Add 802.1x client configuration support and corresponding documentation (#2069)
SVN-Revision: 12283
This commit is contained in:
parent
43e28bf153
commit
4b5488ebfa
|
@ -272,6 +272,39 @@ config wifi-iface
|
||||||
option key "<psk for WDS>"
|
option key "<psk for WDS>"
|
||||||
\end{Verbatim}
|
\end{Verbatim}
|
||||||
|
|
||||||
|
\paragraph{802.1x configurations}
|
||||||
|
|
||||||
|
OpenWrt supports both 802.1x client and Access Point
|
||||||
|
configurations. 802.1x client is only working with
|
||||||
|
Atheros or mac80211 drivers. Configuration only
|
||||||
|
supports EAP types TLS, TTLS or PEAP.
|
||||||
|
|
||||||
|
\subparagraph{EAP-TLS}
|
||||||
|
|
||||||
|
\begin{Verbatim}
|
||||||
|
config wifi-iface
|
||||||
|
option device "ath0"
|
||||||
|
option network lan
|
||||||
|
option ssid OpenWrt
|
||||||
|
option eap_type tls
|
||||||
|
option ca_cert "/etc/config/certs/ca.crt"
|
||||||
|
option priv_key "/etc/config/certs/priv.crt"
|
||||||
|
option priv_key_pwd "PKCS#12 passphrase"
|
||||||
|
\end{Verbatim}
|
||||||
|
|
||||||
|
\subparagraph{EAP-PEAP}
|
||||||
|
|
||||||
|
\begin{Verbatim}
|
||||||
|
config wifi-iface
|
||||||
|
option device "ath0"
|
||||||
|
option network lan
|
||||||
|
option ssid OpenWrt
|
||||||
|
option eap_type peap
|
||||||
|
option ca_cert "/etc/config/certs/ca.crt"
|
||||||
|
option auth MSCHAPV2
|
||||||
|
option identity username
|
||||||
|
option password password
|
||||||
|
\end{Verbatim}
|
||||||
|
|
||||||
\paragraph{Limitations:}
|
\paragraph{Limitations:}
|
||||||
|
|
||||||
|
|
|
@ -81,6 +81,7 @@ enable_atheros() {
|
||||||
nosbeacon=
|
nosbeacon=
|
||||||
config_get ifname "$vif" ifname
|
config_get ifname "$vif" ifname
|
||||||
config_get enc "$vif" encryption
|
config_get enc "$vif" encryption
|
||||||
|
config_get eap_type "$vif" eap_type
|
||||||
config_get mode "$vif" mode
|
config_get mode "$vif" mode
|
||||||
|
|
||||||
[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
|
[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
|
||||||
|
@ -301,8 +302,46 @@ network={
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
;;
|
;;
|
||||||
WPA|wpa|WPA2|wpa2)
|
WPA|wpa|WPA2|wpa2i|8021x|8021X)
|
||||||
#add wpa_supplicant calls here
|
config_get ca_cert "$vif" ca_cert
|
||||||
|
eap_type=$(echo $eap_type | tr 'a-z' 'A-Z')
|
||||||
|
case "$eap_type" in
|
||||||
|
tls|TLS)
|
||||||
|
proto='proto=WPA2'
|
||||||
|
pairwise='pairwise=CCMP'
|
||||||
|
group='group=CCMP'
|
||||||
|
config_get priv_key "$vif" priv_key
|
||||||
|
config_get priv_key_pwd "$vif" priv_key_pwd
|
||||||
|
priv_key="private_key=\"$priv_key\""
|
||||||
|
priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
|
||||||
|
;;
|
||||||
|
peap|PEAP|ttls|TTLS)
|
||||||
|
proto='proto=WPA2'
|
||||||
|
config_get auth "$vif" auth
|
||||||
|
config_get identity "$vif" identity
|
||||||
|
config_get password "$vif" password
|
||||||
|
phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
|
||||||
|
identity="identity=\"$identity\""
|
||||||
|
password="password=\"$password\""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
|
||||||
|
network={
|
||||||
|
scan_ssid=1
|
||||||
|
ssid="$ssid"
|
||||||
|
key_mgmt=WPA-EAP
|
||||||
|
$proto
|
||||||
|
$pairwise
|
||||||
|
$group
|
||||||
|
eap=$eap_type
|
||||||
|
ca_cert="$ca_cert"
|
||||||
|
$priv_key
|
||||||
|
$priv_key_pwd
|
||||||
|
$phase2
|
||||||
|
$identity
|
||||||
|
$password
|
||||||
|
}
|
||||||
|
EOF
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf
|
[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf
|
||||||
|
|
Loading…
Reference in New Issue