[tech] Secure wireless
David Adam
zanchey at ucc.gu.uwa.edu.au
Sun Apr 11 13:03:27 WST 2010
Because 4am is the best time to be doing sysadmin stuff, I managed to get
the wireless AP providing a WPA2-Enterprise SSID authenticating using UCC
usernames and passwords.
Connect to 'UCCsec' and you should get prompted for a username and
password, possibly a certificate prompt, and then dumped onto the normal
wireless VLAN.
Most of the technical details of the RADIUS setup are in
http://wiki.ucc.asn.au/LDAP/LazySysadmin#FreeRADIUS - the AP configuration
is fairly simplistic too.
WPA2-Enterprise uses PEAPv0/MS-CHAPv2, which is complex way of saying
'there's an SSL-based tunnel wrapping the password exchange'. That tunnel
is currently set up to use the secure.ucc.asn.au certificates, although
switching back to the UCC CA self-signed certificates is straightforward.
I'm curious how much effect the actual certficate has on the user
experience. The iPhone asks you to confirm the certificate regardless of
whether it is signed by a trusted CA or not, but I didn't have a chance to
test any other devices. If people with Mac OS and Windows laptops could
try it out and let me know how they go I would appreciate it - in
particular, whether there is a prompt to accept the certificate and if it
provides any useful information in working out whether to trust the
connection.
David Adam
UCC Wheel Member
zanchey@
More information about the tech
mailing list