Encryption option in the etc/config/wireless config file

mmillner99 · April 1, 2022, 3:23am

Hi,

New to OpenWRT. I'm installing on a Raspberry Pi 4B. The end game is a travel router which can connect back to a VPN in my house.

Here is the the wifi interface part of the wireless config file(etc/config/wireless).. which broadcasts the ssid.

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'     
        option encryption 'none'
#        option key 'PASSWORD'

If I leave it like this it works. I can connect, with my phone, to the ssid OpenWrt with no password. Of course I want to use a password. If I change encryption to psk or psk2 as this site shows should be valid the ssid is no longer broadcasting.
If I change encryption back to 'none' and restart wireless with

uci commit wireless 
wifi

the ssid start broadcasting again

Any help would be appreciated...thanks!
-Mike

anon89577378 · April 1, 2022, 3:58am

Try using WPA2-PSK with AES, and a password (key).

Make sure the phone is using the same.

mmillner99 · April 1, 2022, 2:56pm

Thank you so much! That worked perfectly.

The one question I do have is the Cipher filed is not shown in the wireless config file. Is the GUI the only way to configure this?

thx again!
Mike

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2+ccmp'
	option key 'PASSWORD!'

mk24 · April 1, 2022, 3:00pm

Setting 'psk2' is the same as 'psk2+ccmp' which will require AES cipher (no TKIP)-- that is the recommended most secure option in your case since the Pi4 wifi does not support WPA3.

Setting Management Frame Protection at least to "optional" (option ieee80211w 1 on the CLI) is also a recommended practice but I don't think the Pi4 supports that either.