569
edits
Changes
Setting up external Radius server for Hotspot authentication (view source)
Revision as of 10:54, 4 August 2023
, 10:54, 4 August 2023no edit summary
In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use ''freeradius'' package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.
In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use ''freeradius'' package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.
[[File:External_Radius_server_topology_v1.png|alt=|center|772x772px]]
==Prerequisites==
==Prerequisites==
*Ports 1812 and 1813 forwarding to local Ubuntu server
*Ports 1812 and 1813 forwarding to local Ubuntu server
Firstly, let us set a static lease for the Ubuntu machine running Radius server:
Firstly, let us set a static lease for the Ubuntu machine running Radius server and configure port forwarding:
* Login to WebUI and navigate to Network → Interfaces → LAN and add a static lease to the MAC address of Ubuntu machine.
* Login to WebUI and navigate to Network → Interfaces → LAN
[[File:Networking Radius server LAN edit v2.png|border|class=tlt-border|1097x1097px]]
* Add a static lease to the MAC address of Ubuntu machine.
[[File:Networking Radius server Static lease v1.png|border|class=tlt-border|1095x1095px]]
* Navigate to Network → Firewall → Port Forwards and add two new rules to forward 1812 and 1813 ports from WAN to Radius server on the same ports.
* Navigate to Network → Firewall → Port Forwards and add two new rules to forward 1812 and 1813 ports from WAN to Radius server on the same ports.
[[File:Networking Radius server Port forwards v1.png|border|class=tlt-border|1095x1095px]]
Radius server is now set with basic configuration and ready to be tested with RUT2 to authenticate Hotspot users.
Radius server is now set with basic configuration and ready to be tested with RUT2 to authenticate Hotspot users.
==Preparing RUT2==
==Preparing RUT2==
====Setting up Hotspot====
----
Main requirements for RUT2:
*Internet connection
*Hotspot service
In order to start our Hotspot, we need to create a Wifi access point without a dedicated interface nor with any authentication:
* Navigate to Network → Wireless and click add
* Select "--No network--" in General setup → Network
[[File:Networking Radius server wireless general v1.png|border|class=tlt-border|1050x1050px]]
* Select "No encryption" in Wireless security → Encryption
* Save & Apply
[[File:Networking Radius server wireless security v1.png|border|class=tlt-border|1088x1088px]]
* Navigate to Services → Hotspot (Or install the package if it is not present by navigating to Services → Package Manager)
* Add new Hotspot instance by selecting Wireless access point created earlier
* Enable the Hotspot and select Radius as Authentication mode in General settings.
[[File:Networking Radius server hotspot general v1.png|border|class=tlt-border|692x692px]]
* Go to Radius menu, insert Public IP of the Radius server (RUT1 WAN IP address) and Radius secret key we created for the client before.
[[File:Networking Radius server Radius hotspot settings v1.png|border|class=tlt-border|730x730px]]
Our configuration is complete.
==Testing Authentication==
Now that we have the setup configured, we can test if the server authenticates the users.
In order to see authentication requests on the server side:
a. Run radius server in debug mode by first disabling the freeradius service using command
<pre>
sudo /etc/init.d/freeradius stop
</pre>
and then running the following command:
<pre>
sudo freeradius -X
</pre>
b. Tail the log file using the following command:
<pre>
sudo tail -f /var/log/freeradius/radius.log
</pre>
Once we see the logs, we can connect to the Hotspot using user credentials defined from either a smartphone or another computer:
* Connect to the wireless network
[[File:Networking Radius server wifi login v1.png|border|class=tlt-border|292x292px]]
* Login using credentials defined in the Radius server users
[[File:Networking Radius server hotspot login web v1.png|border|class=tlt-border|443x443px]]
* You should see authorization success window
[[File:Networking Radius server hotspot auth success v1.png|border|class=tlt-border|867x867px]]
* Logs should show Login OK message
[[File:Networking Radius server log message v1.png|border|class=tlt-border|864x864px]]
[[Category:WIFI]]