OPENWISP RADIUS

68 views
Skip to first unread message

Kolla Honey

unread,
May 10, 2024, 8:31:06 AMMay 10
to OpenWISP
Hello, I m new to openwisp. I have downloaded RADIUS using ansible and I followed the documentation provided in the web, yet whenever I m running my freeradius server, I m getting error as rest: ERROR: Request failed: 60 -SSL peer certificate or SSHkey was not ok.
rest:ERROR: Server returned no data. I did try different combinations to make it work but it is still throwing same error. Can anyone help me what need to done? any inputs are needed from my end.

Federico Capoano

unread,
May 10, 2024, 8:39:40 AMMay 10
to open...@googlegroups.com
If you open the URL of the OpenWISP admin web interface, do you see any SSL certificate warning?
If so, you're using an untrusted certificate. You can still use it, but will have to configure freeradius to either not verify the validity of the certificate or trust it.

Best regards
Federico Capoano

On Fri, 10 May 2024 at 08:31, Kolla Honey <kollapr...@gmail.com> wrote:
Hello, I m new to openwisp. I have downloaded RADIUS using ansible and I followed the documentation provided in the web, yet whenever I m running my freeradius server, I m getting error as rest: ERROR: Request failed: 60 -SSL peer certificate or SSHkey was not ok.
rest:ERROR: Server returned no data. I did try different combinations to make it work but it is still throwing same error. Can anyone help me what need to done? any inputs are needed from my end.

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/a3be1e62-45e4-42ea-825a-8cc0e94b986bn%40googlegroups.com.

Kolla Honey

unread,
May 11, 2024, 10:55:49 AMMay 11
to OpenWISP
Hi,
When I opened my openwisp server, I got warning as connection not secure. Now, How can I configure the freeradius to either not verify the validity of the certificate or trust it?

Federico Capoano

unread,
May 11, 2024, 1:01:28 PMMay 11
to open...@googlegroups.com
If I was you I wouldn't bother to do that and would simply get a valid SSL certificate from Letsencrypt.

For anything about freeradius, refer to the freeradius documentation and community support.

I hope this helps.

Federico

Kolla Honey

unread,
May 11, 2024, 2:20:39 PMMay 11
to open...@googlegroups.com
I have created the certificates and given as an input in the eap file of freeradius.But still I m seeing the same error. What should I  do??

 

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.

Kolla Honey

unread,
Jun 7, 2024, 9:49:58 AMJun 7
to OpenWISP
Hi, 
I am trying to up the RADIUS in the openwisp server, so I  have added following lines in my playbook.yml 
openwisp2_radius: true 
openwisp2_freeradius_install: false
 Openwisp2_radius_urls: true
openwisp2_RADIUS_API: true
After installing openwisp server with ansible , I m able to see the radius tab in the webserver. I followed the openwisp -radius documentation for eap-ttls configuration with bearer token mechanism and followed all the steps.
I have updated all the details like nas, rad-reply and other rad-tabled in the sqlite.db based on freeradius documentation and i made necessary configurations in the openwisp webserver also.
I used freeradius -X command to run the RADIUS server in the debug mode. Then I m getting the following error:

 rest ERROR: Request failed: 60 -ssl peer certificate or ssh remote key was not ok.

For this error, I contacted the support group and they have suggested to generate automatic ssl certificates.

Problem for this, Our team is not ready to buy the domain name. So, I have installed a local dns server and assigned the domain name for my openwisp server.
I am able to ping to my website and able to see the results at nslookup and dig commands. Then I followed the documentation for automatic ssl certificates, when I m running my ansible with hosts and playbook with new domain name as input, I m getting error as the dns record is not found for my domain name. So, I come to know that DNS record has to be their in internet for Lets encrypt to work. So I went through the playbook about what output Let's encrypt is providing, I come to know that we are feeding inputs like  openwisp2_ssl_cert and openwisp2_ssl_key . Then I have generated fullchain.pem and privkey.pem as inputs to the playbook for openwisp2_ssl_cert and openwisp2_ssl_key and run the ansible with the playbook as input.
Generated keys are also given as input at EAP file of freeradius.The openwisp server webpage is generated but still I getting connection not secure at my web browser. I m getting same error: " rest ERROR: Request failed: 60 -ssl peer certificate or ssh remote key was not ok."
when running freeradius.


Please correct me if  I went wrong. Is it correct way of the Up the RADIUS in openwisp server or any better way is there, Please let me know.

Kolla Honey

unread,
Jun 8, 2024, 11:56:36 AMJun 8
to OpenWISP
I m hereby attaching the logs for freeradius  -X output. Please take a look in to it.
Freeradius_log.odt
Reply all
Reply to author
Forward
0 new messages