ELI5: connecting to PEAP-MSCHAPv2 network

Folks. I'm struggling to attach to our local network. The only local support I have points me to the attached image. I have a CA certificate, username etc. I can flatten the router and start again with clean firmware. I have tried a lot of combinations and none of them work for me.

The purpose is to attach machines with wired network ports to the local wifi for updating.

Did you have found and read https://openwrt.org/docs/guide-user/network/wifi/basic?s[]=wpa2&s[]=enterprise#wpa_enterprise_client already?

PS: how do i insert links with an Anker properly??

1 Like

The package called wpad controls wireless connections. It is made in different versions with some features cut out to save memory. The default package wpad-basic-wolfssl is a version that does not support EAP. So you need to remove wpad-basic-wolfssl and replace it with the full version wpad-wolfssl.

This is best done by giving the router a temporary connection to the Internet, for example you could link to the wifi hotspot on a mobile phone.

Then reboot the router and you should see choices to configure EAP in the wireless configuration GUI.

Thanks for the advice folks. Yes, I have read that guide and as far as I can tell I have all the required entries. I certainly remember removing a basic wpad and replacing it with a full version, but I don't remember either of them being -wolfssl (my memory is wpad-mini coming out and wpad-something going in). I'm away from the router and network in question for the weekend but I'll check ASAP.

Best, Stephen

OK. So in the config "wpad-basic" came out, hostapd, wpa-supplicant, and hostapd-common are in (i.e. with a '*'). The various wpads seem to be a subset of wpa-supplicant so I assume they all come in by default, no?

Best, Stephen

EAP connections require a SSL enabled wpad such as wpad-wolfssl. wpad is a dual-purpose binary that can run as wpa-supplicant or hostapd. If you look in /bin you will see that those latter two programs are just links to the big wpad file.

mk24, I'm not sure if you're telling me that I have enough or I have too little. I can recompile, reinstall, and play around aimlessly some more if you think it will help. The list of packages in "network---wirelessapd category" is at https://openwrt.org/packages/index/network---wirelessapd. I currently have (i.e. chosen with a '*') hostapd, wpa-supplicant, and hostapd-common. What would be a necessary and sufficient combination of packages?

Best, Stephen

Don't select a hostapd or a wpa-supplicant, use wpad-wolfssl it includes both and also has SSL support through the wolfssl library.

hostapd-common is a script to configure hostapd/wpad-- you do need it. It should be a dependency of every wpad.

1 Like

mk24's last post nailed it. It took less than half an hour to recompile, reinstall, get the certificate over and get running. Huge thanks.

Best, Stephen

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.