[OpenWrt-Devel] EAP-TLS / EAP-TTLS PAP

Jean-Michel Pouré - GOOZE jmpoure at gooze.eu
Fri Mar 27 03:08:04 EDT 2015


Le jeudi 26 mars 2015 à 14:33 +0100, Bernd Naumann a écrit :
> K back to the plot:
> Know you any hostapd configurations or other software in openwrt which
> can achieve that goal? Are there any issues which might can lead to
> problems or other downsides I may have missed? Reasons against?

I am new to OpenWRT, but I will try to answer shortly:

The wiki page for wireless is:
http://wiki.openwrt.org/doc/howto/wireless.overview

OpenWRT includes Linux IEEE 802.11 ("wireless") subsystem. It covers a
wide range of wireless cards. What you are referencing in your post is :
802.1X (secure) Per-user authentication using RADIUS, including support
for dynamic vlan assignment. Basic WPA Enterprise configuration
instructions:

http://wiki.openwrt.org/doc/howto/wireless.security.8021x

You should never use passwords, whether self-signed X.509 certificates,
i.e. EAP-TLS. It seems to be supported and documentation is available.
Loot at Radius and client certificate in this page:

http://wiki.openwrt.org/doc/uci/wireless#wpaenterpriseaccesspoint

You should be aware that when using certificates, you should be able to
create, sign and manage your CA and certificates. You should set up a
dedicated computer with no connection to Internet. 

OpenSSL will allow you to do that and is very well documented. Gnomint
is a nice GUI: http://gnomint.sourceforge.net/

Kind regards,
Gnutella
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list