Connecting as a client to Unifi WPA2 Entreprise

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,
I'm quite new to the OpenWRT world (while quite familiar with Debian)
I would like to connect two OpenWRT-powered boxes to a Unifi 7.2.95 WPA2 Entreprise.
My WPA2 Entreprise Wifi relies on PEAP/MSCHAPV2.

The two boxes are a TL-WR902AC v3 and Netgear EX6130.
I installed 22.03.2 on both devices.
Playing with LUCi, I can't see 802.1x specific options like identity/password or auth.
Among installed packages is wpad-basic-wolfssl.
I'm OK to configure the devices with either LUCi or CLI.

  1. Do I need to replace current wpad-basic-wolfssl with wpad (as I read it) to be able to connect as a WPA2 Entreprise client ?

Best regards

2

that is correct. I use wpad for 802.1x myself.
I understand you can also choose the full wolfssl or openssl versions, but I haven’t tried those.

3

Thanks you very much for replying: I think I'll to install wpad-wolfssl and see if it improves things

Is there any LUCi addon package to install to allow changing 802.1X specific settings (auth, identity, password, ...) ?

4

There is a freeradius package. Not sure about Luci integration. I’m using an external RADIUS server.

5

How should I understand the error bellow knowing that:

  • the device on which I ran these two commands only has a single Ethernet port and a WiFi interface
  • the WiFi interface is the one it used to connect to the Internet
  • this WiFi interface was connected as a client to a WPA2 PSK SSID, so maybe installing wpad-wolfssl temporarily broke this WiFi connection.
root@OpenWrt:/etc/config# opkg remove wpad-basic-wolfssl
Removing package wpad-basic-wolfssl from root...
root@OpenWrt:/etc/config# opkg install wpad-wolfssl
Installing wpad-wolfssl (2022-01-16-cff80b4f-14.1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.2/packages/mipsel_24kc/base/wpad-wolfssl_2022-01-16-cff80b4f-14.1_mipsel_24kc.ipk
Upgrading hostapd-common on root from 2022-01-16-cff80b4f-13.1 to 2022-01-16-cff80b4f-14.1...
Downloading https://downloads.openwrt.org/releases/22.03.2/packages/mipsel_24kc/base/hostapd-common_2022-01-16-cff80b4f-14.1_mipsel_24kc.ipk
Installing libwolfssl5.5.3.ee39414e (5.5.3-stable-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.2/packages/mipsel_24kc/base/libwolfssl5.5.3.ee39414e_5.5.3-stable-1_mipsel_24kc.ipk
Failed to send request: Operation not permitted
Configuring hostapd-common.
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.2/packages/mipsel_24kc/base/libwolfssl5.5.3.ee39414e_5.5.3-stable-1_mipsel_24kc.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_install_pkg: Failed to download libwolfssl5.5.3.ee39414e. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package wpad-wolfssl.
6

Likely, I always use the wired connection for updates. I think you can download the packages and install locally if desired.

7

Those setting will be made available once the full wpad is installed.

I would install attendedsysupgrade then run auc to bring libwolfssl up to 5.5.3 before starting. Then remove wpad-basic, install wpad-wolfssl, and run auc -f again to cram the full wpad into the ROM. This is important on 8 MB flash you don't really have space for two versions of libwolfssl and two variants of wpad in the flash.

8

I think I'll follow both advises. Thank you very much for providing them.

My action plan is:

  • add all my addresses to a TrustedHosts list to prevent myself from being kicked out by the firewall
  • turn current Ethernet static 192.168.1.1/24 addressing to a DHCP client addressing so that I can rely on a stable media to operate
  • operate as mk24 suggested to bring wpad-wolfssl into the box
  • iterate over 802.1X wifi settings to bring a second connection through the first radio (this box has dual radios)
  • change Ethernet settings again so that WiFi connection becomes the single media to access the Internet
  • add WiFi settings to bring the second radio as a WiFi downlink

This is a long list for a noob but life is hard, anyway ;-))

9

Today, I successfully implemented my above action plan: I've got a Netgear EX6130 acting as a repeater with a 2.4GHZ uplink to a 802.1X,PEAP/ MSCHAPv2 network and a GHZ downlink to a WPA2 PSK network.
Disk is almost full (80 %) but it works.

Thank you all for your help.

1 Like
10

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.