[OpenWrt-Devel] EAP-TLS / EAP-TTLS PAP

Jean-Michel Pouré - GOOZE jmpoure at gooze.eu
Fri Mar 27 03:08:04 EDT 2015

Le jeudi 26 mars 2015 à 14:33 +0100, Bernd Naumann a écrit :
> K back to the plot:
> Know you any hostapd configurations or other software in openwrt which
> can achieve that goal? Are there any issues which might can lead to
> problems or other downsides I may have missed? Reasons against?

I am new to OpenWRT, but I will try to answer shortly:

The wiki page for wireless is:

OpenWRT includes Linux IEEE 802.11 ("wireless") subsystem. It covers a
wide range of wireless cards. What you are referencing in your post is :
802.1X (secure) Per-user authentication using RADIUS, including support
for dynamic vlan assignment. Basic WPA Enterprise configuration


You should never use passwords, whether self-signed X.509 certificates,
i.e. EAP-TLS. It seems to be supported and documentation is available.
Loot at Radius and client certificate in this page:


You should be aware that when using certificates, you should be able to
create, sign and manage your CA and certificates. You should set up a
dedicated computer with no connection to Internet. 

OpenSSL will allow you to do that and is very well documented. Gnomint
is a nice GUI: http://gnomint.sourceforge.net/

Kind regards,
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list