Fwd: Re: Quasi-enterprise WiFi network
Victor Sudakov
vas at mpeks.tomsk.su
Sat Jan 13 09:56:02 UTC 2018
Freddie Cash wrote:
>
> Let me know if you need any other information.
Dear Freddie,
Thanks for the rewrite rules, I've saved them for future reference.
However, I went in a different direction and set up a test
quasi-enterprise network with a TP-Link AP and FreeRADIUS server
(net/freeradius3). I was surprised to find out that with the almost
default FreeRADIUS configuration, it does work as I wanted, without
installing any X.509 certificates on client devices. At least this
works for Android devices: you just provide the login/password pair
and you are connected.
Are there any network experts willing to look at the dump of RADIUS
traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? I'd like to
understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc)
is actually being used (and why the Android devices are readily
trusting FreeRADIUS's test server certificate, I'm a bit uneasy about
it).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
More information about the freebsd-net
mailing list