Wireless Authentication and Encryption with Zeroshell Linux - Page 2
Part 1: Zeroshell makes it easy to harness FreeRADIUS and other open source tools to secure your wireless network.
Create a New Certificate Authority
Go to Security -> X.509. Enter your information, then click Generate. This replaces the default CA, so you'll get a warning. Click OK. You should see something like Figure 1.
Figure 2. Click for a larger image.
Note the success messages at the bottom. Now go to the Groups page and add a new user group and GID, something novel like "users, 500". Then go to the Users page and create a new user. In the Username field enter the user's login; you'll enter their first and last names farther down. Fill in the rest of the blanks and save. A private key and X.509 certificate are automatically created for each user.
Now go to the Radius page. Enable the Radius server, then go to the Access Points tab and add an access point. The IP address of your access point must be in CIDR notation, for example 172.16.10.101/32. (The /32 netmask equals a single address.) Then create a strong shared secret with a maximum lengths of 32 characters
Configuring the Access Point
The configuration interfaces vary with every access point, but you always need the same information:
- RADIUS/Zeroshell server IP address
- RADIUS/Zeroshell server port, default 1812
- Shared Secret
- Type of authentication, which is WPA2, sometimes called WPA Enterprise
Come back for part 2 to learn how to set up your wireless clients to authenticate to your new RADIUS server.
Resources
- Zeroshell forums
- Zeroshell.net, English pages
- Build a Secure Logging Server with syslog-ng
- Guide to IP Layer Network Administration with Linux
- HOWTO: WPA/WPA2 Enterprise Authentication has a lot of helpful screenshots
- Linux Networking Cookbook has several recipes for RADIUS and building a good stout Linux-based WAP
