WPA2-EAP (wpad) issues, RT-AC88u Broadcom chip

I am trying to get WPA2-EAP working on my RT-AC88U (A6 HW version) but having no luck; devices immediately disconnect/disassociate. I can see from syslog that the RADIUS server is being contacted and approves but multiple assoc/disassoc happen in quick succession after.

Regular unsecured Wi-Fi does work. I know there was some issue with the broadcom firmware being proprietary and all, but I see from the other thread that a user with A2 hardware on the same router was able to get it working.

Model: Asus RT-AC88U
Architecture: ARMv7 Processor rev 0 (v7l)
Target Platform: bcm53xx/generic
Firmware Version: OpenWrt 22.03.2 r19803-9a599fee93 / LuCI openwrt-22.03 branch git-22.288.45147-96ec0cd
Kernel Version 5.10.146

My steps:

  • Fresh install of the above firmware.
  • Configure LAN interface IP, configure syslog target server
  • remove wpad-basic-wolfssl, install wpad
  • reboot router
  • enable / configure wireless (tested both 2.4/5ghz separately) with RADIUS server and secret.
  • attempt to connect

I have tried installing the brcmfmac-firmware-4366b1-pcie package on top + rebooting and no change. I have logs but they don't appear that useful.

Happy to run any commands or provide any logs if needed

Have a try with wpad-openssl (or at least wpad-wolfssl, although I'd prefer the former, especially with weird/ advanced ciphers and certs involved) instead, I think you really need a full(er) wpad built against a suitable ssl/ tls provider for this.

wpad works for me (three different AP models).

Can you get access by a regular radclient (and show output) ?