Date: Sat, 13 Jan 2018 16:55:53 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-net@freebsd.org Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180113095553.GA19901@admin.sibptus.transneft.ru> In-Reply-To: <CAOjFWZ6XY2pHaVUqwSxL=hK9VdKh0ZdFMeHMdbhsDC=z8zngYw@mail.gmail.com> References: <CAOjFWZ6kYSTKmPHpQqd%2BywrUNVLcG6JNzwFJYPyt5z1H4HeRUw@mail.gmail.com> <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <CAOjFWZ5j%2BixKVc0cy6ik=BuU0nmpdUgFyePAVDouKmS=MM9vOg@mail.gmail.com> <20180108072035.GB52442@admin.sibptus.transneft.ru> <CAOjFWZ6XY2pHaVUqwSxL=hK9VdKh0ZdFMeHMdbhsDC=z8zngYw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Freddie Cash wrote: > > Let me know if you need any other information. Dear Freddie, Thanks for the rewrite rules, I've saved them for future reference. However, I went in a different direction and set up a test quasi-enterprise network with a TP-Link AP and FreeRADIUS server (net/freeradius3). I was surprised to find out that with the almost default FreeRADIUS configuration, it does work as I wanted, without installing any X.509 certificates on client devices. At least this works for Android devices: you just provide the login/password pair and you are connected. Are there any network experts willing to look at the dump of RADIUS traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? I'd like to understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc) is actually being used (and why the Android devices are readily trusting FreeRADIUS's test server certificate, I'm a bit uneasy about it). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180113095553.GA19901>