OpenWrt Forum Archive

Topic: WRT160NL Wired 802.1x PEAP surfnet/Eduroam/securew2 wpa_supplicant

The content of this topic has been archived on 13 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

This guide is made on the basis of this thread: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant. A lot of tips and connection information to be typed in to the wpa.conf file can be found there.
This guide is identical to the guide for the Netgear WNDR3700 v2 which can be found here: WNDR3700 wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

This is the guide for how to connect the WRT160NL to an 802.1x-authenticated network as a client so that your wireless appliances without the need for them to have 802.1x or to connect more units than allowed by the IT-department. Be aware that there might be security issues connected to this and I do not take responsibility to anything that might happen to you after following whole or parts of my guide.

The basis for this guide is WRT160NL and OpenWRT 10.03.1 and how to install OpenWRT on your router you will find at openwrt.org

How to:
1. Log in to the router with Telnet

telnet root@192.168.1.1
passwd #it will ask you to change router root password
reboot #it will reboot the router, not your pc, if you are in the right shell tongue

2. Log in with SSH and install the following software

ssh root@192.168.1.1
cd /tmp
opkg update
opkg install nano #text editor
opkg install wpa-supplicant

3. Make a wpa-supplicant conf file which contains username and password to authenticate:

nano /etc/config/wpa.conf #opens text editor copy paste code in it

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
ap_scan=0
network={
        key_mgmt=IEEE8021X
        eap=PEAP
        pairwise=CCMP TKIP
        identity="username@uit.no"
        anonymous_identity="username@uit.no"
        password="password"
        phase2="auth=MSCHAPV2"
        priority=2
}

#identity is just a example for Student Housing Internett, University of Tromsø, Norway
#if your university/institutions use different kind of encryption, please change accordingly.
#ctrl-x save yes and exit

4. Test authentication incase Internet/Authentication server is on WAN port:

wpa_supplicant -D wired -i eth1 -c /etc/config/wpa.conf &
#if it says something like successful press ctrl-c to quit
#try getting a ip-address from the Internet Provider
udhcpc -i eth1
#if authentication fails perform the wpa_supplicant command with -d or -dd for more verbose information

5. Create startup deamon, so you don't have to type all of this in case of the routers power fails or it restarts:

nano /etc/init.d/wpa #opens text editor copy paste code in it

#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
START=99

start() {
echo start
wpa_supplicant -D wired -i eth1 -c /etc/config/wpa.conf &
}

#ctrl-x save yes and exit
chmod +x /etc/init.d/wpa
chmod 755 /etc/init.d/wpa
/etc/init.d/wpa enable
reboot

6. Finished, setup Wifi/Access-Point wpa2 encryption etc, can be done in web-interface!
If you are not finished because you don't understand step 2 telnet and step 3 ssh, it might be because you have to type these commands into a "shell". For Mac OS X go to Utilities>Terminal for Ubuntu Linux go to Accessories>Terminal for Windows install putty.
I suggest Windows users to download a LiveCD like Ubuntu burn it, boot PC from the LiveCD and perform these steps... it might make more sense...

(Last edited by marstein on 7 Aug 2012, 20:38)

Maybe just a minor type error but is the following command working?

opkg install wpa_supplicant

Instead of:

opkg install wpa-supplicant

(Last edited by walterav on 15 Feb 2011, 00:33)

Sorry, my bad. I had to do a offline install when I did it my self so I had nothing to copy it from so I wrote down the "if-I-were-online-steps". Now it is corrected.

Hi. Is it possible to do the same but doing everything wirelessly?. I mean, connect to Eduroam wirelessly AND conect your laptop to the router also wirelessly.

Thanks.

I must admit I have never tried, did you try it out?

I will just let everybody know that I tried setting this up with RC5, but it bricked after putting the software, do not know what went wrong. RC4 works as a charm...

The 10.03 and 10.03.01-RC1 trough RC5 does not work with newer editions of the WRT160NL due to a slight change. Trunk has to be used (and you need to add LuCi (grafical interface) afterwards on your own. This will be solved when RC6 is produced.

I am compiling from trunk with LuCi, wpa-supplicant and nano now. I will post it when my slow singel-core computer finaly makes it trough...

Build based on 28247, works with newer WRT160NL´s where builds up to RC5 does not work. has included nano and luci. Wpa-supplicant has been put in instead of wpad-mini. This removes the need for installing nano and wpa-supplicant and you can go straight to the points in the guide about wpa.conf and init.d/wpa.

http://dl.dropbox.com/u/20440413/openwr … actory.bin

Tested.
I do not take any responsibilities bla bla blab

Based on the previous one, but does also contain the wpa.conf and wpa so that you only need to enter usercredentials in wpa.conf and enable wpa before you configure wifi and other stuff in the webgui.

http://dl.dropbox.com/u/20440413/openwr … tory-2.bin

The guide have been updated to add link to similar guide for WNDR3700 and removing som legacy information

Have you tried translating wpa.conf to /etc/config/wireless config format?
OpenWrt uses wpad package which is actually hostap + wpa_supplicant rolled into one package.

To have ttls functions you need to remove wpad-mini and install full version called "wpad" that has ttls features.

I have been trying to use /etc/config/wireless format without success so far sad

Here is how my config looks like:

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '11'
    option hwmode '11ng'
    option path 'platform/ar933x_wmac'
    option htmode 'HT20'
    list ht_capab 'SHORT-GI-20'
    list ht_capab 'SHORT-GI-40'
    list ht_capab 'RX-STBC1'
    list ht_capab 'DSSS_CCK-40'
    option disabled '0'

config wifi-iface
    option device 'radio0'
    option network 'wan'
    option mode 'sta'
    option ssid 'eduroam'
    option eap_type 'TTLS'
    option phase2 'auth=PAP'
    option identity 'username'
    option password 'password>'
    option ca_cert '/root/deutsche-telekom-root-ca-2.crt'
    option anonymous_identity 'anonymous@uni-greifswald.de'

wpa_supplicant config works without issues, and here is how it looks like:

ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1

network={
   ssid="eduroam"
   key_mgmt=WPA-EAP
   eap=TTLS
   anonymous_identity="anonymous@uni-greifswald.de"
   identity="username"
   password="password"
   ca_cert="/root/deutsche-telekom-root-ca-2.crt"
   phase1="peaplabel=0"
   phase2="auth=PAP"
}

I have also looked into related ticket but didn't find info much helpful:
https://dev.openwrt.org/ticket/2069

Do you have any idea how to use wpad package with OpenWrt /etc/config/wireless config file?

The discussion might have continued from here.