My english is very week, but I hope I could help someone with this.
In the last month I tried a very long time with wpa_supplicant and xsupplicant to use a WRT as supplicant on the WLAN.
I use EAP-PEAP for authentifiaction.
The first I tried was WPA, but that is'nt working cause Broadcom has WPA-PSK Code included in the driver (I read that in this forum),
with makes that incompatible.
Then xsupplicant worked for me but there a some points to keep in mind:
1. Use the xsupplicant and libssl package from NICO (http://downloads.openwrt.org/people/nic … /packages/)
2. as certificate-file from the Radius server take the root.pem (generatet with CA.certs from freeradius), the others will crash xsupplicant.
3. set the date on the WRT to a date that is valid for the certificate. i used date to do this.
4. make sure that the wrt-client is accociated to the AP, that means equal essid, sta-mode AND wep, even with a wrong key.
5. use whiterussian RC3, xsupplicant needs the fixes of the wlcompat package.
6. I was successfull with hardware version 2.0 and 2.2, but not with 3.1, I dont know why! (we have buyed 60 WRT version 3.1!!! f**k)
EDIT: Now its working on 3.1 too, it was my fault. (be sure that you have no br0)
Here is my config:
* AP is a Openwrt Whiterussian RC3, nas with options:
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 32 -r $RADKEY -s $ESSID -w 1 -I 1 -K 12345 -h $RADIUSHOST -p 1812 -t 36000
* Freeradius 1.0.5
Activated peap in eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatyouwant
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
* xsupplicant.conf
network_list = all
association = auto
default_interface = eth1
default_netname = myessid
myessid
{
type = wireless
wireless_control = yes
allow_types =eap_peap
identity = testuser
eap-peap {
# cert in pem format
root_cert = /etc/cert/root.cer
chunk_size = 1398
random_file = /dev/random
session_resume = yes
eap-mschapv2 {
username = testuser
password = "test"
}
}
}
(Last edited by alex430 on 14 Nov 2005, 18:43)