I use Freeradius for ppsk with my access point. The tunnel-password parameter is required in the users file. I have created a patch that patches the 3 necessary files. It is always annoying to patch them, because if you forget to do so, you lose the passwords. Is it planned to include an official parameter tunnel-password, or how to add the patch. Or is this not desired?
Ahh, got here from a Google search - I should have known to look in the forum first. I too am looking to set up PPSK with Radius for my wireless clients connecting to access points - I am already doing so with my wired clients. I will almost certainly hold off until it is easy to set the tunnel-password parameter for wireless clients, so interested to know if this is on the radar or if it will always be a manual configuration?
Attached the patch file to configure by the GUI.
Install:
copy file to the server
call
patch --directory=/ -p0 < radius.patch
There is a new field PKS-Passwort in the user konfiguration.
The passwords will be saved in backup.xml too.
Restore, install first the patch then restore the config.xml and may be need, the change one of the user and press save.
Hello, guys.
Today, I started using an Omada AP and wanted to set up ppsk with dynamic VLAN assignment.
That's when I came across this topic.
I installed the patch and can see the selection in the web UI, but the PPSK is not being applied to the configuration.
Is there something else I need to consider, or is the patch incompatible with version 25.7?
OK, I found the problem.
The change in "/usr/local/opnsense/mvc/app/models/OPNsense/Freeradius/User.xml" was not implemented.
I have now entered it manually.
I have also created a fallback tunnel password.
I made the changes as follows...
/usr/local/opnsense/mvc/app/models/OPNsense/Freeradius/General.xml:
<fallbacktunnelpasswd type="TextField">
<Required>N</Required>
</fallbacktunnelpasswd>
/usr/local/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/general.xml:
<field>
<id>general.fallbacktunnelpasswd</id>
<label>Fallback Tunnelpassword</label>
<type>text</type>
<advanced>true</advanced>
</field>
/usr/local/opnsense/service/templates/OPNsense/Freeradius/users:
{% if OPNsense.freeradius.general.fallbacktunnelpasswd is defined %}
Tunnel-password = {{ OPNsense.freeradius.general.fallbacktunnelpasswd }},
{% endif %}
Unfortunately, I don't understand the patch syntax, so perhaps the creator of the patch could add that here.
I took a look at Git and put something together :)
Attached is a modified patch with a fallback tunnel password, tested on v25.7.
Use at your own risk!
Okay, I'm on a roll now and have expanded the patch.
I have added the "Default tunnel password for all users" function.
When this box is checked, every user who has not entered their own tunnel password will be assigned the default password.
Thanks! There's a PR opened for the same - https://github.com/opnsense/plugins/pull/4235 . Not sure how to get it merged though :)