Hello all,
I'm having an issue connecting my custom imx6 based router to a wpa2 enterprise network.
Firstly, the router hosting the enterprise network is just a Pi Zero with OpenWrt installed on it. It also locally hosts the radius server (lightly followed this guide) to set it up. I'm able to connect to it properly and get internet with my Windows laptop, so I know the basic setup works.
If I try to connect to it, I can see from wpa_cli (or just with logread) that I am successfully authorized by the radius server; however, immediately afterwards I see that it disconnects and the output is not particularly helpful.
wpa_supplicant conf file
network={
scan_ssid=1
ssid="MY-SSID"
key_mgmt=WPA-EAP
identity="bob"
password="hello"
phase2="auth=MSCHAPV2"
eap=PEAP
proto=RSN
bssid=B8:27:EB:E3:59:EF
beacon_int=100
}
output from wpa_supplicant
root@OpenWrt:~# wpa_supplicant -Dnl80211 -iwlan0 -c wpa.conf
Successfully initialized wpa_supplicant
wlan0: Trying to associate with SSID 'MY-SSID'
wlan0: Associated with b8:27:eb:e3:59:ef
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' hash=82c21f74943cd8b4eeac0e382b8f9e950a880d91e4866fd641690d8bab865d6f
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.org' hash=3318097686820d6fbf39837e39d3c7e50d326d5fc5e4798ca4e9529fd8cfa633
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlan0: CTRL-EVENT-CONNECTED - Connection to b8:27:eb:e3:59:ef completed [id=0 id_str=]
wlan0: CTRL-EVENT-DISCONNECTED bssid=b8:27:eb:e3:59:ef reason=0 locally_generated=1
wlan0: Trying to associate with SSID 'MY-SSID'
As you can see, it just gives reason=0, which I have not been able to find good info on what to do with that.
Here's my wireless config for the client. Note that I've added some variables for my own use, which, as far as I know, is safe to do.
I will also note that I usually also use the travelmate package, but I've tried all this with it both off and on.
client-side /etc/config/wireless
config wifi-iface 'net_name'
option device 'radio0'
option network 'wan'
option mode 'sta'
option ssid 'MY-SSID'
option channel '11'
option encryption 'wpa2+ccmp'
option disabled '1'
option is_hidden '0'
option bssid 'B8:27:EB:E3:59:EF'
option eap_type 'peap'
option identity 'bob'
option password 'hello'
option name 'net_name'
Here is the config for the host network. It gets internet in from an ethernet cable. Again, I was able to connect and get internet successfully if connecting from my Windows laptop, so I doubt the problem is on this side.
host-side /etc/config/wireless
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'MY-SSID'
option wmm '0'
option disassoc_low_ack '0'
option auth_secret 'testing123'
option auth_server '127.0.0.1'
option acct_server '127.0.0.1'
option encryption 'wpa2'
option acct_port '1813'
option auth_port '1812'
Remarks that may or may not be useful:
-
If using
wpad (built-in full)
orwpa-supplicant (built-in full)
on the client, it would try to force usingtls 1.0
, which is rejected by default freeradius3 settings.- using
wpad-openssl
orwpa-supplicant-openssl
(both of which are under the 'mini' version of their program) allowed it to usetls 1.2
- using
-
I also failed to connect with an Ubuntu laptop; however that appeared to fail due to an auth issue and I have not spent much time trying to troubleshoot it.
As a final disclaimer: While I'm no longer new at this, I'm still no expert, so hopefully this is just some silly problem.
Thanks for any help or insight you can give!