[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ fralp Public

FreeRadius 3 docker container with EAP-TLS based on alpine:edge

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sxiii/fralp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
easyrsa
easyrsa
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
clients.conf
clients.conf
 
 
eap
eap
 
 
freeradius-auth.png
freeradius-auth.png
 
 
radiusd.conf
radiusd.conf
 
 
site
site
 
 

Repository files navigation

FreeRadius over alpine:edge with EAP-TLS (fralp)

Steps to build container

Downloading repo

git clone https://github.com/sxiii/fralp
cd fralp

Build EasyRSA container (for certificate generation)

docker build easyrsa -t easyrsa

Generate certificates (example client name: toshiba)

You can specify as many clients as you want (re-run this command each time, replacing word "toshiba" with any client names you like.

docker run -it -v pki:/easyrsa/pki easyrsa build-client-full toshiba

After generating certificates and private keys, you need to copy them manually from a "pki" docker volume to your client machine (total of 3 files):

  • ca.crt (Central Authority Certificate)
  • toshiba.crt (Your own certificate file)
  • toshiba.key (Your own key file) The files inside PKI docker volume can be located by navigating to /easyrsa/pki path.

Build FRALP docker container

docker build -t fralp .

Running freshly-built docker container (in visible mode)

sudo docker run -it -p 1812:1812/udp --restart=always -v pki:/etc/raddb/certs -e CLIENT_ADDRESS=192.168.1.1 -e CLIENT_SECRET=password -e PRIVATE_KEY_PASSWORD=password fralp:latest

Replace "-it" flag with "-d" to daemonize the process to background. Replace CLIENT_ADDRESS with wifi-hotspot address, as long as CLIENT_SECRET and PRIVATE_KEY_PASSWORD with according values.

Client configuration

Now you can configure your AP with WPA2 Enterprise, AES, the server IP and client secret. Use two certificates along with user private key to authenticate against freeradius tls. Here's how you can do it for example: img

Windows and other P12 client configuration

If you need a P12-type certificate (for example, to import it on windows), you can use openssl to convert your results to it like this:

openssl pkcs12 -export -out certificate.pfx -inkey toshiba.key -in toshiba.crt -certfile ca.crt

Be sure to state all 3 files correctly and you'll get "certificate.pfx" as output that you'll be able to use on windows and other OSes.

About

FreeRadius 3 docker container with EAP-TLS based on alpine:edge

Topics

docker tls dockerfile alpine radius eap alpine-linux freeradius tls-certificate radius-server alpine-edge wpa2-enterprise radius-tls freeradius-server freeradius-setup eap-tls

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages