Is it possible to add native support for DPSK in Luci? I currently have this config working via editing the config file but it breaks some function in Luci and I have to make any new changes via the config file.
Just to provide an example I have 4 networks and instead of broadcasting 4 SSIDs I want to broadcast 1 SSID, Then based on the password the user enters is what network they get put in. This is fully functional I just think it would be amazing if it was natively supported in Luci.
Please provide outputs og
ubus call system board
cat /etc/config/network
cat /etc'config/wireless
cat /etc/config/firewall
cat /etc/config/dhcp
And the radi&s/diameter stanza example entry relating to described ESSID.
Obviously replace all passkeys and secrets with ABC
Ruckus dpsk requires radius go figure this is about lowlevel replica changing huest password in controllet or just changing that at all
Maybe DPSK is the wrong term. Ubiquti calls it PPSK. It is kinda confusing what the difference is. There should be no need for a radius server. I was thinking more for like 1 password per network and not 1 password per user.
Board
{
"kernel": "6.6.73",
"hostname": "JSTN-R1",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT3000",
"board_name": "glinet,gl-mt3000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
Network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'LAN'
option proto 'static'
option ipaddr '172.16.10.1'
option netmask '255.255.255.0'
option ip6assign '64'
option delegate '0'
option device 'vlan.10'
option defaultroute '0'
option ip6weight '255'
config interface 'WAN'
option device 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '172.16.30.2'
config interface 'WAN6'
option device 'eth0'
option proto 'dhcpv6'
option reqaddress 'force'
option reqprefix '56'
option sourcefilter '0'
option peerdns '0'
config interface 'WG0'
option proto 'wireguard'
option private_key 'xxxx'
option listen_port '51820'
list addresses '10.100.100.1/24'
config wireguard_WG0
option description 'Phone'
option public_key 'xxxx'
option private_key 'xxxx'
list allowed_ips '10.100.100.2/32'
option route_allowed_ips '1'
config interface 'SERVERS'
option proto 'static'
option ipaddr '172.16.30.1'
option netmask '255.255.255.0'
option delegate '0'
option ip6weight '100'
option device 'vlan.30'
option defaultroute '0'
option ip6assign '64'
config wireguard_WG0
option description 'Laptop_Client'
option public_key 'xxxx'
option private_key 'xxxx'
list allowed_ips '10.100.100.3/32'
option route_allowed_ips '1'
config device
option name 'eth0'
config interface 'IOT'
option proto 'static'
option device 'vlan.40'
option ipaddr '172.16.40.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'
option ip6assign '64'
config interface 'GUEST'
option proto 'static'
option ipaddr '172.16.50.1'
option netmask '255.255.255.0'
option device 'vlan.50'
option defaultroute '0'
option ip6assign '64'
option delegate '0'
config device
option type 'bridge'
option name 'vlan'
list ports 'eth1'
config bridge-vlan
option device 'vlan'
option vlan '10'
list ports 'eth1:t'
config interface 'CCTV'
option proto 'static'
option device 'vlan.20'
option ipaddr '172.16.20.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'
option ip6assign '64'
config bridge-vlan
option device 'vlan'
option vlan '20'
list ports 'eth1:t'
config bridge-vlan
option device 'vlan'
option vlan '30'
list ports 'eth1:t'
config bridge-vlan
option device 'vlan'
option vlan '40'
list ports 'eth1:t'
config bridge-vlan
option device 'vlan'
option vlan '50'
list ports 'eth1:t'
Wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HE20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel 'auto'
option band '5g'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'occam'
option encryption 'psk2'
option key 'xxxx-psk-1'
option network 'LAN'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'occam'
option encryption 'psk2'
option key 'xxxx-psk1'
