Differences

This shows you the differences between two versions of the page.

--- siteadmin:basic_freeradius_orps_and_idp_configuration [2022/12/02 14:47] – admin
+++ siteadmin:basic_freeradius_orps_and_idp_configuration [2023/04/05 11:58] (current) – admin
@@ Line 54: / Line 54: @@
 # Realms that don't match any other listed send to the pool of govroam servers
-realm "~^[^@.]([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$" {
+realm "~^[^@\. ]([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$" {
     auth_pool = govroam
     nostrip
@@ Line 219: / Line 219: @@
 And then create a symlink from sites-enabled/govroam-inner-tunnel to sites-available/govroam-inner-tunnel.
+===mods-available/eap===
-===mods-available->govroam_logs:===
+<code>
+eap {
+	default_eap_type = mschapv2
+	timer_expire     = 60
+	ignore_unknown_eap_types = no
+	cisco_accounting_username_bug = no
+	max_sessions = ${max_requests}
+	md5 {
+	}
+	tls-config tls-common {
+		# Generate and install a server cert and a CA ROOT.
+		private_key_password = whatever
+		private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+		certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+		ca_file = /etc/ssl/certs/ca-certificates.crt
+		dh_file = ${certdir}/dh
+		ca_path = ${cadir}
+		cipher_list = "DEFAULT"
+		cipher_server_preference = no
+		ecdh_curve = "prime256v1"
+		cache {
+			enable = no
+			lifetime = 24 # hours
+		}
+		verify {
+		}
+		ocsp {
+			enable = no
+			override_cert_url = yes
+			url = "http://127.0.0.1/ocsp/"
+		}
+	}
+	tls {
+		tls = tls-common
+	}
+	# This is the config for PEAP/MSCHAPv2 i.e. username/password.
+	peap {
+		tls = tls-common
+		default_eap_type = mschapv2
+		copy_request_to_tunnel = no
+		use_tunneled_reply = no
+		virtual_server = "inner-tunnel" # Make sure that this points to the govroam inner tunnel
+	}
+	mschapv2 {
+	}
+}
+</code>
+And then create a symlink from mods-enabled/eap to mods-available/eap, if one doesn't already exist.
+===mods-available/govroam_logs:===
 <code>