Blue Light
Space shortcuts
Child pages
  • Installation

Versions Compared

Old Version 5

changes.mady.by.user Dyuman

Saved on

compared with

New Version 6

changes.mady.by.user Dyuman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here, we replicate the relevant configuration already present on server.lastschl.av as a starting point. The test virtual machine will have two network interfaces, one serving as uplink on a 192.168.10.0/24 network (IP 192.168.10.52), and one to connect to the wifi routersNASes/clients supplicants on a 192.168.9.0/24 network (IP 192.168.9.1). The FQDN will be server.test.av.

...

The host computer has two network interfaces, one connected to a network uplink and another connected to a couple of wifi routersNASes. Each VirtualBox virtual interface is bridged to a different physical adapter. Network configuration is now as follows (interface name seen in guest OS - Adapter name in VirtualBox settings - Adapter "Attached to" setting in VirtualBox settings - Physical interface bridged to):

...

enp0s8 - Adapter 2 - Bridged adapter - physical interface connected to wifi routersNASes

Booted the VM, logged in to the GUI, connected using DHCP with network manager

...

Add to /etc/shorewall/rules (replace IP addresses with actual IP address of wifi routersNASes):

Code Block
 
# At the top of the file:
?SECTION ALL
# Allow the server and NASes to talk RADIUS and HTTP (web interface)
ACCEPT          wifi:192.168.9.2,192.168.9.3,192.168.9.4                $FW                                             tcp     -       80
ACCEPT          $FW                                                     wifi:192.168.9.2,192.168.9.3,192.168.9.4        tcp     80      -
ACCEPT          wifi:192.168.9.2,192.168.9.3,192.168.9.4                $FW                                             udp     1812    -
ACCEPT          $FW                                                     wifi:192.168.9.2,192.168.9.3,192.168.9.4        udp     -       1812
# But, reject anything else to and from any other device part of the 192.168.9.0/24 network that is not part of any dynamic zone
REJECT          wifi                                                    all                                             -       -       -
REJECT          all                                                     wifi                                            -       -       -

?SECTION NEW
 
# At the end of the file:
ACCEPT:INFO(uid)        wifi:192.168.9.2,192.168.9.3,192.168.9.4        $FW             udp    1812

...

Modify /etc/freeradius/3.0/clients.conf, comment the 'client localhost' and 'client localhost_ipv6' section and add (replace with actual IP addresses of wifi routersNASes):

Code Block
client wifi-ap1 {
       ipaddr = 192.168.9.2
       secret = password # Replace with an actual password
}
 
client wifi-ap2 {
       ipaddr = 192.168.9.3
       secret = password # Replace with an actual password
}

client wifi-ap3 {
       ipaddr = 192.168.9.4
       secret = password # Replace with an actual password
}

...