option network 'LAN'
config wifi-vlan
option name 'cctv'
option network 'CCTV'
option vid '20'
config wifi-station
option key 'xxxx-psk-2'
option vid '20'
config wifi-vlan
option name 'iot'
option network 'IOT'
option vid '40'
config wifi-station
option key 'xxxx-psk-3'
option vid '40'
config wifi-vlan
option name 'guest'
option network 'GUEST'
option vid '50'
config wifi-station
option key 'xxxx-psk-4'
option vid '50'
Firewall
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'LAN'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'LAN'
config zone
option name 'CCTV'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'CCTV'
config zone
option name 'SERVERS'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'SERVERS'
config rule
option name 'Allow-DHCP-Renew'
option src 'WAN'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'WAN'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'WAN'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'WAN'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'WAN'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'WAN'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Wireguard-VPN'
list proto 'udp'
option src 'WAN'
option dest_port '51820'
option target 'ACCEPT'
config rule
option name 'LAN to WAN'
option src 'LAN'
option dest 'WAN'
option target 'ACCEPT'
list proto 'all'
list src_ip '172.16.10.0/24'
list src_ip 'xxxx-publicIPV6-PD'
config rule
option name 'LAN to Router All'
option src 'LAN'
option target 'ACCEPT'
list proto 'all'
list src_ip '172.16.10.0/24'
list src_ip 'xxxx-publicipv6'
list dest_ip '172.16.10.1'
list dest_ip 'xxxx-publicipv6'
config rule
option name 'LAN to Router DHCPv4'
option src 'LAN'
option dest_port '67'
option target 'ACCEPT'
option family 'ipv4'
list proto 'udp'
config rule
option name 'LAN to Router DHCPv6'
option family 'ipv6'
option src 'LAN'
option dest_port '546'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'LAN to Router ICMPv6'
list proto 'icmp'
option src 'LAN'
option target 'ACCEPT'
option family 'ipv6'
config rule
option name 'LAN to Router VPN'
list proto 'udp'
option src 'LAN'
option dest_port '51820'
option target 'ACCEPT'
list src_ip '172.16.10.0/24'
list src_ip 'xxxx-publicipv6'
list dest_ip 'xxxx-publicipv4'
list dest_ip 'xxxx-publicipv6'
config rule
option name 'LAN to SERVERS'
option src 'LAN'
option dest 'SERVERS'
option target 'ACCEPT'
list src_ip '172.16.10.0/24'
list dest_ip '172.16.30.0/24'
option family 'ipv4'
list proto 'all'
config rule
option name 'LAN to NVR'
option src 'LAN'
option dest 'CCTV'
option target 'ACCEPT'
option family 'ipv4'
list dest_ip '172.16.20.2'
list src_ip '172.16.10.0/24'
option dest_port '9000'
list proto 'tcp'
config rule
option name 'CCTV to WAN'
option src 'CCTV'
option dest 'WAN'
option target 'ACCEPT'
option family 'ipv4'
list proto 'all'
list src_ip '172.16.20.0/24'
config rule
option name 'CCTV NVR to DNS'
option src 'CCTV'
list src_ip '172.16.20.2'
option dest 'SERVERS'
list dest_ip '172.16.30.2'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'CCTV to Router DHCPv4'
option src 'CCTV'
option target 'ACCEPT'
list proto 'udp'
option dest_port '67'
option family 'ipv4'
config rule
option name 'SERVERS to WAN'
option src 'SERVERS'
option dest 'WAN'
option target 'ACCEPT'
list src_ip '172.16.30.0/24'
option family 'ipv4'
list proto 'all'
config rule
option name 'SERVERS to Router Ping'
option src 'SERVERS'
option target 'ACCEPT'
list proto 'icmp'
list src_ip '172.16.30.0/24'
list dest_ip '172.16.30.1'
option family 'ipv4'
config rule
option name 'Home-assistant to Smart-plugs'
option src 'SERVERS'
option dest 'IOT'
list dest_ip '172.16.40.15'
list dest_ip '172.16.40.16'
list dest_ip '172.16.40.17'
list dest_ip '172.16.40.18'
option dest_port '80'
option target 'ACCEPT'
list src_ip '172.16.30.9'
option family 'ipv4'
list proto 'tcp'
list proto 'icmp'
config rule
option name 'IOT to WAN'
option src 'IOT'
