Radius Server

Started by soernt.poppe, November 01, 2016, 11:00:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 01, 2016, 11:00:09 AM
Hi there,

I just installed OPNSense and I really like it so far :-)

The one thing I miss is a Radius Server that is running and integrated within OPNSense.
The background:
I split my network into several VLANs, I would like that the Switch-Port to VLAN-Id assignement is based on the Device (MAC-Address) or user name (+Password). Currently the each Switch-Port has a static assigned VLAN-Id.

I would like to see
a) An option to install FreeRadius Server within the PugIns
b) At the user account management I would like to assign a user a VLAN-Id.
c) Within the Radius configuration page an option to define a list of MAC addresses where I can set the VLAN-Id for each MAC Address.

Any chances to get something like that? ;D I did see that pfSense is offering something like that.
November 02, 2016, 01:09:11 PM #1
Hi there,

We do have a freeradius package, but not the plugin as you said:

# pkg install freeradius3

This must be set up manually just like one would in FreeBSD.

Plugins require support from community contributors. So far I haven't spoken to anyone who wanted to build a RADIUS GUI, but maybe someone here can help?

Here's the current state of our plugins, from what they can possibly do to what we do offer at the moment:

https://github.com/opnsense/plugins#about-the-opnsense-plugins


Cheers,
Franco
November 03, 2016, 09:24:08 AM #2
Hi Franco,

thank your for your feedback.

I am not a professional admin. Installing the package is not the problem, but the integration within the existing authentification system is where I am lost.

It looks like that I need to manage the user and devices within the FreeRadius configuration files. That is not what I want.

Any chances to get the FreeRadius integration onto your road map for 2017?

Cheers,
Sörnt
November 15, 2016, 05:35:07 PM #3
Hi Sörnt,

Chance for 17.7 is there, but it requires a human resource or sponsoring, because it's off our general track of improving the firewall itself.

I'm saying this in the hopes somebody will find the time to look at it and get started. We'll be here for help for integration.


Cheers,
Franco
November 27, 2016, 10:17:04 AM #4
Hi franco,

I am currently using freeradius package in pfSense and would love to see something similar in OPNsense.
Can you give me some hints where to start? How can I help?
November 27, 2016, 10:59:35 AM #5
Hi,

A general description of how plugins are written is here:

https://docs.opnsense.org/development/examples/helloworld.html

Best to double-check against available plugins, can borrow ideas and code from there:

https://github.com/opnsense/plugins


Cheers,
Franco
Print
Go Up Pages1
User actions