My english is very week, but I hope I could help someone with this.

In the last month I tried a very long time with wpa_supplicant and xsupplicant to use a WRT as supplicant on the WLAN.
I use EAP-PEAP for authentifiaction.

The first I tried was WPA, but that is'nt working cause Broadcom has WPA-PSK Code included in the driver (I read that in this forum),
with makes that incompatible.

Then xsupplicant worked for me but there a some points to keep in mind:

1. Use the xsupplicant and libssl package from NICO (http://downloads.openwrt.org/people/nic … /packages/)
2. as certificate-file from the Radius server take the root.pem (generatet with CA.certs from freeradius), the others will crash xsupplicant.
3. set the date on the WRT to a date that is valid for the certificate.  i used date to do this.
4. make sure that the wrt-client is accociated to the AP, that means equal essid, sta-mode AND wep, even with a wrong key.
5. use whiterussian RC3, xsupplicant needs the fixes of the wlcompat package.
6. I was successfull with hardware version 2.0 and 2.2, but not with 3.1, I dont know why! (we have buyed 60 WRT version 3.1!!! f**k)
EDIT:  Now its working on 3.1 too, it was my fault. (be sure that you have no br0)

Here is my config:
* AP is a Openwrt Whiterussian RC3, nas with options:
     nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 32 -r $RADKEY -s $ESSID -w 1 -I 1 -K 12345 -h $RADIUSHOST -p 1812 -t 36000

* Freeradius 1.0.5
  Activated peap in eap.conf

  eap {
                default_eap_type = peap

                timer_expire     = 60

                ignore_unknown_eap_types = no

                cisco_accounting_username_bug = no

                md5 {
                }

                leap {
                }

                gtc {

                        auth_type = PAP
                }

                tls {
                        private_key_password = whatyouwant
                        private_key_file = ${raddbdir}/certs/cert-srv.pem

                        certificate_file = ${raddbdir}/certs/cert-srv.pem

                        CA_file = ${raddbdir}/certs/demoCA/cacert.pem

                        dh_file = ${raddbdir}/certs/dh
                        random_file = ${raddbdir}/certs/random

                }



                 peap {
                        default_eap_type = mschapv2
                }

                mschapv2 {
                }
        }

* xsupplicant.conf

network_list = all
association = auto

default_interface = eth1

default_netname = myessid

myessid
{
  type = wireless

  wireless_control = yes

  allow_types =eap_peap
  identity = testuser


  eap-peap {
      # cert in pem format
      root_cert = /etc/cert/root.cer
           
      chunk_size = 1398
      random_file = /dev/random
      session_resume = yes

      eap-mschapv2 {
        username = testuser
        password = "test"
      }
  }
}

(Last edited by alex430 on 14 Nov 2005, 18:43)

It works, but not very stable.
After restarting xsupplicant it works again, has somebody a advice for me?

I don't use xsupplicant so can't be of specific help, but re hw v3.1, are you erasing nvram after flashing openwrt? I've found that most 3.1's (depending on shipped firmeware version) have a lot of extra nvram variables that clutter things up and might also be interfering.

- DL

Hmm, I don't erased nvram, cos I've found out that Orinoco Classic Cards cannot connect anymore after that.

But I would test it.

thx,
alex

it works very stable for me, no problems whatsoever. I am using xsupplicant from NICO on a wrt54g v2.2 .

As a remark, i didn't need to do point number 4: make sure that the wrt-client is accociated to the AP, that means equal essid, sta-mode AND wep, even with a wrong key

It works for me without doing any association to an AP before. I don't have essid or wep set in my nvram either, I do have the router set to sta mode. Then i just run xsupplicant and it works.

Okey, without that I get no accociation to the AP.

But its good to know that it could work stable, that give me some hope! :-)

alex

executing this commands before starting xsupplicant seems to make it stabler:

wl eap 0
wl wep 1
wl wsec 1
wl wpa_auth 0
wl join "ssid"

(also added destination=auto to xsupplicant.conf)

thanks to tux-net!

Hi,
Sorry if bringing this old thread up, but I didn't find anything new.

I'm up to try 802.1x with a WRT54GL Whiterussian rc4 as supplicant (client), a Zyxel G5000 as access point and freeradius 1.0.5 on Linux as radius server.

I have already up and running radius with peap and that zyxel AP working with windows clients.

I was wondering if I have some chance to let my wrt54GL associate and authenticate with peap . Has anyone already tried xsupplicant on WRT54GL whiterussian RC4 ?

I have the same problem.
My Provider offers wpa-eap and vpnc.
At the moment I use vpnc but it is extremly slow.

Cheers,

I was able to run wpa eap-ttls with wpa_supplicant in client mode.I use the
"Freifunk Firmware 1.0.2" wich is a modfied openwrt firmware.
It contains an old broadcom driver wich is working with wpa_supplicant.
I've downloaded and installed wpa_supplicant for whiterussian rc4.

I got some very small problems because some files and scripts
are to old but for me, this is only a cosmetic problem.

Performance is much better now, increased from 90kb/sec
with vpnc to 1MByte/sek with wpa_supplicant.

Cheers,

Hi,

could you elaborate on your setup? i am interested in setting up wpa_supplicant
on a WRT and have so far not had any luck. i would especially be interested in
version numbers of the kernel used, wpa_supplicant, the driver version (use dmesg)...

any comment would be of great help. Thanks

regards
Thilo

Hi,

how can we adapt this protocol to work on Ad-hoc network,
any idea, and how can find the code of NAS because it works with NAS
any idea?

thanks