Testing

FreeRADIUS provides a program called radtest, which can be used to test a radius server. Unfortunately, it does not support testing EAP-TLS authentication. However, a program called eapol_test, which is apparently part of wpa_supplicant, can be used to test EAP-TLS. This program needs to be compiled manually from the source code, as the executable is not included in the wpasupplicant package on Linux.

• Download the latest wpa_supplicant from https://w1.fi/releases/

• Install dependencies

  sudo apt install build-essential pkg-config libnl-3-dev libssl-dev libnl-genl-3-dev
  

• Build eapol_test

  tar -xzvf wpa_supplicant-2.9.tar.gz
  cd wpa_supplicant-2.9/wpa_supplicant
  cp defconfig .config
  # edit .config and uncomment CONFIG_EAPOL_TEST=y
  make eapol_test
  # if the compiler complains about something just comment it out
  cp eapol_test ../..
  cd ../..
  

• Create a configuration file called eapol_test.conf

  network={
     ssid="Test"
     key_mgmt=WPA-EAP
     eap=TLS
     identity=""
     ca_cert=""
     client_cert=""
     private_key=""
     private_key_passwd=""
     eapol_flags=3
  }
  

• Update the permissions for the configuration file and fill in the values for the empty fields

  chmod 600 eapol_test.conf
  

• Test the RADIUS server

  # x.x.x.x is the ip address of the radius server
  # <shared_secret> is the secret set on the server in /etc/freeradius/3.0/clients.conf
  ./eapol_test -c eapol_test.conf -a x.x.x.x -s "<shared_secret>"