option dest 'WAN'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
list src_ip '172.16.40.10'
config rule
option name 'IOT to Router DHCPv4'
option src 'IOT'
option dest_port '67'
option target 'ACCEPT'
list proto 'udp'
option family 'ipv4'
config rule
option name 'IOT to SERVERS DNS'
option src 'IOT'
list src_ip '172.16.40.0/24'
option dest 'SERVERS'
list dest_ip '172.16.30.2'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'GUEST to WAN'
option src 'GUEST'
option dest 'WAN'
option target 'ACCEPT'
option family 'ipv4'
list proto 'all'
list src_ip '172.16.50.0/24'
config rule
option name 'GUEST to Router DHCP'
option src 'GUEST'
option dest_port '67'
option target 'ACCEPT'
list proto 'udp'
option family 'ipv4'
config rule
option name 'GUEST to Router ICMP'
list proto 'icmp'
option src 'GUEST'
list src_ip '172.16.50.0/24'
list dest_ip '172.16.50.1'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'VPN to WAN'
option src 'VPN'
option dest 'WAN'
option target 'ACCEPT'
list src_ip '10.100.100.0/24'
option family 'ipv4'
list proto 'all'
config rule
option name 'VPN to PI-HOLE_DNS'
option src 'VPN'
list src_ip '10.100.100.0/24'
option dest 'SERVERS'
option dest_port '53'
option target 'ACCEPT'
list dest_ip '172.16.30.2'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
config rule
option name 'VPN to JELLYFIN'
option src 'VPN'
list src_ip '10.100.100.0/24'
option dest 'SERVERS'
option dest_port '8096'
option target 'ACCEPT'
list dest_ip '172.16.30.3'
option family 'ipv4'
list proto 'tcp'
list proto 'icmp'
config rule
option name 'VPN to FILEBROWSER'
option src 'VPN'
option dest 'SERVERS'
list dest_ip '172.16.30.6'
option dest_port '80'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
list src_ip '10.100.100.0/24'
config rule
option name 'VPN to IPERF'
option src 'VPN'
option dest 'SERVERS'
list dest_ip '172.16.30.5'
option dest_port '5201'
option target 'ACCEPT'
list src_ip '10.100.100.0/24'
option family 'ipv4'
list proto 'tcp'
list proto 'icmp'
config rule
option name 'VPN to HomeAssistant'
option src 'VPN'
list src_ip '10.100.100.0/24'
option dest 'SERVERS'
list dest_ip '172.16.30.9'
option dest_port '8123'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'icmp'
config zone
option name 'IOT'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'IOT'
config zone
option name 'GUEST'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'GUEST'
config zone
option name 'VPN'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
list network 'WG0'
config zone
option name 'WAN'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'WAN'
list network 'WAN6'
config rule
option name 'VPN to NVR'
option src 'VPN'
list src_ip '10.100.100.0/24'
option dest 'CCTV'
list dest_ip '172.16.20.2'
option dest_port '9000'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'icmp'
DHCP
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'LAN'
option interface 'LAN'
option start '20'
option limit '235'
option leasetime '24h'
option dhcpv4 'server'
option force '1'
option ra 'server'
option dhcpv6 'server'
list dhcp_option '6,172.16.30.2'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'
config dhcp 'WAN'
option interface 'WAN'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'SERVERS'
option interface 'SERVERS'
option start '250'
option limit '5'
option leasetime '12h'
option force '1'
list dhcp_option '6,1.1.1.1'
config dhcp 'IOT'
option interface 'IOT'
option start '200'
option limit '54'
option leasetime '12h'
list dhcp_option '6,172.16.30.2'
config dhcp 'GUEST'
option interface 'GUEST'
option start '2'
option limit '253'
option leasetime '12h'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'CCTV'
option interface 'CCTV'
option start '100'
option limit '154'
option leasetime '12h'
config host
option name 'SHARK-VAC'
option ip '172.16.40.10'
list mac 'A8:96:09:C1:08:A8'
config host
option name 'bobcatminer'
option ip '172.16.10.254'
option mac '94:C9:B7:91:D7:03'
Yes, it is certainly possible.