RADIUS - RadSecProxy: ignoring request, no matching TLS client
Martin Vancl
tux.martin na gmail.com
Pondělí Listopad 19 00:47:43 CET 2012
Dobry den,
potrebuji zabezpecit RADIUS komunikaci mezi FreeRADIUS (ubuntu)
serverem a OpenWrt AP. Vychazel jsem z techto navodu:
http://www.eduroam.cz/doku.php?id=cs:spravce:pripojovani:radsec:radsecproxy
http://codeghar.wordpress.com/2008/03/17/create-a-certificate-authority-and-certificates-with-openssl/
Na serveru je nasledujici konfigurace:
root na server:/# cat /etc/radsecproxy.conf
ListenUDP localhost:11812
ListenTLS *:2084
LogLevel 3
LogDestination x-syslog:///
LoopPrevention on
tls server {
CACertificateFile /etc/radsecproxy/ca/certs/cacert.pem
CACertificatePath /etc/radsecproxy/ca/certs/
CertificateFile /etc/radsecproxy/ca/certs/server.pem
CertificateKeyFile /etc/radsecproxy/ca/private/server.key.pem
}
server localhost {
port 1812
type udp
secret testing123
}
client localhost {
type udp
secret testing123
}
client * {
type tls
tls server
certificateNameCheck off
secret testing123-1
}
realm * {
server localhost
}
a na klientovi:
root na client:/# cat /etc/radsecproxy.conf
ListenUDP localhost:1812
LogDestination x-syslog:///log_daemon
tls client {
CACertificateFile /etc/cert/cacert.pem
CACertificatePath /etc/cert/
CertificateFile /etc/cert/client..pem
CertificateKeyFile /etc/cert/client.key.pem
}
client 127.0.0.1 {
type udp
secret testing123-1
}
server 192.168.1.1 { # IP serveru
type tls
secret testing123-1
port 2084
tls client
certificateNameCheck off
}
realm * {
server 192.168.1.1
}
Zkousel jsem uz asi milion veci, ale stale se mi nedari spojeni. Vzdy
to zustane vyset na chybe "ignoring request, no matching TLS client"
Vypis ze serveru:
root na server:/# radsecproxy -c /etc/radsecproxy.conf -d 3 -f
Nov 17 21:19:36 2012: createlistener: listening for udp on localhost:11812
Nov 17 21:19:36 2012: createlistener: listening for tls on *:2084
Nov 17 21:19:43 2012: tlsservernew: incoming TLS connection from 192.168.1.68
Nov 17 21:19:43 2012: tlsservernew: ignoring request, no matching TLS client
Nov 17 21:19:45 2012: tlsservernew: incoming TLS connection from 192.168.1.68
Nov 17 21:19:45 2012: tlsservernew: ignoring request, no matching TLS client
Nov 17 21:19:47 2012: tlsservernew: incoming TLS connection from 192.168.1.68
Nov 17 21:19:47 2012: tlsservernew: ignoring request, no matching TLS client
^C
root na server:/#
a z klienta:
root na client:/# radsecproxy -c /etc/radsecproxy.conf -d 3 -f
Nov 17 21:19:43 2012: createlistener: listening for udp on localhost:1812
Nov 17 21:19:43 2012: connecttcphostlist: trying to open TCP
connection to 192.168.1.1 port 2084
Nov 17 21:19:43 2012: connecttcphostlist: TCP connection to
192.168.1.1 port 2084 up
Nov 17 21:19:45 2012: connecttcphostlist: trying to open TCP
connection to 192.168.1.1 port 2084
Nov 17 21:19:45 2012: connecttcphostlist: TCP connection to
192.168.1.1 port 2084 up
Nov 17 21:19:47 2012: connecttcphostlist: trying to open TCP
connection to 192.168.1.1 port 2084
Nov 17 21:19:47 2012: connecttcphostlist: TCP connection to
192.168.1.1 port 2084 up
^C
root na client:/#
Netusite nekdo, co delam spatne s certifikaty?
Dekuji za pomoc.
--
S pozdravem
Martin Vancl
e-mail: tux.martin na gmail.com
jabber: tux.martin na gmail.com
www: http://martin.vancl.eu/
twitter: http://twitter.com/tuxmartin
Další informace o konferenci Linux