CODEWITHSUNDEEP
linuxsslfreeradiuswpa-supplicant
user2299445
user2299445

Reputation: 1

Trying to set up freeradius in eap-tls mode using wpa supplicant

I am trying to setup freeraadius in eap-tls mode. I am using freeradius as a server and wpa-supplicant as a client. I have installed both packages in Ubuntu-14.04.3. I am using the sample certificates provided along with freeradius package. I use the script bootstrap provided in /freerad/raddb/cert . I donot know if this script properly signs the certificate or not as i am not an expert in this area. I simply provide the paths to these certificates in client.conf to freeradius and configuration file in wpa-supplicant. Following is the wpa-supplicant configuration i am using

network={

  ssid="YOUR-SSID"
  scan_ssid=1
  key_mgmt=WPA-EAP
  eap=TLS
  identity="alice"
  ca_cert="/home/areh/freeradius-server-3.0.11/raddb/certs/ca.pem"
  client_cert="/home/areh/freeradius-server-3.0.11/raddb/certs/client.pem"
  private_key="/home/areh/freeradius-server-3.0.11/raddb/certs/client.key"
}

I am running freeradius using Freeradius -X command and eapol_test -c eap-tls.conf -s testing123 for wpa-supplicant command.

I receive the following error on wpa-supplicant terminal:

OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib

OpenSSL: SSL_use_certificate_file (PEM) --> OK

OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error

OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

OpenSSL: pending error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib

OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib

OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM) failed error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read

OpenSSL: pending error: error:140CB009:SSL routines:SSL_use_PrivateKey_file:PEM lib

OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

OpenSSL: Failed to load private key

TLS: Failed to load private key '/home/areh/freeradius-server-3.0.11/raddb/certs/client.key'

TLS: Failed to set TLS connection parameters

I am using wpa_supplicant-0.7.3 and also tried with 2.5 version, freeradius version is freeradius-server-3.0.11. I would really appreciate any clue or help. I am debugging using wireshark and I can see access-challenge and access-request packets being exchanged but never reach the next message stage. Kindly help with this problem.

Upvotes: 0

Views: 2561

Answers (1)

Matthew Newton
Matthew Newton

Reputation: 655

The default client key that FreeRADIUS generates is encrypted, so you need to tell eapol_test what the password is. The default password is "whatever" - see /home/areh/freeradius-server-3.0.11/raddb/certs/passwords.mk on your system.

Adding the following to your wpasupplicant config file should make it work:

private_key_passwd = "whatever"

There is also an example wpasupplicant config file for this that ships with FreeRADIUS in freeradius-server/src/tests/eap-tls.conf.

Upvotes: 2

Related Questions