Add 802.1x client configuration support and corresponding documentation (#2069)

SVN-Revision: 12283
This commit is contained in:
Florian Fainelli 2008-08-11 21:38:50 +00:00
parent 43e28bf153
commit 4b5488ebfa
2 changed files with 74 additions and 2 deletions

View File

@ -272,6 +272,39 @@ config wifi-iface
option key "<psk for WDS>"
\end{Verbatim}
\paragraph{802.1x configurations}
OpenWrt supports both 802.1x client and Access Point
configurations. 802.1x client is only working with
Atheros or mac80211 drivers. Configuration only
supports EAP types TLS, TTLS or PEAP.
\subparagraph{EAP-TLS}
\begin{Verbatim}
config wifi-iface
option device "ath0"
option network lan
option ssid OpenWrt
option eap_type tls
option ca_cert "/etc/config/certs/ca.crt"
option priv_key "/etc/config/certs/priv.crt"
option priv_key_pwd "PKCS#12 passphrase"
\end{Verbatim}
\subparagraph{EAP-PEAP}
\begin{Verbatim}
config wifi-iface
option device "ath0"
option network lan
option ssid OpenWrt
option eap_type peap
option ca_cert "/etc/config/certs/ca.crt"
option auth MSCHAPV2
option identity username
option password password
\end{Verbatim}
\paragraph{Limitations:}

View File

@ -81,6 +81,7 @@ enable_atheros() {
nosbeacon=
config_get ifname "$vif" ifname
config_get enc "$vif" encryption
config_get eap_type "$vif" eap_type
config_get mode "$vif" mode
[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
@ -301,8 +302,46 @@ network={
}
EOF
;;
WPA|wpa|WPA2|wpa2)
#add wpa_supplicant calls here
WPA|wpa|WPA2|wpa2i|8021x|8021X)
config_get ca_cert "$vif" ca_cert
eap_type=$(echo $eap_type | tr 'a-z' 'A-Z')
case "$eap_type" in
tls|TLS)
proto='proto=WPA2'
pairwise='pairwise=CCMP'
group='group=CCMP'
config_get priv_key "$vif" priv_key
config_get priv_key_pwd "$vif" priv_key_pwd
priv_key="private_key=\"$priv_key\""
priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
;;
peap|PEAP|ttls|TTLS)
proto='proto=WPA2'
config_get auth "$vif" auth
config_get identity "$vif" identity
config_get password "$vif" password
phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
identity="identity=\"$identity\""
password="password=\"$password\""
;;
esac
cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
network={
scan_ssid=1
ssid="$ssid"
key_mgmt=WPA-EAP
$proto
$pairwise
$group
eap=$eap_type
ca_cert="$ca_cert"
$priv_key
$priv_key_pwd
$phase2
$identity
$password
}
EOF
;;
esac
[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf