RADIUS proxy
37 views
Skip to first unread message
pni...@gmail.com
Aug 19, 2020, 1:12:00 PM8/19/20
to OpenWISP
Can openwisp-radius be configured as RADIUS proxy? this way, only Openwisp would need to be configured in the external RADIUS
Thanks.
Federico Capoano
Aug 19, 2020, 1:38:39 PM8/19/20
to OpenWISP
In the past I have worked with OpenWISP1 and a radius proxy using realms, but I guess the possible configurations are endless, so you should describe more in detail what you need to do or we won't be able to provide much useful information.
F.
Can openwisp-radius be configured as RADIUS proxy? this way, only Openwisp would need to be configured in the external RADIUSThanks.
--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/22af5ae5-9921-4af4-bc06-b532e50796ean%40googlegroups.com.
pni...@gmail.com
Aug 19, 2020, 1:52:05 PM8/19/20
to OpenWISP
Currently there is a RADIUS server and we use WPA Enterprise for the authentication.
For the authentication to work, we have to give permission to each router ip in the RADIUS server, which is a problem for a big number of devices.
For the authentication to work, we have to give permission to each router ip in the RADIUS server, which is a problem for a big number of devices.
We want to configure the Openwisp IP in the router's configuration and Openwisp to follow each validation to the remote RADIUS.
Maybe something similar to this
https://wiki.freeradius.org/config/Proxy
Thanks.
Federico Capoano
Aug 19, 2020, 1:56:35 PM8/19/20
to OpenWISP
Do you want to configure openwisp-radius and freeradius as an external source of data which will be called by a RADIUS proxy?
It should be doable. We've done this in the past at Cineca to make work the free italia wifi federation, but it was built with the first generation of openwisp (built in Ruby on Rails).
I have not tried this with the openwisp 2 yet.
But the concepts used are equivalent, so it should be doable in some way.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/02574dd9-1c49-4474-9916-a37b5f0c0c26n%40googlegroups.com.
pni...@gmail.com
Aug 20, 2020, 2:53:14 AM8/20/20
to OpenWISP
No, what a I want is the host of Openwisp to also be a RADIUS proxy, not the RADIUS which will be called by a RADIUS proxy.
I dont know how openwisp-radius works, although looked in https://openwisp-radius.readthedocs.io/en/latest/index.html. Does it configures the ips of the auth_server and acct_server when configuring a template with WPA Enterprise encryption?
I dont know how openwisp-radius works, although looked in https://openwisp-radius.readthedocs.io/en/latest/index.html. Does it configures the ips of the auth_server and acct_server when configuring a template with WPA Enterprise encryption?
Federico Capoano
Aug 23, 2020, 6:01:32 PM8/23/20
to OpenWISP
On Thursday, August 20, 2020 at 1:53:14 AM UTC-5, pni...@gmail.com wrote:
No, what a I want is the host of Openwisp to also be a RADIUS proxy, not the RADIUS which will be called by a RADIUS proxy.
Ah ok, I have never tried this.
Would be interesting ot find out.
I dont know how openwisp-radius works, although looked in https://openwisp-radius.readthedocs.io/en/latest/index.html. Does it configures the ips of the auth_server and acct_server when configuring a template with WPA Enterprise encryption?
You're talking about the OpenWRT configuration now?
That's a topic for openwisp-controller, openwisp-radius is focused on freeradius.
Once you have a working freeradius/openwisp-radius configuration working, you have to create a WPA2 enterprise template, sure it can be done and you may also automate some aspects if you need by using django signals and custom receiver functions.
pni...@gmail.com
Aug 24, 2020, 2:13:07 AM8/24/20
to OpenWISP
In the current RADIUS server, we have to give access to all routers that wants to atuthenticate through it, so if yo add another device, you have to configure the RADIUS server for it. With a RADIUS proxy, all routers will got to it, and only one access (the proxy) will need to be configured in the main RADIUS.
"You're talking about the OpenWRT configuration now?"
No, I was asking what is the integration beetween openwisp-radius and openwisp-controller. If we have configured a RADIUS, when making a WPA2 enterprise template will the data to enter in the RADIUS section be suggested (the configured trought openwisp-radius)? I don't know if openwisp-radius can configure for example the nas-id or secret.
Federico Capoano
Aug 24, 2020, 11:53:22 PM8/24/20
to OpenWISP
There's no integration yet.
If you need to automate some aspects of the WPA2 enterprise configuration, you may want to use django signals to fill configuration variables (eg: nasid) for new devices and use a configuration template that makes use of these variables.
This is the fastest way right now.
This is the fastest way right now.
Reply all
Reply to author
Forward
0 new messages