I am using a TP-Link CPE510 v3 with OpenWRT 23.05.2 (previously 23.05.0r2 but the issue persists) to connect to a network via WPA2-EAP PEAP with EAP-MSCHAPv2. Until a some days ago everything worked fine. Without any change on my part and as far as I can see none on the other side the authentication is no longer successful. Updating to the newest OpenWRT and package versions did not help.
Since the last message in the log before the CTRL-EVENT-EAP-METHOD-FAILED message was daemon.notice wpa_supplicant[1160]: phy0-sta0: Unknown event 37 I searched for that event online. The message seems to be pretty uncommon and most of the time the rest of the problem was different from mine. One supposed solution was to swap out wpad (yes this is the full version, it worked in the past) with wpad-openssl. This was not applicable since wpad-openssl with its dependency libopenssl3 is bigger than 2MiB and the CPE510 only has 2MiB Disk space. I checked whether the network's certificates changed since that was the problem last time I had connection issues but as far as I can see they stayed the same. When reuploading the .pem file after the systemupgrade (via LUCI) I came across a weird bug saying it could not read /etc/luci-uploads/cert.pem even though ls -la showed it was readable by everyone. I worked around that by moving the cert file somewhere else and manually editing /etc/config/wireless to point to the right file (since LUCI does not allow you to chose certs in other folders). The network also seems to support EAP-PWD but I could not find any information on how to set up that method in OpenWRT, neither with LUCI nor over SSH directly.
Does the Unknown event 37 have anything to do with it and how do I fix it? My best guess is CTRL-EVENT-EAP-STATUS since it appeared in similar positions in old logs of other people. Is there anything else obvious I am missing? Any help would be appreciated.
My /etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel 'auto'
option band '5g'
option cell_density '0'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'sta'
option network 'wwan'
option ssid '<MY SSID>'
option encryption 'wpa2+ccmp'
option eap_type 'peap'
option identity '<MY IDENTITY>'
option password '<MY PASSWORD>'
option ca_cert '/root/chain.pem'
option auth 'EAP-MSCHAPV2'
option anonymous_identity '<MY ANON IDENTITY>'
A typical connection request:
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-EAP-STARTED EAP authentication started
Tue Nov 14 20:34:55 2023 kern.debug kernel: [ 573.571689] phy0-sta0: Limiting TX power to 17dBm as adertized by <REDACTED MAC ADRESS>
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: Unknown event 37
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 -> NAK
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: Unknown event 37
Tue Nov 14 20:34:55 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Tue Nov 14 20:34:55 2023 daemon.notice netifd: wwan (3435): udhcpc: started, v1.36.1
Tue Nov 14 20:34:55 2023 daemon.notice netifd: wwan (3435): udhcpc: broadcasting discover
Tue Nov 14 20:34:56 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Tue Nov 14 20:34:56 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: Unknown event 37
Tue Nov 14 20:34:57 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Tue Nov 14 20:34:58 2023 daemon.notice netifd wwan (3435): udhcpc : broadcasting discover
Tue Nov 14 20:34:59 2023 daemon.notice wpa_supplicant[1159]: phy0-sta0: Authentication with <REDACTED MAC ADDRESS> timed out.