I need help tracking down why my WPA2-Enterprise EAP-TLS FreeRADIUS Wifi network won't function.
I need help tracking down why my WPA2-Enterprise EAP-TLS FreeRADIUS Wifi network won't function.
To start .... I am running Omada Software Controller (Currently on Windows 10) as a service. It is currently version 5.15.20.21 (Stable build).
My network consists of the following devices (in addition to the SDC):
1x ER605 - 5 port VPN / Internet Gateway --- ER605 v2.0 firmware 2.3.0
1x SG2008 - 8 port Layer 2 Switch (non-PoE) --- SG2008 v4.20 firmware 4.20.9
1x EAP245 - Wireless Access Point --- EAP245(US) v3.0 firmware 5.2.0
1x Linux Mint Server v22.1 Xia - FreeRADIUS v3.2.5 (no proxies ... single realm ... wifi device x509 cert authentication only, no accounting)
There is SCANT documentation on setting up a network with this configuration (Most of which is so deprecated that it almost qualifies as dis-information) so please, excuse my fumbling about ... it is the best I could do given no experience, no support, and limited access to useful technical documentation or relevant information (outside of the RFCs themselves which are virtually indecipherable as they are written in elite nerd code. A language that sadly I have yet to fully comprehend, despite many years of diligent effort made toward that score). I digress ...
What I am trying to accomplish, as stated in the Subject line for this thread, is to simply create a secure wireless environment where I can exist beyond the clutches of the innumerable hacker-type mac-address spoofing identity-thieving "criminals" that cannot or will not leave my information, devices, nor my internet connection alone. This is the final step ... beyond this, I'm going to have to resort to other more drastic measures which I will not discuss here.
I have connected, configured, and documented my network topology both physically and logically with this sole exception. I cannot get any wireless devices to successfully complete the authentication process of joining my secure wireless network. There aren't any errors or warnings ... nothing in Radius debugging etc .... in fact I can see in the rather verbose output FreeRadius provides during attempted connections that there isn't a problem .... it's all green lights up until the process stalls. It just stops processing and everything server side goes back into a waiting type state, while the device just hangs in a connecting state until eventually it too gives up and then stubbornly tries again... and the cycle repeats ad-nauseum into perpetuity.
It might be Radius, but if it is I couldn't say where or why ... there is nothing pointing to a misconfiguration or what to look for if your devices simply hang in a "Connecting" state until eventually something or everything simply times out ... I guess, I'm completely out of ideas at this point and nowhere to turn for guidance. The freerradius forums and community resources have proven to be of little actual help, either no replies at all or unhelpful snarky comments from elitist knowledge hoarding trolls that exist solely to cause people like me to think very dark and evil thoughts.
As for the SDC as I said, there aren't any errors that I'm seeing in the logs aside from the ARP cache poisoning, constant and non-ceasing mac address spoofing and of course the evil-twin / deauthorization combo attacks (those are my personal favorites... inspired me to actually go to a sporting goods store where I purchased a nice aluminum bat. I'm practicing my swing, and getting better too). Once again, I digress...
So, I have all the fun icky verbose logs and the verbose radius output all of which Im more than happy to share.
What information specifically would you like to see first? Or should I post it all (it's a LOT)?
Really, thank you ... if you've read this far you deserve a medal just for that. But any ideas would be most appreciated. For anyone willing to take this on with me to try and run it to ground and find root cause .... I'll gladly buy you a pizza and a 2 litre of soda... send me an address and what you want on the bad boy and BAM!, I'll get one sent over easy as pie! (not joking).
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I can't find this information on my end.
Please wait a bit—they usually take 24-48 hours to process a case. You can also send them another email as a reminder.
- Copy Link
- Report Inappropriate Content
Still no response to my request for support .... I am beginning to see why the support certificates I naively purchased with each of my Omada devices were so affordable; the old adage "you get what you pay for" was not lost on this network implementation's devices. I'll attest to that...
I'm considering boxing the whole thing up and throwing it in a dumpster ... my life has never been this frazzled trying to implement standard technologies on a simple flat network. Who needs it? I don't.
I just need to find something capable of replacing it all with first, which incidentally comes with actual support but also won't force me to take out a second mortgage on the house to pay for it.
Buyer beware! It's better than Linksys / Netgear / etc .... but then again, what isn't? Avoid the headache and the endless stress ... just buy Cisco and be done with it ... it'll cost you but you'll see the value, and probably save yourself an additional 15 years worth of gray hair overnight ... and as an added bonus, you could then skip having to attend any of those pointless anger management courses. Value add!
-Just another happy "EX"-customer
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 668
Replies: 13
Voters 0
No one has voted for it yet.