OPNsense Forum
English Forums => Development and Code Review => Topic started by: NilsS on September 24, 2017, 11:25:31 am
-
I would like to implement eap-tls in the freeradius plugin, is there already someone working on that?
Who is the maintainer of the current plugin?
I'm quite new to opnsense but i think i found the starting point in the templates, volt templates and the xml.
Maybe we could discuss a way to use additional virtual servers for other radius methods. EAP-TTLS and EAP-PEAP
I thought about selecting virtual servers per client.
-
There is no activity on the plugin at the moment - you can find it here: https://github.com/opnsense/plugins/tree/master/net/freeradius
The maintainer is Michael (mimugmail in the forum and GitHub).
-
PS: You can see the maintainer from the details button of the firmware plugins list.
EDIT: Sorry, stupid me, the feature has not yet been released to 17.7. Please disregard. :)
-
Hi NilsS,
would be very cool if you have some ideas how to extend it.
I was doing some stuff to add EAP-TLS but didn't find the time yet.
Today I did some testing with IKEv2 and EAP-Radius, but I didn't get into radius, no fun to debug strongswan :)
-
Ok,
i will try to build a config with multiple virtual servers listening on the same port. I found an example that should work.
I try to build the config and make a template of it.
Then we can see how to build the gui around it.
-
By the way ... EAP-TTLS and EAP-PEAP already work out of the box! :)
-
But there is no TLS Server Cert or CA defined.
I think more about defining virtual servers with allowed authentication methods and there user backends and then define on the clients which virtual server to use.
I don't like cleartext passwords.
Also i don't want to allow an entry for MBA from the switch to auth to the WLAN.