I was hoping for some advice. I would like to run a system where I can use PPSK. I mean, I run a captive portal using pfSense and OpenWrt access points (TP-Link 610-outdoor), and all is good, but I have come across a problem, and I'm not sure how to fix it. The quick version is I would like to have my users log on using a PSK password. Without an active captive portal page, they get a password, then log on to the internet.
Things I would like to have:
Timed passcodes (three days).
Passcodes that run out on a set date.
Not important but would be nice, making some passcodes have more than one login (but I must be able to limit this to, let's say, three).
I have looked at Rudius with OpenWrt but can't get the tunnel password to work with OpenWrt and the PfSense Rudius server installed.
Also, I would like to keep the PSK simple – just the passcode, not EAP with all the extra boxes to fill in. I have got the IoT device to work with this.
I will move away from pfSense to OpenSense or OpenWrt x86 or even Mikrotik.
About the first question, I installed Radius on pfSense, then set up the unit with clients and users, etc. Then I set up an OpenWrt AP to use PPSK in the WiFi setup, entering all the passkey ports, etc. The OpenWrt AP talked to the Radius server, but the Radius server couldn't understand the request coming from the OpenWrt AP. I didn't get any information from the system logs to help me find out what was wrong. I read that the tunnel-password command is the PPSK passcode and should work, but I didn't have any luck. Also, I think it could be because I was not using enterprise PSK, because I don't think people are going to understand that setup.
I tried lots of guides and got no help from the pfSense forum.
Is there a way to have the individual PPSK setup on one OpenWrt AP or OpenWrt x86 setup, one file on a NAS server that they all can talk to, for example?
This can be "programmed" into the freeradius-server.
freeradius uses a "dictionary" to understand received requests. It looks like, the requests you generated did not match any entry in the dictionary. Hm, your problem sounds like an interesting research project, as I have used freeradius extensively for Captive Portals (coova chilli). Why to switch from CP to this unusual approach ?
It comes down to TV, really. The UK is moving to streaming TV instead of over-the-air transmissions; this is happening over the next 5 to 10 years. I own a caravan park in the UK (white things with wheels). I have a lot of guests come and ask for wifi for TV (streaming). Captive portal pages don't work on TVs, and if I could come up with a way of just giving them a code (like a voucher code) that's their Wi-Fi password, the main issue is WPA Enterprise (TVs and IoT) doesn't like WPA Enterprise, so it needs to be WPA personal. Omada has this function, and I don't want to go back to Omada.
As bernd stated, using wpa_psk_file can be a basic start, a simple Proof of Concept. However, to fulfill " ... Things I would like to have: ..." will need quite some customization, read: Custom software, whereas usage of RADIUS allows standard config mods to adhere to the requirement specs 1-3. Custom UI required, anyway.
thank you _bernd I have already got my access point working with that idea, i didn't read a lot of answers about setting two three or 9 access point I have. also before I go down the route of mapping a network drive and trying to have one file sheared between them all , or a script that updates the files ever 5 min, any thoughts on time outs ( three days limit ) or expiry on a set day.
I am having fun with my PPSK file and have come across an issue. Can anyone help if I make changes to the wpa_ppsk file, like add or take away PPSK? I have to reboot the access point. "/etc/init.d/network reload" or "wifi reload" does not work. Can anyone help? After this I'm working on how to keep a track of the PPSK password. I can't seem to find a way of keeping tabs on what PPSK has been used. But first things first. I still think it might be easier to go down the radius route first.