From owner-freebsd-stable@freebsd.org  Wed Oct 18 16:35:43 2017
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4113E3DB95
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Wed, 18 Oct 2017 16:35:43 +0000 (UTC) (envelope-from peter@pean.org)
Received: from system.jails.se (system.jails.se [52.16.239.146])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 716BE84FF1
 for <freebsd-stable@freebsd.org>; Wed, 18 Oct 2017 16:35:42 +0000 (UTC)
 (envelope-from peter@pean.org)
Received: from lune.pean.org (213-67-100-148-no110.tbcn.telia.com
 [213.67.100.148])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by system.jails.se (Postfix) with ESMTPSA id A84BD11FDDC;
 Wed, 18 Oct 2017 18:35:33 +0200 (CEST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
Subject: Re: 802.1X authenticator for FreeBSD
From: =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org>
In-Reply-To: <AE175682-AD2B-4DAC-AF4C-3B6F3CDB7449@distal.com>
Date: Wed, 18 Oct 2017 18:35:32 +0200
Cc: FreeBSD Stable <freebsd-stable@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org>
References: <C34FB467-C2DB-4B59-9DD2-2491E7A136F1@pean.org>
 <AE175682-AD2B-4DAC-AF4C-3B6F3CDB7449@distal.com>
To: Chris Ross <cross+freebsd@distal.com>
X-Mailer: Apple Mail (2.3445.1.7)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 16:35:43 -0000



> On 17 Oct 2017, at 22:27, Chris Ross <cross+freebsd@distal.com> wrote:
>=20
>=20
>  wpa_supplicant is the client we use at work, on Linux systems.  But, =
it=E2=80=99s also the tool described in the FreeBSD wireless =
configuration pages, so I know it can be used there.
>=20
>  I haven=E2=80=99t tried FreeBSD with wired 802.1x myself, but just a =
thought I had.
>=20
>           - Chris
>=20
Its my understanding that wpa_supplicant is actually a working client in =
FreeBSD. But I=E2=80=99m looking for the server side of this.=20

It would be just fine if it worked just like hostapd (control access of =
one nic) and dont have any control over switchports or whatever. Another =
nice way of doing it would be to have some sort of integration with =
authpf or pf itself.=