Difference between revisions of "PfSense"
(→freeradius2) |
(→freeradius2) |
||
| Line 2: | Line 2: | ||
Install | Install | ||
| + | |||
| + | ==EAP/WPA2== | ||
| + | *http://en.wikipedia.org/wiki/EAP-TLS#LEAP | ||
| + | ===LEAP=== | ||
| + | Crap created by Cisco and is proprietary. Native support in Win = No. 3rd party/Cisco clients = Yes. Widely adopted means that lots of equipment supports it. Exploit tool ASLEAP. Uses MS-CHAP which is shit in the first place. Recommend only using if need to with really long passwords. | ||
| + | ===EAP-TLS=== | ||
| + | Highly 'touted' TLS+PKI. Something about overhead of client side certs being bad. Original wireless EAP makes it natively supported in a majority of os's. Client side cert has to be distributed? (It's a private key) | ||
| + | ===EAP-MD5=== | ||
| + | Insecure MD5 hashes. | ||
==Notes== | ==Notes== | ||
Revision as of 21:49, 17 February 2012
Contents
freeradius2
Install
EAP/WPA2
LEAP
Crap created by Cisco and is proprietary. Native support in Win = No. 3rd party/Cisco clients = Yes. Widely adopted means that lots of equipment supports it. Exploit tool ASLEAP. Uses MS-CHAP which is shit in the first place. Recommend only using if need to with really long passwords.
EAP-TLS
Highly 'touted' TLS+PKI. Something about overhead of client side certs being bad. Original wireless EAP makes it natively supported in a majority of os's. Client side cert has to be distributed? (It's a private key)
EAP-MD5
Insecure MD5 hashes.
Notes
Install
http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46
- Installer Mode
- Quick Install
- Command line configure LAN/WAN
- System->Firmware->Autoupdater Settings->Choose Default Autoupdater URLs
- Install Unbound and configure for DNSSEC after disable standard DNS Forwarder
- Make sure LAN ip DNS ip in DHCP server on LAN Interface
- Enable NTP Server
Custom Build
I would like to build a PFSense install with the right kernel modules for VGA so I can have a graphical log viewer/monitor on the laptop that I use. I would also like to virtualize PFSense and SoleraOS....or find something that does the same thing. One machine, a firewall and monitoring solution in one.
This guide allows one to build their own iso image to install to a system:
One of the VGA modules has to be compiled into the kernel.
