Hello,
according to https://wiki.openwrt.org/doc/howto/wireless.security.8021x it should be very easy to configure 802.1x with dynmic vlans. Here is my configuration:
/etc/config/wireless:
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'FIXED VLAN WIFI'
option encryption 'wpa2'
option server '...'
option key '...'
option network 'lan'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'DYN VLAN WIFI'
option encryption 'wpa2'
option server '...'
option key '...'
option dynamic_vlan '2'
option vlan_tagged_interface 'eth1'
option vlan_bridge 'br-vlan'
option vlan_naming '0'
The network and switch configuration is irrelevant.
This is my freeradius configuration:
/etc/freeradius/3.0/clients.conf:
client 192.168.1.1 {
ipaddr = 192.168.1.1
secret = ...
require_message_authenticator = yes
nastype = other
}
/etc/freeradius/3.0/users.conf:
"hello" Auth-Type := "EAP", Cleartext-Password := "world"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID := "1"
Connecting to FIXED VLAN WIFI works flawlessly but connecting to DYN VLAN WIFI does not work.
So I checked logread and I got this:
Sun Jul 22 12:30:56 2018 daemon.info hostapd: wlan1-2: STA 0c:8f:ff:84:8f:9e IEEE 802.11: authenticated
Sun Jul 22 12:30:56 2018 daemon.info hostapd: wlan1-2: STA 0c:8f:ff:84:8f:9e IEEE 802.11: associated (aid 1)
Sun Jul 22 12:30:56 2018 daemon.notice hostapd: wlan1-2: CTRL-EVENT-EAP-STARTED 0c:8f:ff:84:8f:9e
Sun Jul 22 12:30:56 2018 daemon.notice hostapd: wlan1-2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Sun Jul 22 12:30:57 2018 daemon.info hostapd: wlan1-2: STA 0c:8f:ff:84:8f:9e IEEE 802.1X: authentication server did not include required VLAN ID in Access-Accept
Sun Jul 22 12:30:57 2018 daemon.warn hostapd: wlan1-2: STA 0c:8f:ff:84:8f:9e IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
What is wrong with my configuration?
Raphael