Skip to content

Latest commit

 

History

History
97 lines (78 loc) · 3.81 KB

README.md

File metadata and controls

97 lines (78 loc) · 3.81 KB

TL;DR

  • RADIUS server for small-scale wireless networks
  • Based on FreeRADIUS
  • Has a web dashboard for configs and PKI
  • Supports Aruba/Cisco MPSK and EAP-TLS authentication methods
  • Supports certificate-based EAP-TLS authentication
  • Supports password-based EAP-GTC and EAP-MSCHAPv2 authentication

Getting Started

Prepare

  • Clone this repository (recommended), or download the docker-compose.yml and create data directory
  • (Optional) Modify docker-compose.yml to use master branch instead of latest tag
  • Run docker compose up -d (Docker and Docker Compose plugin required)

Configure

  • Open http://localhost:3000 on your browser

    • Configure your NAS clients (e.g. Aruba Mobility Controllers or Aruba Instant APs)
    • (Optional) Configure MPSKs for WPA-Personal SSID/devices
    • (Optional) Initialize PKI and generate certificates for EAP-TLS (WPA-Enterprise)
    • (Optional) Download client certificates from PKI dashboard to your devices
  • Restart by using the reload button on the top-right corner, to apply changes of your PKI

Features & Roadmap

  • Web Portal

    • MPSK Authentication Dashboard
      • CRUD: Name/Phy Address/PSK
      • Export/Import
    • PKI Dashboard
      • CA/Server/Client Certificate Issue and Delete
      • Client Certificate Export (PKCS#12 with trust chain)
        • User-defined PKCS#12 Export Password
    • Password-based Authentication Dashboard
    • NAS Client Dashboard
      • CRUD: Name/Allowed Subnet/Secret
      • Export/Import
    • Radiusd Dashboard
      • Log Inspection
      • Regenerate/Reload
  • Supervisor (Backend Service and Radiusd Manager)

    • API Server
      • Client (NAS) CRUD/Bulk-Upsert
      • MPSK CRUD/Bulk-Upsert
      • PKI CA/Server/Client CRUD
      • Password-based User CRUD
      • Radiusd rlm_rest Interface
      • Radiusd Log/Status/Reload
    • PKI
      • Certificate Authority
        • Self-Signed CA and Certificate Issue
        • Existing CA/Intermediate Importing (WIP:hourglass:)
      • CA/Server Deployment to Radiusd
      • Client Certificate Export over API (PKCS#12 with trust chain)
    • Radiusd
      • Child Process Management
      • Configuration Rendering
    • Storage
      • File/JSON-based Storage
        • Clients, MPSKs
        • PKI
      • SQLite-backed Storage
        • Clients, MPSKs
        • PKI
      • PostgreSQL-backed Storage (WIP:hourglass:)

Project Structure

  • /common - Shared Libraries: Serializers and Typings on io-ts
    • /api - specific for APIs between @yonagi/supervisor and @yonagi/web
  • /supervisor - The Radiusd Supervisor/Daemon on NestJS
    • /api - API Controllers: Logic and Sanitization
    • /pki - PKI: CA and Certificate Management on PKI.js
    • /configs - Radiusd Config Generation
    • /radiusd - Radiusd Process Management
  • /web - The Web Frontend on next.js
    • /app - React pages with some shiny server components
    • /lib - Shared libraries for all pages

Dependencies

  • fp-ts/io-ts: Functional Programming and Type-Safe Serialization/Vaidation
  • NestJS: Dependency Injection and API Server
  • next.js: The React Frontend
  • PKI.js: X.509 Certificate and PKCS #12 Support

License

MIT