PfSense
Contents
freeradius2
Install
EAP/WPA2
LEAP
Crap created by Cisco and is proprietary. Native support in Win = No. 3rd party/Cisco clients = Yes. Widely adopted means that lots of equipment supports it. Exploit tool ASLEAP. Uses MS-CHAP which is shit in the first place. Recommend only using if need to with really long passwords.
EAP-TLS
Highly 'touted' TLS+PKI. Something about overhead of client side certs being bad. Original wireless EAP makes it natively supported in a majority of os's. Client side cert has to be distributed? (It's a private key)
EAP-MD5
Insecure MD5 hashes. Does not verify EAP server. (vulrn to man in the middle) Works in 2k and depreciated in Vista.
Notes
Install
http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46
- Installer Mode
- Quick Install
- Command line configure LAN/WAN
- System->Firmware->Autoupdater Settings->Choose Default Autoupdater URLs
- Install Unbound and configure for DNSSEC after disable standard DNS Forwarder
- Make sure LAN ip DNS ip in DHCP server on LAN Interface
- Enable NTP Server
Custom Build
I would like to build a PFSense install with the right kernel modules for VGA so I can have a graphical log viewer/monitor on the laptop that I use. I would also like to virtualize PFSense and SoleraOS....or find something that does the same thing. One machine, a firewall and monitoring solution in one.
This guide allows one to build their own iso image to install to a system:
One of the VGA modules has to be compiled into the kernel.