Chapter 2: Network Setup
We have now completed the Steel Belted Radius configuration required to support Secure Mesh.
The remaining steps are covered in the WMS Administrator’s Guide.
Trusted Root Certificate EAP-TTLS Secure Mesh requires the root certificate be sent to each MOTOMESH Duo
device. This process is covered in the WMS Administrator’s Guide. The root.der certificate
created on our Certificate Authority and loaded on our Steel Belted Radius Server needs to
be copied to the One Point Wireless Manager™ server. The One Point Wireless Manager™
application will download this root certificate to the MOTOMESH Duo devices when Secure
Mesh is configured.
Copy the root.der certificate to a folder on the One Point Wireless Management Server.
Before EAP-TTLS Secure Mesh can use this certificate it must be converted to pem format.
Open up a terminal window on the server, navigate to the folder where you copied the
root.der certificate and type the following command at the command prompt:
Convert DER (.crt .cer .der) to PEM
openssl x509 –inform der –in root.der –out root.pem
Now the trusted root certified is in pem format and can be used by the One Point Wireless
Manager™ application when Secure Mesh is configured.
EAP-TTLS Secure Mesh also requires the r0kd daemon to function (which was installed by
the Linux environment script). Details on how this is configured are contained in the WMS
Administrator’s Guide. As part of our network setup we will elect to wait until EAP-TTLS
Secure Mesh is configured in the One Point Wireless Manager™ application before we start
the r0kd daemon. It is better to wait as the r0kd configuration file (which is located under
/etc/r0k.conf) must be updated with values chosen during the Secure Mesh setup in the One
Point Wireless Manager™ application.
If you are familiar with configuring EAP-TTLS Secure Mesh and know what values will be
chosen in the One Point Wireless Manager™ application then you can edit the r0k.config file
and launch the daemon.
The following variables in the configuration file (r0k.conf) have to be set correctly:
• auth_server_addr = <authentication server IP address> (In our reference
design this is 172.31.0.21)
2-32