Hi!
I have some trouble using any of these two packages towards the wired interface having PEAP-MSCHAPV2. Can you confirm that any one of them supports using eap-peap and eap-machapv2 towards the wired interface?
My hardware: WL-500G Premium
Firmware:OpenWrt 0.9 (WhiteRussian)
Software:
xsupplicant_1.2.8-1_mipsel.ipk from kamikaze backport.
wpa-supplicant_0.4.7-1_mipsel.ipk from white russian 0.9.
Any help appreciated, I'm desperate :S
I've tried:
root@villmann:~# xsupplicant -d 4 -f -i vlan1 -c /etc/xsupplicant [STATE] Reinit state machine [STATE] [backend_sm] REQUEST -> INITIALIZE [STATE] [backend_sm] INITIALIZE -> IDLE [STATE] [backend_sm] UNKNOWN -> INITIALIZE [STATE] [backend_sm] INITIALIZE -> IDLE [INT] Initializing socket for interface vlan1..
[INT] Allmulti is currently disabled on this device!
[INT] Interface vlan1 is NOT wireless!
[CONFIG] Registered event handler 'rtnetlink handler' in slot 0, with socket 5.
[INT] Setting Linkmode to 1.
You need wireless extensions > 17 in order to support detection of encryption methods.
[INT] Interface has no encryption capabilities, or unknown abilitites.
[INT] Interface initialized!
[CONFIG] Working from config file /etc/xsupplicant.
No configuration information for network "(null)" found. Using default.
[CONFIG] Registered event handler 'frame handler' in slot 9, with socket 4.
[INT] Opened socket descriptor #6
[CONFIG] Registered event handler 'IPC master socket' in slot 8, with socket 6.
[INT] Interface vlan1 is NOT wireless!
[CONFIG] Socket 5 (rtnetlink handler) had an event!
[STATE] Changing from DISCONNECTED to DISCONNECTED.
[STATE] Changing from DISCONNECTED to CONNECTING.
[STATE] Sending EAPOL-Start Frame.
[INT] Padding frame to 64 bytes by adding 46 byte(s).
[STATE] (global) -> INITIALIZE
[STATE] [backend_sm] IDLE -> INITIALIZE
[STATE] [backend_sm] INITIALIZE -> IDLE
[STATE] Changing from CONNECTING to CONNECTING.
[STATE] Sending EAPOL-Start Frame.
[INT] Padding frame to 64 bytes by adding 46 byte(s).
[STATE] Changing from CONNECTING to CONNECTING.
[STATE] Sending EAPOL-Start Frame.
[INT] Padding frame to 64 bytes by adding 46 byte(s).
Xsupplicant has defaulted to authenticated state, due to the inability to successfully start/complete an EAP conversation. It is likely that this authenticator doesn't support 802.1X, or that 802.1X isn't configured correctly on the authenticator or RADIUS server.
With this config:
network_list =all
default_netname = default
default
{
type = wired
wireless_control =no
allow_types =eap_peap
identity = testuser
eap-peap {
# cert in pem format
root_cert = /etc/cert/ca.pem
chunk_size = 1398
random_file = /dev/random
session_resume = yes
eap-mschapv2 {
username = <removed>
password =<removed>
}
}
}
----------------------------------------------------------------------------------------------------------
And I've tried:
wpa_supplicant -i vlan1 -D wired -B -c /etc/wpa_supplicant.conf -dd
With this config:
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="example 802.1x network"
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="user name"
password="password"
ca_cert="/etc/cert/ca.pem"
}
Getting the result:
Initializing interface 'vlan1' conf '/etc/wpa_supplicant.conf' driver 'wired' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=0
Line: 3 - start of a new network block
key_mgmt: 0x8
eap methods - hexdump(len=2): 19 00
phase2 - hexdump_ascii(len=13):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
identity - hexdump_ascii(len=7):
76 69 6c 6c 75 73 65 villuse
password - hexdump_ascii(len=8): [REMOVED] ca_cert - hexdump_ascii(len=16):
2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
Priority group 0
id=0 ssid=''
Initializing interface (2) 'vlan1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket Own MAC address: 00:0e:a6:f6:20:eb Setting scan request: 0 sec 100000 usec Added interface vlan1 Daemonize..
And:
root@villmann:~# wpa_cli status
Selected interface 'vlan1'
bssid=01:80:c2:00:00:03
ssid=
pairwise_cipher=NONE
group_cipher=NONE
key_mgmt=IEEE 802.1X (no WPA)
wpa_state=ASSOCIATED
Supplicant PAE state=HELD
suppPortStatus=Unauthorized
EAP state=FAILURE
Non empty nvram values:
root@villmann:~# nvram show|grep wan
wan_unit=0
wan0_primary=1
wan_pppoe_keepalive=0
wan_device=vlan1
wan0_proto=dhcp
wan_mode_x=2
wan_nat_x=1
wan0_ifname=vlan1
wan_lease=86400
wan_pppoe_txonly_x=0
wan_pppoe_mru=1492
wan_vport=4
wan_etherspeed_x=auto
wan_reason_t=lost IP from server
wan0_status_t=Disconnected
size: 12289 bytes (20479 left)
wan_pppoe_demand=0
wan0_mode_x=2
wan_route_x=IP_Routed
wan0_pppoe_keepalive=0
wan_pppoe_mtu=1492
dhcp_wins=wan
wan0_pppoe_relay_x=0
wan_proto=dhcp
wan0_pppoe_mru=1492
wan0_etherspeed_x=auto
wan0_pppoe_txonly_x=0
wan_pppoe_idletime=1800
wan_ifnames=vlan1
wan0_pppoe_demand=0
wan_primary=0
wan0_nat_x=1
wandevs=vlan1
wan0_pppoe_mtu=1492
dhcp_domain=wan
wan0_lease=86400
wan0_route_x=IP_Routed
wan_pppoe_relay_x=0
wan0_dnsenable_x=1
wan0_desc=Default Connection
wan_ifname=vlan1
wan0_pppoe_idletime=1800
wan_hostname=villmann
wan_status_t=Disconnected
wan_dnsenable_x=1
wan0_unit=0
wan0_ifnames=vlan1
wan_proto_t=Automatic IP