Wired EAP-TTLS/PAP authentication for wan interface

What I want to do is set up eth wan interface to be a dhcp client with wpa2 eap-ttls/pap authentication and a generic lan+ap setup, however I do not know how to set up authentication.

I did find some threads on this topic that I think are sort of related but are for wireless authentication. Most of them mention using wpad or wpa_supplicant.

With my (Windows) laptop I can connect to the network via ethernet using SecureW2 tool for this type of authentication so I know it is somehow possible.

I am using TP-Link TL-WDR3600 with 22.03.2 OpenWrt release and stock configuration.

Any help is appreciated :slightly_smiling_face:

EDIT: I found this guide that helped me set this up. https://gist.github.com/LupusArgentum/0a03106c0484480376b5878ca4f30761

You mention Ethernet WAN (i.e. wired) and wpa2 (i.e. wireless) in the same sentence. Please clarify.

  • You mentioned wireless again
  • What threads???
  • Did you ask there?
  • Links?

Yea, more clarification is necessary.

If you're seeking threads on wired 802.1x, see:


Thank you for your time. I as mentioned in the edit already I solved this on my own, but I will answer for anyone looking at his in the future.

You mention Ethernet WAN (i.e. wired) and wpa2 (i.e. wireless) in the same sentence. Please clarify.

I meant wired connection using 802.1x authentication. I was confused because I thought wpa2 and 802.1x was the same thing.

Here is how I solved it:

  1. Since my router had flash size limitations I created a firmware build without ppp and ipv6 and replaced wpad-basic-wolfssl with wpad-wolfssl and then flashed it on the device:
    make image PROFILE=tplink_tl-wdr3600-v1 PACKAGES="uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-app-firewall luci-mod-admin-full luci-theme-bootstrap -ppp -ppp-mod-pppoe -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -wpad-basic-wolfssl wpad-wolfssl"
  2. Configured /etc/config/wpa.conf:
  1. Created /etc/init.d/wpa-autostart: (can probably pass -B flagg to the command instead of using &)

start() {
echo start
wpa_supplicant -D wired -i eth0.2 -c /etc/config/wpa.conf &
  1. Enabled it with chmod +x /etc/init.d/wpa-autostart
    /etc/init.d/wpa-autostart enable
    /etc/init.d/wpa-autostart start