to build the config and make a template of it.
Then we can see how to build the gui around it.

[mimugmail]

By the way ... EAP-TTLS and EAP-PEAP already work out of the box!

[NilsS]

But there is no TLS Server Cert or CA defined.

I think more about defining virtual servers with allowed authentication methods and there user backends and then define on the clients which virtual server to use.

I don't like cleartext passwords.

Also i don't want to allow an entry for MBA from the switch to auth to the WLAN.