- Preinstalled SSH Client (e.g. https://www.putty.org/)
- Wago Device e.g. PFC200 G2 or Wago Touch Panel with minimal Firmware 12
- Firmware you can find here: https://github.com/WAGO/pfc-firmware
- Docker IPKG you can find here: https://github.com/WAGO/docker-ipk
$ docker run --name my-radius -d wagoautomation/pfc-freeradius-server
The image contains only the default FreeRADIUS configuration which has no users, and accepts test clients on 127.0.0.1. In order to use it in production, you will need to add clients to the clients.conf file, and users to the "users" file in mods-config/files/authorize.
Where clients.conf contains a simple client definition
client YOUR-NAME {
ipaddr = YOUR-NETWORK -> for example 172.17.0.0/16
secret = YOUR-SECRET -> for example testing123
}and the authorise "users" file contains a test user:
YOUR-USERNAME Cleartext-Password := "YOUR-USERPASSWORD"Or you clone the github repo and modify the files clients.conf and authorise to your own. But then you need to use the volume mount flag, shown as follow:
$ docker run --name my-radius \
-v $PWD/clients.conf:/etc/raddb/clients.conf \
-v $PWD/authorize:/etc/raddb/mods-config/files/authorize \
-d wagoautomation/pfc-freeradius-serverWith standard configuration you can the image shwon as follow:
$ docker run --name my-radius -p 1812-1813:1812-1813/udp wagoautomation/pfc-freeradius-serverFor debbuging your configuartion you can use the -X attribut:
$ docker run --name my-radius -p 1812-1813:1812-1813/udp wagoautomation/pfc-freeradius-server -XCopy the file wpa_supplicant.conf from github repo to /etc/ on your Wago device and modify the credentials.
Copy the file wpa_supplicant from github repo to /etc/init.d/ and make a symlink with the following command.
ln -s /etc/init.d/wpa_supplicant /etc/rc.d/S97_wpa_supplicantYou can read the procedure in the wago cyber security manual for pfc controller. LINK cyber security manual