Revision as of 13:15, 12 July 2015

Introduction

A more secure way than using pre-shared keys (WPA2) is to use EAP-TLS and use separate certificates for each device. In the previous tutorial Linux Router with VPN on a Raspberry Pi I mentioned I'd be doing this with a (Ubiquiti UniFi AP). I have tested this with two phones running CyanogenMod 11 (Android 4.4.4).

Installation

Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random Entropy and randomness. When feature 3465 is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).

apk add freeradius freeradius-eap haveged

Certificates

You will want to create your certificates. The easiest way to do that is to use the scripts provided by FreeRadius.

The readme for that script is in /etc/raddb/certs/README or can be found here.

@@ Line 7: / Line 7: @@
 Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random [[Entropy and randomness]]. When [http://bugs.alpinelinux.org/issues/3465 feature 3465] is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).
 {{cmd|apk add freeradius freeradius-eap haveged}}
+= Certificates =
+You will want to create your certificates. The easiest way to do that is to use the scripts provided by FreeRadius.
+The readme for that script is in /etc/raddb/certs/README or can be found [https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/certs/README here].
 = References =
 * https://forums.freebsd.org/threads/howto-wpa2-enterprise-with-freeradius.28467
 * https://samhobbs.co.uk/2013/12/remove-network-may-be-monitored-by-an-unknown-third-party-in-android-4-4-kitkat