Setting up a WPA2 Enterprise Test Environment with a local computer via Docker image
Required Gear
- Local Computer for the RADIUS server
- Docker pre-installed
- Ethernet cable
- Wireless Access Point (WAP) that is capable of using WPA2 Enterprise mode, and pointing to a RADIUS server for authentication
Setup
-
WAP should be in WPA2 Personal mode for initial configuration
-
Plug the Local Machine into the WAP with an ethernet cable (required)
This will remove the catch 22 necessity for the Local Computer needing to authenticate with itself once we enable WPA2 Enterprise
-
Log into the WAP (192.168.1.1 or 10.0.0.1 typically)
-
Find the list of clients, and grab the IP address for your Local Computer
-
Clone this repo on your Local Machine GitHub - avtolstoy/particle-wpa-enterprise-docker: A Docker image with a test FreeRADIUS configuration to test EAP-TLS and PEAP/MSCHAPv2 authentication.
git clone git@github.com:avtolstoy/particle-wpa-enterprise-docker.git -
Navigate to the
particle-wpa-enterprise-dockerdirectory on your Local Computer via terminal. -
Build the Docker Image (this will take a while)
docker build --no-cache=true -t particle-wpa-enterprise . -
Run the Docker Image (you should see debugging output from the FreeRADIUS process)
docker run -p 0.0.0.0:1812:1812/udp particle-wpa-enterprise
Now let's switch the WAP to use WPA Enterprise
- Switch the Wireless Authentication Type to WPA2 Enterprise (apply)
- Under RADIUS Setting configuration:
- Server IP Address: Enter the IP address of the Local Machine
- Server Port:
1812 - Connection Secret:
particle
Setup the Photon/P1
-
Connect via USB cable
-
Enter Listening Mode
-
Connect via serial (
screen /dev/cu.usbmodemXXXXon Mac or use Tera Term VT on Windows) -
Press
wExample PEAP/MSCHAPv2 LOGIN / PASSWORD based setup (NOT SECURE!)
Note: This is the easiest setup method to gain a connection, however be warned it is not secure. Use certificates to ensure maximum security.
EAP Type 0=PEAP/MSCHAPv2, 1=EAP-TLS: 0 <ENTER> Username: particle <ENTER> Password: particle2017 <ENTER> Outer identity (optional): <ENTER> Root CA in PEM format (optional): <ENTER>Example PEAP/MSCHAPv2 LOGIN / PASSWORD with Root CA based setup (SECURE!)
SSID: <WAP_SSID> <ENTER> EAP Type 0=PEAP/MSCHAPv2, 1=EAP-TLS: 0 <ENTER> Username: particle <ENTER> Password: particle2017 <ENTER> Outer identity (optional): <ENTER> Root CA in PEM format (optional): <copy/paste in file ca.crt> <ENTER> -----BEGIN CERTIFICATE----- MIIFlDCCA3ygAwIBAgIJAI01a4ML65mlMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV ... -----END CERTIFICATE-----Example EAP-TLS with Client Cert., Client Key and Root CA based setup (SECURE!!!)
SSID: <WAP_SSID> <ENTER> EAP Type 0=PEAP/MSCHAPv2, 1=EAP-TLS: 1 <ENTER> Client certificate in PEM format: <copy/paste in file client1.crt> -----BEGIN CERTIFICATE----- MIIE3DCCAsSgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx ... -----END CERTIFICATE----- Private key in PEM format: <copy/paste in file client1.key> -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAy42H10w6nntp+Ti7Ts/czel8Gw4mz8Mh3N0R/sapRNLyznom ... -----END RSA PRIVATE KEY----- Outer identity (optional): <ENTER> Root CA in PEM format (optional): <copy/paste in file ca.crt> -----BEGIN CERTIFICATE----- MIIFlDCCA3ygAwIBAgIJAI01a4ML65mlMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV ... -----END CERTIFICATE-----OUTPUT in all cases
Thanks! Wait while I save those credentials... Awesome. Now we'll connect! If you see a pulsing cyan light, your device has connected to the Cloud and is ready to go! If your LED flashes red or you encounter any other problems, visit https://www.particle.io/support to debug. Particle <3 you! -
If you still have the Docker process in Terminal open, you should see activity from the freeradius process, and your device should have an internet connection.
-
If you don't see any activity, try restarting the Docker image (see kill command below, run is above).
-
If you'd like to terminate the Docker image, follow these steps:
Run:
docker psFind the Container ID for the particle-wpa-enterprise Image.
docker kill <id>