Dynamic pre-shared key (dpsk) via radius

Searching finally for 'ppsk' I found this thread and hope that'll help me.

Update: If I followed that information correctly the most recent version of OpenWRT does support this feature. Will look at it…

Update: Seems like https://github.com/openwrt/luci/commit/05af14b25bc0fc2262416dcebf3360b11104198b reverts the needed changes to luci because of https://github.com/openwrt/luci/issues/6902 .

Update: Replacing the wireless.js script with the version from the former MR let me configure dpsk aka ppsk through luci. I ended up with these parameters in /etc/config/wireless:

        option device 'radio0'
        option mode 'ap'
        option ssid 'PPSK_SSID'
        option encryption 'psk2'
        option ppsk '1'
        option auth_server ''
        option dynamic_vlan '2'
        option vlan_tagged_interface 'eth0'
        option vlan_bridge 'br-vlan'
        option auth_port '1812'
        option per_sta_vif '1'
        option vlan_naming '1'
        option auth_secret 'radius_secret'

which is for these settings in luci:

Without luci being able to set these settings they could be edited directly in /etc/config/wireless. If I do not misread this: mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'] ppsk should work for modes ap & ap-wds and with encryptions psk, psk2, psk+psk2, psk-mixed.

Even though the settings end up in my /var/run/hostapd-phy0.conf the SSID does not become active, yet. (I didn't re-install the full version of wpad after my upgrade, but that is needed to interpret the according hostapd.conf lines)

Update: This seems to work. I get radius-requests on my radius server and I guess I have to adapt it to answer with the required tunnel-password (which it doesn't at the moment). But my question can be considered solved I guess.

1 Like