Messages

1

21.7 Legacy Series / Re: 8021x WLAN Android 11

« on: January 18, 2022, 08:35:24 pm »

i use a self signed cert ... created on the opnsense firewall

radius-ca  (my root CA)
radius-intermediate-ca (intermediate-ca) used to sign Server Cert & User Cert
radius-server
user

It looks like Android is only Accepting Certs which are in the System Root-CA therefore Trusted Root-CA´s

I would like to Implement my own CA without any MDM as this is my home network

That's only possible if you persuade the phone to have your root CA in it's trusted root store. Otherwise your CA must be in, which means you've need a cert signed by one of them.

I think there is the Problem as a user i cann´t add it to the trusted root store....
But thanks for confirming, its bad for BYOD

2

21.7 Legacy Series / Re: 8021x WLAN Android 11

« on: January 14, 2022, 10:26:48 pm »

i use a self signed cert ... created on the opnsense firewall

radius-ca  (my root CA)
radius-intermediate-ca (intermediate-ca) used to sign Server Cert & User Cert
radius-server
user

It looks like Android is only Accepting Certs which are in the System Root-CA therefore Trusted Root-CA´s

I would like to Implement my own CA without any MDM as this is my home network

3

21.7 Legacy Series / 8021x WLAN Android 11

« on: January 14, 2022, 03:01:45 pm »

Hi

I wan´t to change my 8021x from PEAP-MS-CHAP v2 to EAP-TLS but seem to be stuck when not using a signed CA...

Currently freeradius gives the Error

 2022-01-14T12:26:13       Auth: (85) Login incorrect (eap_tls: (TLS) Alert read:fatal:unknown CA): [mobile_device/<via Auth-Type = eap>] (from client AP1 port 1 cli XX-XX-FB-0C-07-E4)   
2022-01-14T12:26:13       ERROR: (85) eap_tls: ERROR: (TLS) Alert read:fatal:unknown CA

what i´ve read by now is that it´s not posible to trust a self signed ca in android 11 and up ....

Any Ideas?

Happy to Test suggestions

4

21.1 Legacy Series / Re: Freeradius fails to start after update to 21.1.7

« on: June 26, 2021, 04:46:39 pm »

also switched to openssl - and the Updated Version Works...
I´ll stick with openssl for now... i´m happy to test on the next update to switch ssl versions again ;-)

5

21.1 Legacy Series / Re: Freeradius fails to start after update to 21.1.7

« on: June 22, 2021, 03:56:21 pm »

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 15:44:59 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
Output of Health Audit... Seams to be ok

I have not enabled LDAP in my freeradius configuration but i see the same issue if i upgrade freeradius again...

6

21.1 Legacy Series / Re: Freeradius fails to start after update to 21.1.7

« on: June 19, 2021, 10:32:16 am »

Might be worth notifying the plugin maintainer.

For a quick fix:

# opnsense-revert -r 21.1.6 freeradius3


Cheers,
Franco

7

21.1 Legacy Series / Re: Freeradius fails to start after update to 21.1.7

« on: June 19, 2021, 08:24:59 am »

Same here also get the pap[13] error, happens on start or restart of the Service the workaraound is working for now.

Thanks