FreeRadius EAP-TLS configuration: Difference between revisions

From Alpine Linux
(Created page with "= Introduction = A more secure way than using pre-shared keys (WPA2) is to use [https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#EAP-TLS EAP-TLS] and use separ...")
 
No edit summary
Line 5: Line 5:
= Installation =
= Installation =


Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random [[Entropy and randomness]]
Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random [[Entropy and randomness]]. When [http://bugs.alpinelinux.org/issues/3465 feature 3465] is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).


{{cmd|apk add freeradius freeradius-eap haveged}}  
{{cmd|apk add freeradius freeradius-eap haveged}}  

Revision as of 13:02, 12 July 2015

Introduction

A more secure way than using pre-shared keys (WPA2) is to use EAP-TLS and use separate certificates for each device. In the previous tutorial Linux Router with VPN on a Raspberry Pi I mentioned I'd be doing this with a (Ubiquiti UniFi AP). I have tested this with two phones running CyanogenMod 11 (Android 4.4.4).

Installation

Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random Entropy and randomness. When feature 3465 is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).

apk add freeradius freeradius-eap haveged

References