Add 802.1x client configuration support and corresponding documentation (#2069)
SVN-Revision: 12283
This commit is contained in:
parent
43e28bf153
commit
4b5488ebfa
|
@ -272,6 +272,39 @@ config wifi-iface
|
|||
option key "<psk for WDS>"
|
||||
\end{Verbatim}
|
||||
|
||||
\paragraph{802.1x configurations}
|
||||
|
||||
OpenWrt supports both 802.1x client and Access Point
|
||||
configurations. 802.1x client is only working with
|
||||
Atheros or mac80211 drivers. Configuration only
|
||||
supports EAP types TLS, TTLS or PEAP.
|
||||
|
||||
\subparagraph{EAP-TLS}
|
||||
|
||||
\begin{Verbatim}
|
||||
config wifi-iface
|
||||
option device "ath0"
|
||||
option network lan
|
||||
option ssid OpenWrt
|
||||
option eap_type tls
|
||||
option ca_cert "/etc/config/certs/ca.crt"
|
||||
option priv_key "/etc/config/certs/priv.crt"
|
||||
option priv_key_pwd "PKCS#12 passphrase"
|
||||
\end{Verbatim}
|
||||
|
||||
\subparagraph{EAP-PEAP}
|
||||
|
||||
\begin{Verbatim}
|
||||
config wifi-iface
|
||||
option device "ath0"
|
||||
option network lan
|
||||
option ssid OpenWrt
|
||||
option eap_type peap
|
||||
option ca_cert "/etc/config/certs/ca.crt"
|
||||
option auth MSCHAPV2
|
||||
option identity username
|
||||
option password password
|
||||
\end{Verbatim}
|
||||
|
||||
\paragraph{Limitations:}
|
||||
|
||||
|
|
|
@ -81,6 +81,7 @@ enable_atheros() {
|
|||
nosbeacon=
|
||||
config_get ifname "$vif" ifname
|
||||
config_get enc "$vif" encryption
|
||||
config_get eap_type "$vif" eap_type
|
||||
config_get mode "$vif" mode
|
||||
|
||||
[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
|
||||
|
@ -301,8 +302,46 @@ network={
|
|||
}
|
||||
EOF
|
||||
;;
|
||||
WPA|wpa|WPA2|wpa2)
|
||||
#add wpa_supplicant calls here
|
||||
WPA|wpa|WPA2|wpa2i|8021x|8021X)
|
||||
config_get ca_cert "$vif" ca_cert
|
||||
eap_type=$(echo $eap_type | tr 'a-z' 'A-Z')
|
||||
case "$eap_type" in
|
||||
tls|TLS)
|
||||
proto='proto=WPA2'
|
||||
pairwise='pairwise=CCMP'
|
||||
group='group=CCMP'
|
||||
config_get priv_key "$vif" priv_key
|
||||
config_get priv_key_pwd "$vif" priv_key_pwd
|
||||
priv_key="private_key=\"$priv_key\""
|
||||
priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
|
||||
;;
|
||||
peap|PEAP|ttls|TTLS)
|
||||
proto='proto=WPA2'
|
||||
config_get auth "$vif" auth
|
||||
config_get identity "$vif" identity
|
||||
config_get password "$vif" password
|
||||
phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
|
||||
identity="identity=\"$identity\""
|
||||
password="password=\"$password\""
|
||||
;;
|
||||
esac
|
||||
cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
|
||||
network={
|
||||
scan_ssid=1
|
||||
ssid="$ssid"
|
||||
key_mgmt=WPA-EAP
|
||||
$proto
|
||||
$pairwise
|
||||
$group
|
||||
eap=$eap_type
|
||||
ca_cert="$ca_cert"
|
||||
$priv_key
|
||||
$priv_key_pwd
|
||||
$phase2
|
||||
$identity
|
||||
$password
|
||||
}
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf
|
||||
|
|
Loading…
Reference in New Issue