Hi, I am trying to up the RADIUS in the openwisp server, so I have added following lines in my playbook.yml openwisp2_radius: true openwisp2_freeradius_install: false Openwisp2_radius_urls: true openwisp2_RADIUS_API: true After installing openwisp server with ansible , I m able to see the radius tab in the webserver. I followed the openwisp -radius documentation for eap-ttls configuration with bearer token mechanism and followed all the steps. I have updated all the details like nas, rad-reply and other rad-tabled in the sqlite.db based on freeradius documentation and i made necessary configurations in the openwisp webserver also. I used freeradius -X command to run the RADIUS server in the debug mode. Then I m getting the following error:
rest ERROR: Request failed: 60 -ssl peer certificate or ssh remote key was not ok. For this error, I contacted the support group and they have suggested to generate automatic ssl certificates. Problem for this, Our team is not ready to buy the domain name. So, I have installed a local dns server and assigned the domain name for my openwisp server. I am able to ping to my website and able to see the results at nslookup and dig commands. Then I followed the documentation for automatic ssl certificates, when I m running my ansible with hosts and playbook with new domain name as input, I m getting error as the dns record is not found for my domain name. So, I come to know that DNS record has to be their in internet for Lets encrypt to work. So I went through the playbook about what output Let's encrypt is providing, I come to know that we are feeding inputs like openwisp2_ssl_cert and openwisp2_ssl_key . Then I have generated fullchain.pem and privkey.pem as inputs to the playbook for openwisp2_ssl_cert and openwisp2_ssl_key and run the ansible with the playbook as input. Generated keys are also given as input at EAP file of freeradius.The openwisp server webpage is generated but still I getting connection not secure at my web browser. I m getting same error: " rest ERROR: Request failed: 60 -ssl peer certificate or ssh remote key was not ok." when running freeradius. Please correct me if I went wrong. Is it correct way of the Up the RADIUS in openwisp server or any better way is there, Please let me know. On Saturday, May 11, 2024 at 11:50:39 PM UTC+5:30 Kolla Honey wrote: > I have created the certificates and given as an input in the eap file of > freeradius.But still I m seeing the same error. What should I do?? > > > > On Sat, 11 May 2024, 10:31 pm Federico Capoano, <f.ca...@openwisp.io> > wrote: > >> If I was you I wouldn't bother to do that and would simply get a valid >> SSL certificate from Letsencrypt >> <https://github.com/openwisp/ansible-openwisp2?tab=readme-ov-file#automatic-ssl-certificate> >> . >> >> For anything about freeradius, refer to the freeradius documentation >> <https://freeradius.org/documentation/> and community support >> <https://freeradius.org/community/>. >> >> I hope this helps. >> >> Federico >> >> -- >> > You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to openwisp+u...@googlegroups.com. >> > To view this discussion on the web, visit >> https://groups.google.com/d/msgid/openwisp/CAAGgX6KwkCE%3DCK1SvOrM6h72cWjfW4VDEuCC3fitToip1_NgkA%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/openwisp/CAAGgX6KwkCE%3DCK1SvOrM6h72cWjfW4VDEuCC3fitToip1_NgkA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/1f8a6b6f-a827-4b14-904d-bad571d4ca97n%40googlegroups.com.