FreeRadius EAP-TLS configuration: Difference between revisions
Sillysausage (talk | contribs) (Created page with "= Introduction = A more secure way than using pre-shared keys (WPA2) is to use [https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#EAP-TLS EAP-TLS] and use separ...") |
Sillysausage (talk | contribs) No edit summary |
||
| Line 5: | Line 5: | ||
= Installation = | = Installation = | ||
Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random [[Entropy and randomness]] | Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random [[Entropy and randomness]]. When [http://bugs.alpinelinux.org/issues/3465 feature 3465] is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng). | ||
{{cmd|apk add freeradius freeradius-eap haveged}} | {{cmd|apk add freeradius freeradius-eap haveged}} | ||
Revision as of 13:02, 12 July 2015
Introduction
A more secure way than using pre-shared keys (WPA2) is to use EAP-TLS and use separate certificates for each device. In the previous tutorial Linux Router with VPN on a Raspberry Pi I mentioned I'd be doing this with a (Ubiquiti UniFi AP). I have tested this with two phones running CyanogenMod 11 (Android 4.4.4).
Installation
Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random Entropy and randomness. When feature 3465 is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).
apk add freeradius freeradius-eap haveged