[SOLVED] Connect to WPA2-Enterprise

#21

First I updated to |Firmware Version|OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)|
|Kernel Version|4.9.152| and then I restored to factory default.

I went to Network>WAN>General Setup and I changed protocol from PPPOE to DHCP
On Network>WAN>Physical Settings> Interface I changed from dsl0 to eth0.2 so now I can connect to RED WAN port on HH5 a cable from a LAN port from my main router to have internet.

On System>Software I updated lists and installed wpad version 2018-05-21-62566bc2-5
On Network>Wireless>radio1 hit SCAN choose the Enterprise network Assign to firewall zone wan wan6 (these was selected as default) 2
and continued to setup the newly client connection with my username and password.
Save&Apply and now is connected to Enterprise network using WiFi.
I disconnected the lan cable from my router to HH5.

root@OpenWrt:~# cat /etc/config/network; cat /etc/config/wireless; cat /etc/conf
ig/firewall; ip -4 addr; ip -4 ro; ip -4 ru;

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd22:8263:4b9e::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '40:f2:01:3b:a2:f2'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '40:f2:01:3b:a2:f3'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 6t'

config interface 'wwan'
        option proto 'dhcp'


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '0'
        option channel '6'
        option country 'GB'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option network 'wwan'
        option ssid 'ENTERPRISENETWORK'
        option device 'radio1'
        option mode 'sta'
        option bssid '3A:43:1D:39:7D:3E'
        option encryption 'wpa2'
        option eap_type 'peap'
        option auth 'EAP-MSCHAPV2'
        option identity 'xxx'
        option password 'xxx'


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qle                                                                                        n 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state U                                                                                        P qlen 1000
    inet 192.168.0.129/24 brd 192.168.0.255 scope global eth0.2
       valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen                                                                                         1000
    inet xx.xx.xx.xx/26 brd xx.xx.xx.xx scope global wlan1
       valid_lft forever preferred_lft forever
default via xx.xx.xx.xx dev wlan1  src xx.xx.xx.xx
xx.xx.xx.xx/26 dev wlan1 scope link  src xx.xx.xx.xx
192.168.0.0/24 dev eth0.2 scope link  src 192.168.0.129
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#22

This can be done in one step, by upgrading the image and unticking the "keep settings" option. Just for future reference.

Can you explain your setup here? I was under the impression that HH5 is the only router in your house and that it runs on Openwrt. What is the other router and what OS is it running?
All these configurations are from which router?

#23

First router in my house is from my internet provider Virgin Media
The HH5 is a second router which I want to configure to use it in another location. I connected the HH5 to the Virgin Media router via a UTP cable to be able to give it the Internet so I can install wpad full in first instance.

But to my astonishment, it now works the way I want it. I can connect to the Enterprise network and the internet works on all devices connected to HH5, using just the settings explained above.

#24

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

#25

Thank you for all your help and patience.

1 Like
#26

Does it still work once you disconnect it from the VM router? I suspect you router is using your VM connection for it's upstream feed rather than the wifi connection to your dot1x provider :thinking:

#27

Yes, I tested with disconnected cable and VM router shut down.

1 Like
closed #28

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.