how to setup external FreeRADIUS working with openwrt to support WPA Enterprise
how to setup external FreeRADIUS working with openwrt to support WPA Enterprise
FreeRADIUS Server setup on Ubuntu (Server IP: 192.168.254.102)
- install FreeRADIUS
sudo apt-get install freeradius
- stop service first, as we will config it later
sudo service freeradius stop
- enable one test account in config file
sudo vi /etc/freeradius/usrs
- steve Cleartext-Password := "testing"
- Service-Type = Framed-User,
- Framed-Protocol = PPP,
- Framed-IP-Address = 172.16.3.33,
- Framed-IP-Netmask = 255.255.255.0,
- Framed-Routing = Broadcast-Listen,
- Framed-Filter-Id = "std.ppp",
- Framed-MTU = 1500,
- Framed-Compression = Van-Jacobsen-TCP-IP
- test locally
radtest steve testing localhost 1812 testing123
success log looks like:
- Sending Access-Accept of id 23 to 172.16.13.159 port 49537
- MS-MPPE-Recv-Key = 0x3155da8bc5cd91dffff4cfd281c87df965cee670043ac38b7ba7f3fef183c7f4
- MS-MPPE-Send-Key = 0x67c5784f5280277e3b6c2344751d2d67ebc456699dae60191945f1ce2f488b14
- EAP-Message = 0x03e90004
- Message-Authenticator = 0x00000000000000000000000000000000
- User-Name = "steve"
- Finished request 23.
-
- add AP IP into clients, make sure AP can communicate with this FreeRADIUS server
sudo vi /etc/freeradius/clients
- client localhost {
- # Allowed values are:
- # dotted quad (1.2.3.4)
- # hostname (radius.example.com)
- # AP's IP
- ipaddr = 172.16.13.159
-
- run freeradius in debugging mode
sudo freeradius -X
AP Settings on OpenWRT (AP IP: 172.16.13.159)
- setup the WPA2 encryption on specific ssid
uci set wireless.ath50.encryption='wpa2’
uci set wireless.ath50.server=‘192.168.254.102’ # here is FreeRADIUS server ip
uci set wireless.ath50.key='testing123’
uci commit wireless
- restart wifi service
wifi down && wifi up
Client Connection Testing
- connect this specific ssid, and input username and password: steve/testing
input
- accept the certs from FreeRADIUS server
certs
- connect successfully
nicephil@gmail.com 2017-6-20
