Wireless client with WPA2 enterprise PEAP MSCHAPV2

Hi
I would like to buy a Wifi Pineapple Nano (Hak 5) for one specific reason, to enable a legacy piece of technology to get on our WiFi network at my hospital.
The network is WPA2 Enterprise with PEAP and MSCHAP as the authentication. I know from setting up other devices that I need to provide a "domain name" in addition to MSCHAP username and password.
09
I can not see how I can provide this information when I read the OPENWRT instructions for WPA2 Enterprise here https://wiki.openwrt.org/doc/uci/wireless#wpa_enterprise_client

I don't really want to buy this device if I unable to solve my problem with it.
Can anyone shed some light on this.

thanks

Daniel

From: https://wiki.openwrt.org/doc/uci/wireless#wpa_enterprise_client

Name Default Description
identity (none) EAP identity to send during authentication
password (none) Password to send during EAP authentication

In identity, you use DOMAIN\username.

1 Like

Given that you're (hopefully) governed by HIPAA (assuming you're in the US), your first question should be to your InfoSec and IT departments.

Assuming that they've given you clearance to operate what might be an unsecured or weakly secured AP from your use of the word "legacy", then yes, OpenWrt can authenticate using MSCHAPv2 (I hope your network is no more insecure than v2!).

See, for example https://openwrt.org/docs/guide-user/network/wifi/basic#wpa_enterprise_client

I can't speak to the hardware and its support, which is another question.

https://www.wifipineapple.com/pages/nano

  • CPU: 400 MHz MIPS Atheros AR9331 SoC
  • Memory: 64 MB DDR2 RAM
  • Disk: 16 MB ROM + Micro SD (not included)
  • Wireless: Atheros AR9331 + Atheros AR9271, both IEEE 802.11 b/g/n

Slow as a dog compared to what can be had for US $20 for 2.4 GHz devices, or not a lot more for 802.11ac as well. See, for many suggestions and opinions, What's your favourite cheap LEDE/OpenWrt device?

lleachi.

thankyou. that sounds promising. I will buy it then and give it a go.

Jeff:
I am not in USA, HIPAA not relevant.
I won't be making things any more insecure. I am not creating a new WIFI network. The device is creating a wifi client bridge. Ie. device connects to hospital wifi network, and allows one other legacy device that connects to it via ethernet, to operate on the network.

Totally cool -- thanks for clarifying.

While I haven't used them myself (though mighty tempting), as an example of available devices, the GL.iNet single-band units are running around or below US $20 and have enough CPU, flash, and RAM to be able to get many more years out of them. Several mentioned in that thread, or in the table of hardware, https://openwrt.org/toh/views/toh_extended_all?dataflt[Brand*~]=GL.iNet

and can be powered over USB?
that is my other requirement, that the ultrasound machine that this is plugging into can actually power the wifi bridge device.
Often they are used on the move, so AC power is undesirable.

Several of the GL.iNet devices (and probably other manufacturers' as well) power from 5 V microUSB -- "standard" phone charging cable, and should be able to be powered from a USB outlet.

In general, I'd be careful as many USB data outlets, especially on older equipment, may not be able to supply enough current, often being limited to 500 mA, or 2.5 W.

will investigate.
thankyou

Hi again.
So perhaps I would be better off using a GL.iNet GL - AR150 and powering it with a dual A to micro B USB cable like this https://www.ebay.com.au/itm/1ft-Dual-USB-A-to-Micro-B-Y-Power-Booster-Cable-for-External-Hard-Drive-YS-US7-/280750493818

Just confirming again, that these devices run a full implementation of openwrt, and that I can ssh in and make the necessary modifications to the wifi config to allow setting the AR150 up as a wireless client to a WPA2 enterprise with PEAP & MSCHAPv2 network, and thus bridging the wifi network to a downstream ethernet only device via the AR150's LAN port

thanks

Daniel

You may wish to create another topic for the power issue.

Your WiFi question was previously answered. As long as you're not using a proprietary WiFi from an OEM, nation or military, OpenWrt should work.

thankyou for your help

1 Like