"Outer and inner identities are the same"

Alan DeKok aland at deployingradius.com
Tue Oct 22 00:42:09 CEST 2019 

On Oct 21, 2019, at 6:23 PM, Gregory Sloop <gregs at sloop.net> wrote:
> 
> I have a EAP-MSCAPv2 WPA-Enterprise setup working so that's good.

  As a nitpick, it's not doing EAP-MSCHAPv2.  It's probably doing PEAP.  Which is an outer TLS session, followed by EAP-MSCHAPv2 as application data inside of the TLS tunnel.

  This is largely similar to HTTPS in some ways.  There's a TLS session setup for security, and then actual data (HTTP) inside of the TLS session.

> I get warnings about "Outer and inner identities are the same," however.
> Searching the list doesn't do a lot to illuminate me as to exactly what the inner and outer tunnels are.

  sites-enabled/inner-tunnel is the virtual server which handles the inner-tunnel authentication.  It has some comments describing what's going on.

> I think I understand this warning - though some explanation would be handy.
> 
> I assume, given the message, that the User identity is available outside the MS-CHAP/MPPE "envelope" - in the "outer" tunnel.

  MS-CHAP doesn't have inner tunnel.  It's largely just a two-way handshake of hash(password).  And the MPPE keys are sent in the Access-Accept, and are unrelated to identities or tunnels.

> But, if we're using a CA/server-cert+key, the user identity should be encrypted inside the "outer" tunnel too, right? To say that another way - the outer tunnel is protected via the server-cert+key, and the inner tunnel is protected by the chapv2/mppe protocol. Do I have that right?

  Not really.  Read the debug output to see what's going on.  You will see:

* outer identity is User-Name, and is in the clear
* at some point, it goes "TLS session established"
* followed by running sites-enabled/inner-tunnel
* which then does EAP-MSCHAPv2
* and which in turn has an inner identity

> In this case, the MPPE tunnel is far less secure [provided modern encryption standards] than say a AES-256/SHA-256 RSA outer tunnel, and I shouldn't need to worry about the warning.

  The warning is there for a reason.

  The point is that the outer identity is entirely in the clear.  Anyone can see it.  It's sent in the clear over WiFi.  If you want privacy, you should use an anonymous outer identity (e.g. @example.com), and then use your "real" identity inside of the TLS tunnel.  Which, of course, is encrypted via all of the normal TLS magic.  So no one can snoop on it.

  There's a standard for this, of course.  RFC 7542.  Written by your friendly neighbourhood RADIUS guy.

> If there's a doc somewhere that covers this, I'd be happy to read it, but I haven't seen one - or been able to find one by searching.

  Wikipedia has a good page on PEAP.  It covers a lot of these subjects at a high level.

> Lets deal with that first, and then once I understand it well enough, I may have follow-on questions.

  That's a very good approach.

  Alan DeKok.

More information about the Freeradius-Users mailing list