Connection to EDUROAM Wifi with openwrt

Hey,
i have a EDUROAM account from my company (user/pw) and a ca.pem certificate that i stole off a linux machine that was connected.

I want a openwrt router to connect to the network and share the internet to my lan. I am failing conntecting to the EDUROAM network.

What i did so far:
installed OpenWrt 23.05.3 + Luci -> reset
connected to luci -> set a pw -> scanned with radio1, can see eduroam ssid
scp /home/user/Desctop/ca.pem root@192.168.1.1:/etc/ssl/certs/
ssh root@192.168.1.1
vi /etc/config/wireless added:

config wifi-iface 'eduroam'
       option device 'radio1'
       option network 'wwan'
       option mode 'sta'
       option ssid 'eduroam'
       option encryption 'wpa2+ccmp'
       option eap_type 'peap'
       option auth 'MSCHAPV2'
       option identity 'xxxxxxx'
       option password 'xxxxxxxxx
       option anonymous_identity 'xxxxxxxx'
       option ca_cert '/etc/ssl/certs/ca.pem'
       option auth_server 'server'
       option auth_server2 'server2'

       
config interface 'wwan'
    option proto 'dhcp'

Also changed all radios to enabled.

/etc/init.d/network reload
/etc/init.d/network restart

Could not get the wifi to connect. Did i miss anything?

The wpad-basic package that is installed by default does not support Enterprise networks. Remove wpad-basic-xxx and replace with wpad-xxx then reboot.

Using the CA file to check the network's certificate is for your protection. It is not necessary to connect. It prevents a common attack where you unknowingly connect to a fake network which will then receive your hashed password and attempt to crack it.

1 Like

It worked... Half way :slight_smile: i changed the build options to wpad-openssl and my wifi client connects fine.

But i still dont have internet connection.
Tryed to ping something from the router, fails.

Did you add wwan to the wan firewall zone? Do you get an IP address, gateway address (the company's first router on the other side of the link), and DNS assigned? Can you ping the gateway IP? Does DNS work?

of course i did not add it to the wan firewall zone... facealm :smiley:
now everything works as expected.

what i dont get is a gateway "host" ip/adress. its always "?"


should i do something about it or is it just how the network is set up?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.