I want to connect to a enterprise wifi network from my router (v19.07.1) as a client. Here is the wpa_supplicant config I think should work:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/tmp/ca.pem"
identity="xxxx@xxxx"
altsubject_match="DNS:zzzzz.zzz.zz.zz"
phase2="auth=MSCHAPV2"
password="wwwwwwww"
anonymous_identity="yyyy@yyyy"
}
I tried to translate it to the UCI config in /etc/config/wireless
. I followed the config options here:
https://openwrt.org/docs/guide-user/network/wifi/basic#wpa_enterprise_client
But I could not get the matching UCI options for every option, such as anonymous_identity
.
Note the ca_cert
option is not a problem. I have the ca.pem
file, which I saved in /tmp/ca.pem
in openwrt and I can see the ca_cert
option in the openwrt guide.
So far, this is my config:
config wifi-iface 'wifinet2'
option ssid 'eduroam'
option device 'radio0'
option mode 'sta'
option network 'wwan'
option encryption 'wpa2+tkip+aes'
option eap_type 'peap'
option auth 'auth=MSCHAPV2'
option identity 'xxxx@xxxx'
option password 'wwwwwwww'
option ca_cert '/tmp/ca.pem'
which generates:
root@OpenWrt:~# cat /var/run/wpa_supplicant-wlan0.conf
network={
scan_ssid=1
ssid="eduroam"
key_mgmt=WPA-EAP
ca_cert="/tmp/ca.pem"
identity="xxxx@xxxx"
password="wwwwwwww"
phase2="auth=MSCHAPV2"
eap=PEAP
proto=RSN
beacon_int=100
}
This doesn't work. My syslog says:
Thu Feb 6 23:56:38 2020 daemon.notice wpa_supplicant[4483]: wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='...' err='unknown CA'
Thu Feb 6 23:56:40 2020 daemon.notice wpa_supplicant[4483]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Missing fields are anonymous_identity
, pairwise
, group
and altsubject_match
. Not sure what the proto
and beacon_int
fields are about in the openwrt generated config.
How do I generate a matching wpa_supplicant config using the UCI options?