EAP-TTLS/EAP-TLS with freeRADIUS

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Nov 27 10:51:28 CET 2011


On 27 Nov 2011, at 00:40, Mr Dash Four wrote:

> 
>>> In other words, EAP-TTLS/EAP-TLS isn't actually supported in
>>> freeRADIUS?
>>>    
>> 
>> It is. I believe you misunderstood how RADIUS works.
>>  
> Maybe, considering I've been reading about RADIUS for just over 2 days...

Why don't you try reading about EAP and 802.1X too?

>> The connection between the AP (called NAS in RADIUS) and the
>> RADIUS-Server is only protected by the shared secret configured in
>> clients.conf. 
>> Yes, this is kind of weak.
> It is *very* weak, not least because connections can be intercepted as, I presume is the case here, this "shared secret" is transmitted in the clear over the wire. If that is not the case and it is hashed, then, that's another story.

No... and When would you ever send a shared secret over the wire in the clear? That negates the secret part...

> 
>> And because of this weakness a protocol like
>> RADsec has been developed, which is essentially
>> RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole
>> RADIUS session.
>> 
>> So far I have not seen any devices like APs, Dial-in-Servers, etc.
>> support RADsec. But this is normally no problem, since those devices are
>> usually located in a safe network with the RADIUS server.
>> 
>> RADsec for example is used in the Deutsche Forschungsnetz (DFN), to
>> secure inter-university RADIUS connections over the Internet to
>> authenticate Eduroam users.
>>  
> Interesting, noted. It would be nice if this works in a similar way as the SSL handshake works - this is very secure, tested and already established in the real world.

Of course it does, it's using TLS... You think the RADSEC guys are going to mess with it just because it's used for transporting RADIUS packets?

> 
>> Back to EAP-(T)TLS:
>> 
>> The connection between a connecting device such as a laptop, which
>> connects to a NAS, can be secured via EAP-(T)TLS, which is a protocol
>> transported via RADIUS packets.
>> 
>> This of course is supported by FreeRADIUS since ages.
>>  
> OK, my understanding of EAP-TTLS/EAP-TLS is that the authentication happens in two distinct stages: the first stage (EAP-TTLS) is the outer authentication where the server presents its credentials/certificate to the client and then the secure channel is established. Phase two (EAP-TLS in my case) is where the client - via its client certificate - is actually authenticated to the RADIUS server. Now, I was hoping that the AP does this in a similar sort of way when authenticating itself to the RADIUS server, but it seems that is not the case and this is indeed a weak point.

No the NAS (It can be a WAP, VPN concentrator, Switch, Router, Terminal Server) - Does not use EAP-TTLS or any EAP based authentication method to communicate with the RADIUS server directly.

As previously mentioned RADSEC does what you're asking. There's also plans for a DTLS transport layer (http://tools.ietf.org/html/draft-dekok-radext-dtls-03).

But neither have been implemented by NAS vendors yet. If you want to have a secure channel of communication between the RADIUS server run the UDP packets through a VPN, or implemented a local proxy on the NAS to translate between UDP and RADSEC.

 Additionally, if you're using EAP-TTLS-TLS, why do you need the RADIUS communications to be secure? The sensitive data is already encrypted. In fact why are you using EAP-TTLS-TLS unless you're transporting something extra in the TTLS tunnel? Seems sort of pointless to me...

> 
> My question still remains though  - since this is a two-phase authentication, two distinct sets of (ca, server, client) certificates can be used. How do I specify these in RADIUS?

raddb/modules/eap.conf - You can specify the signing CA for peer certificates for EAP-TLS.

You can use two instances of the module, one for outer and one for inner if it helps you understand the concept any better.

> 
> I found that I could specify the ca, client and server certificates once (normally stored in raddb/certs if memory serves), but I potentially need two of each for each phase. I know I could use just one, but just for the sake of understanding the whole process and getting to know how it all works I need to know this. How do I do that?

See above...

> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

Arran Cudbard-Bell
a.cudbardb at freeradius.org

Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !





More information about the Freeradius-Users mailing list