FreeRadius EAP-TLS configuration

From Alpine Linux
Revision as of 13:02, 12 July 2015 by Sillysausage (talk | contribs)
Jump to: navigation, search

Introduction

A more secure way than using pre-shared keys (WPA2) is to use EAP-TLS and use separate certificates for each device. In the previous tutorial Linux Router with VPN on a Raspberry Pi I mentioned I'd be doing this with a (Ubiquiti UniFi AP). I have tested this with two phones running CyanogenMod 11 (Android 4.4.4).

Installation

Install freeradius and haveged. You'll need haveged to increase randomness of /dev/random Entropy and randomness. When feature 3465 is resolved if you have a Raspberry Pi you could use it's own hardware random number generator (bcm2708-rng).

apk add freeradius freeradius-eap haveged

References