WiFi - WPA2 - PEAP MSCHAPv2 TLSv1.2 in Client mode

hiwaamiri · September 12, 2023, 12:54pm

Dear OpenWRT lovers,

Recenlty I tried to use OpenWRT on my Mikrotik RB962. It works perfect but the problem is I want to connect to an access point that has WPA2 - PEAP authentication over TLSv1.2. The OpenWRT is in client mode as also called station mode to connect tho that specific AP. The AP only supports or lets say only accept TLSv1.2 connection from the clients.
I am sure that the AP is configured correctly and I have the right certificate because I can connect to the AP using my Windows 10 laptop and my Android smartphone.
With the same configuration, OpenWRT can not connect to the AP. I sniffed the packets and seems that OpenWRT doesn't use TLSv1.2 for WPA2-PEAP auth, also you can see the logs of the OpenWRT when it tries to connect

Thu Sep  7 09:17:23 2023 daemon.notice netifd: Wireless device 'radio0' is now up
Thu Sep  7 09:17:23 2023 daemon.notice netifd: Interface 'wwan' is enabled
Thu Sep  7 09:17:29 2023 daemon.notice wpa_supplicant[7035]: phy0-sta0: SME: Trying to authenticate with b2:46:8d:27:b3:54 (SSID='AP_TLSv1.2' freq=5220 MHz)
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.754629] phy0-sta0: authenticate with b2:46:8d:27:b3:54
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.770615] phy0-sta0: send auth to b2:46:8d:27:b3:54 (try 1/3)
Thu Sep  7 09:17:29 2023 daemon.notice wpa_supplicant[7035]: phy0-sta0: Trying to associate with b2:46:8d:27:b3:54 (SSID='AP_TLSv1.2' freq=5220 MHz)
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.779645] phy0-sta0: authenticated
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.789557] phy0-sta0: associate with b2:46:8d:27:b3:54 (try 1/3)
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.801105] phy0-sta0: RX AssocResp from b2:46:8d:27:b3:54 (capab=0x1511 status=0 aid=2)
Thu Sep  7 09:17:29 2023 kern.warn kernel: [161282.810205] ath10k_pci 0000:00:00.0: pdev param 0 not supported by firmware
Thu Sep  7 09:17:29 2023 kern.warn kernel: [161282.817530] ath10k_pci 0000:00:00.0: failed to enable peer stats info: -122
Thu Sep  7 09:17:29 2023 kern.info kernel: [161282.824863] phy0-sta0: associated
Thu Sep  7 09:17:29 2023 daemon.notice wpa_supplicant[7035]: phy0-sta0: Associated with b2:46:8d:27:b3:54
Thu Sep  7 09:17:29 2023 daemon.notice wpa_supplicant[7035]: phy0-sta0: CTRL-EVENT-EAP-STARTED EAP authentication started
Thu Sep  7 09:17:29 2023 daemon.notice wpa_supplicant[7035]: phy0-sta0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Thu Sep  7 09:17:29 2023 daemon.notice netifd: Network device 'phy0-sta0' link is up

Do you have any idea how can we enable TLS1.2 for PEAP, or even is this an error related to TLSv1.2 ??

hiwaamiri · September 13, 2023, 12:58pm

The following solved the issue

opkg update
opkg remove wpad*
opkg install wpad-openssl
reboot

system · September 23, 2023, 12:59pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.