Revision as of 21:53, 17 February 2012

freeradius2

Install

EAP/WPA2

• http://en.wikipedia.org/wiki/EAP-TLS#LEAP

LEAP

Crap created by Cisco and is proprietary. Native support in Win = No. 3rd party/Cisco clients = Yes. Widely adopted means that lots of equipment supports it. Exploit tool ASLEAP. Uses MS-CHAP which is shit in the first place. Recommend only using if need to with really long passwords.

EAP-TLS

Highly 'touted' TLS+PKI. Something about overhead of client side certs being bad. Original wireless EAP makes it natively supported in a majority of os's. Client side cert has to be distributed? (It's a private key)

EAP-MD5

Insecure MD5 hashes. Does not verify EAP server. (vulrn to man in the middle) Works in 2k and depreciated in Vista.

Notes

• http://www.dell.com/downloads/global/products/pwcnt/en/5324_auth_using_winxp.pdf

Install

http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46

• Installer Mode
• Quick Install
• Command line configure LAN/WAN
• System->Firmware->Autoupdater Settings->Choose Default Autoupdater URLs
• Install Unbound and configure for DNSSEC after disable standard DNS Forwarder
• Make sure LAN ip DNS ip in DHCP server on LAN Interface
• Enable NTP Server

Custom Build

I would like to build a PFSense install with the right kernel modules for VGA so I can have a graphical log viewer/monitor on the laptop that I use. I would also like to virtualize PFSense and SoleraOS....or find something that does the same thing. One machine, a firewall and monitoring solution in one.

This guide allows one to build their own iso image to install to a system:

One of the VGA modules has to be compiled into the kernel.

http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso