I have extracted ca.pem, client.pem and privatekey.pem from my ISPs modem and I saw that vyos has EAPOL built in and I wanted to try it. However I cannot seem make it work with my eth0 interface or any other interface. I am faced with this message
set interfaces ethernet eth0 eapol ca-cert-file /config/auth/att/ca.pem
Configuration path: interfaces ethernet eth0 eapol [ca-cert-file] is not valid
Set failed
I am following in this thread https://phabricator.vyos.net/T1466
I am not sure what I am doing incorrectly. Any help is appreciated. I did try my .pem files with openwrt and pfsense routers using the same hardware as vyos and they did work. I wanted to try vyos becuase I love the cli configure interface.
You are probably using the new VyOS 1.4.
Try this way (Key usage (CLI)):
import and add certificates used by services on router: Key usage (CLI)
Then use these commands:
vyos@vyos# set interfaces ethernet eth0 eapol
Possible completions:
ca-certificate Certificate Authority in PKI configuration
certificate Certificate in PKI configuration
passphrase Private key passphrase
Thank you for your response. I was able to follow and add ca.pem, client.pem and private.pem using the ‘set pki’ commands however I am getting this message
Invalid certificate/private key specified for EAPoL
my private.pem was in pkcs1 and had to convert it to pkcs8 using openssl before I could add it.
So far i have installed ca.pem using the
Hi @jay-0d , that output points to the wrong cert/key combination on your configuration side. I think the key is related to your certificate, not CA and configuration will look like:
set pki ca <ca_name> certificate ‘<ca_cert_string>’
set pki certificate <cert_name> certificate ‘<cert_string>’
set pki certificate <cert_name> private key ‘<cert_key>’
set interfaces ethernet <interface_name> eapol ca-certificate <ca_name>
set interfaces ethernet <interface_name> eapol certificate <cert_name>