Choosing the Appropriate WiFi Authentication Package for OpenWRT 23.05.3

Hi everyone,

I am currently setting up WiFi authentication on my device running OpenWRT 23.05.3 and have come across several available packages for WiFi encryption:

Given the variety of options, I am unsure which package would be the most appropriate for my setup. Could someone please advise on which WiFi encryption package I should install for optimal performance and security on OpenWRT 23.05.3?

Thank you in advance for your help!

Best regards,

Are you talking about standard authentication (i.e. SSID + passphrase with WPA2 or WPA3 encryption), or are you talking about user or device level authentication (i.e. RADIUS / 802.1x)?

It all comes on how much space do you have available on your router and the type of encryption you want to use.

If space is not a problem, just install wpad-mbedtls. The -mbedtls, -wolfss and -openssl includes encryption libraries by default.

By default and to save some space, OpenWRT comes with wpad-basic-mbedtls that cover most needs. You can setup a WiFi AP with WPA, WPA2 or WPA3-SAE.

The full wpad-mbedtls also includes FT (802.11r), mesh (802.11s) and many other technologies. But for encryption, the wpad-basic-mbedtls will suffice.

Cheers!

2 Likes

Thanks @psherman and @el_charlie for your comments. My upstream router has the following security types as illustrated in the screenshot below:
upstream_sec_type
And I added the wpad-basic-mbedtls as the authentication module as below:


then I set the wireless as STA/AP mode as below:

wireless.@wifi-iface[1]=wifi-iface
wireless.@wifi-iface[1].device='radio0'
wireless.@wifi-iface[1].network='wwan'
wireless.@wifi-iface[1].mode='sta'
wireless.@wifi-iface[1].disabled='0'
wireless.@wifi-iface[1].ssid='xxxxx'
wireless.@wifi-iface[1].key='xxxxx'
wireless.@wifi-iface[1].encryption='psk2'

However, I got the following timeout error:

Sat Mar 23 09:27:10 2024 kern.info kernel: [ 401.278607] phy0-sta0: authenticate with 5c:fa:25:fb:be:ae
Sat Mar 23 09:27:10 2024 kern.info kernel: [ 401.291354] phy0-sta0: 80 MHz not supported, disabling VHT
[ 401.522805] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 1/3)
Sat Mar 23 09:27:11 2024 kern.info kernel: [ 401.522805] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 1/3)
[ 401.591547] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 2/3)
Sat Mar 23 09:27:11 2024 kern.info kernel: [ 401.591547] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 2/3)
[ 401.722057] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 3/3)
Sat Mar 23 09:27:11 2024 kern.info kernel: [ 401.722057] phy0-sta0: send auth to 5c:fa:25:fb:be:ae (try 3/3)
[ 401.857566] phy0-sta0: authentication with 5c:fa:25:fb:be:ae timed out

I noticed this error after I compiled by switching from wpad-mini to wpad-basic-mbedtls, but I wonder if the timeout issue is related to the switching.

With Regards,

Which device are you compiling the image for?

You can also use the Firmware Selector and edit the default packages and make a build there. Is way faster than using a build system.

Hi @el_charlie

Thank you for your help! The Firmware Selector is working perfectly—it's incredibly efficient. In my environment, building with the make utility often takes around 10 hours, but the Firmware Selector completes the process in just one minute.

I’m curious if the Firmware Selector has the capability to generate an imageBuilder file as well.

Thanks again for your assistance!

Best regards,

With Regards,

It is a web frontend to imagebuilder pool. Anoth€r being asu aka attended sysupgrade

it doesn't compile any code, it installs the packages from the openwrt repo.
using the cli version, an image is usually built in 10 sec, or less.

https://openwrt.org/docs/guide-user/additional-software/imagebuilder

What device is this for?

mt76 evaluation kit like in picture?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.