I have problems connecing to a wireless WPA2-EAP network and wonder if I make some configuration error.
I recently bought an Archer C5 v1.2 (Atheros chipset) and have already uploaded newest LEDE. I read that in order to use WPA Enterprise I needed to use wpad (i.e.done opkg update | opkg remove wpad-mini | opkg install wpad).

Now when I try to use and configure using Luci I fail to connect to the network.

What I do:

• Scan for wireless networks (Button scan on the wireless page)

• Click 'Join' to join the intended network (Shown as WPA2 802.1x, i.e. WPA2 Enterprise.)

• Select "WAN" for the zone

• Try to enter the following values under for the security setting
  

  • Encryption: WPA2-EAP

  • Cipher: auto

  • EAP-Method: PEAP

  • Path to CA-Certificate: (leave blank)

  • Authentication: MSCHAPv2

  • Identity: <my username>

  • Anonymous Identity: <my username>

  • Password: <my password>

Should it be possible to connect to a WPA2-EAP network like this?

If my parameters above are wrong, how do I figure out what to configure correctly?

Or are some steps required which are not to be done in Luci?

I have no access to the AP, and don't have much details about its configuration. The AP is from Cisco, and I can login with PC and Android just fine. In PC adapter settings the properties are shown as "WPA2-Enterprise", "AES" and "PEAP".

Background:

Although not really used to Linux, using SCP, command line etc. shouldn't be a big problem if required.

Right now I already fail at connecting that WPA2-EAP network. In the end I would like to optimize the Wifi connection range in one of the dorm rooms and I would like to extend the WLAN range. However there is the problem that provided network is with WPA enterprise (I.e. not using PSK, but user(!)/password combination), so simple range extending is not possible. It managed to use the router already to be a client in one wireless network and  provide a new private to test this scenario, but in this testcase the original network was not yet the one with WPA2 enterprise. So I guess that once I can connect to the WPA2 enterprise network as client, the rest should simply work then.

First, check the wan network physical settings make sure that "bridge" is not checked and the wifi client is the only thing attached to wan.  A wifi client interface cannot be in a bridge, it will not come up at all.

Then check your system log.  This should tell why it is not connecting.  Yes, connecting to 802.1X is the same as PSK once connected.

I prefer to configure manually rather than use the "join" button on the scan results page.  It can do a few strange things.

(Last edited by mk24 on 15 Nov 2017, 23:55)

Thanks mk24!

In the end I got it working. But it cost quite some time, most of it for understanding what config lines are required and which values to test.. Documentation wasn't good for my case (lists of too many possible options and values, many not required or harmful), and basically each example I found on the net was different. So it took quite some time to understand at least half-way what to really put in the wireless config file.

Also strange, even with the working setup, Luci still shows that no encryption is used (although WPA2 in place), of course confusing me and taking additional time.

In the end the config is straight forward now, just putting it here, perhaps interesting for anyone else.
I think this is the simple configuration for beeing a client on a WPA EAP network with user and password combination (only showing the network interface part of wireless config part)

config wifi-iface 'radio_wpa_client'
    option device 'radio0'
    option network 'wwan'
    option mode 'sta'
    option ssid '<ssid>'
    option encryption 'wpa2'
    option eap_type 'peap'
    option identity '<user>'
    option password '<password>'
    option auth 'EAP-MSCHAPV2'

'radio0' and 'wwan' might needed to be changed, depending on your hardware and network setup.