You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hostapd has built-in RADIUS server and capable to perform EAP authentication without external authenticator. Unfortunately OpenWRT package builds full version of hostapd with internal crypto backend. All functions related to EAP-TLS in internal crypto backend stubbed with empty bodies returning error immediately.
Recently I used FreeRADIUS running directly on my router, but it requires pretty remarkable amount of RAM. I ended up with [[https://github.com/openwrt/openwrt/compare/openwrt-18.06...Snawoot:hostapd_openssl?expand=1|patch]] for openwrt build specs in order to build fully functional hostapd. Also I made some ugly hacks in netifd scripts to compose proper hostapd.conf. Finally, I got working EAP-TLS auth virtually with no additional costs.
Probably support for internal RADIUS and some authentication methods should be added to LUCI/UCI configuration interface.
I guess secure WLAN is not a luxury feature and EAP auth is mandatory for modern secure networks.
My device is: TP-Link Archer C50 V1
My current OpenWRT version is: OpenWrt 18.06.0, r7188-b0b5c64c22
The text was updated successfully, but these errors were encountered:
Snawoot:
hostapd has built-in RADIUS server and capable to perform EAP authentication without external authenticator. Unfortunately OpenWRT package builds full version of hostapd with internal crypto backend. All functions related to EAP-TLS in internal crypto backend stubbed with empty bodies returning error immediately.
Recently I used FreeRADIUS running directly on my router, but it requires pretty remarkable amount of RAM. I ended up with [[https://github.com/openwrt/openwrt/compare/openwrt-18.06...Snawoot:hostapd_openssl?expand=1|patch]] for openwrt build specs in order to build fully functional hostapd. Also I made some ugly hacks in netifd scripts to compose proper hostapd.conf. Finally, I got working EAP-TLS auth virtually with no additional costs.
Probably support for internal RADIUS and some authentication methods should be added to LUCI/UCI configuration interface.
I guess secure WLAN is not a luxury feature and EAP auth is mandatory for modern secure networks.
My device is: TP-Link Archer C50 V1
My current OpenWRT version is: OpenWrt 18.06.0, r7188-b0b5c64c22
The text was updated successfully, but these errors were encountered: