WPA2 Enterprise not working

Sure it's 192.10.10.1? That's not within rfc1918 192.168.0.0/16 and I doubt that's your assigned public IP space...
can you reach your radius from every AP via ip? have you checked that each radius client can connect and authenticate?

Nah I replaced the actual IP with a fictional one.
And indeed I can see it does not meet the rfc1918. My bad!

The radius can be reached by all clients when they connect to the Archer C7 which is running v19.07.8

Ok. But are you able to connect to the radius server from die 21.02 AP? I mean the radius client /authenticator not the wifi client.
The wifi client does not connect to the radius. Only the AP. Maybe the IP of the AP has changed and is not configured in the clients.conf of freeradius?

I just had setup freeradius server and aps as clients on 21.02 just fine a few days ago so I doubt that there is an issue just because you now run 21.02....

Yes, I copy/paste the IP from the other Archer so I can not make any typing mistake.

There's little point in redacting LAN IPs, it only makes sense for MAC addresses and WAN IPs. Better put 192.168.x.x if you'd still like to do it, instead of 192.10.10.1 or anything else that is not a valid private IPv4 range. As you noticed, it confuses people (which makes troubleshooting more difficult).

That aside, might be this is the issue at play? I assume you're using the .2 release no?

If so, check if rolling back to .1 'fixes' it. A fix just landed in the 21.02 branch but you'll need to compile yourself for the moment I think. Not sure if packages will get updated before another point release.

Yes you are right. https://github.com/openwrt/openwrt/commit/abf8209d7f200fd9cd732a2d535699830d89f57c#diff-0524cbcb28eb9c9b7a08dd8c38f9b88ab8dab0af51bae8ca63e1124090008907 this change should be there. I have forgotten that I needed to change the file :roll_eyes:
Someone already on 21.02.2 could check if this change already landed at 21.02.2 or not ... I am still at 21.02.1.

I can say for sure it didn't. Look at the 21.02.2 release tag, it's older than the RADIUS commit. Even if packages will be rebuilt (which happened at some point but I'm not sure they still do), I don't know if images will.

1 Like

I have changed the IP’s.
Good point.

I did use 21.02.2 so maybe that’s the problem.
I will try 21.02.1 when I have some spare time and report back. Thanks for the heads up!

1 Like

I can confirm: WPA2 Enterprise with Radius is not working under v21.02.2 , at least not for me.
I have tested a few scenarios and once downgraded to 21.02.1 the problem is gone, Radius is working great, no problems.

Freeradius3 backend on pfSense CE v2.6.0

1 Like

As soon as the WPA daemon packages get bumped to 40 you can use this page to generate a customised image BTW:

http://sysupgrade.openwrt.org/

2 Likes

@Borromini
How can I check if the WPA daemon package has been bumped to 40?

You check the package list (see /etc/opkg/distfeeds.conf for the URL).

Thanks!
Though I'm not quite sure where and what to look for.
Package url = https://downloads.openwrt.org/releases/21.02.1/packages/mips_24kc/packages
Can't find any WPA daemon...

They're under base, not under packages.

1 Like

Makes sense! Thx

Though the package is at 40 as far as I can see:
wpad_2020-06-08-5a8b3662-40_mips_24kc.ipk

Updated last Sunday (yesterday) but I just checked and 21.0.2.2 is still having problems for me with Radius and WPA Enterprise EAP.
I updated with the file:
openwrt-21.02.2-ath79-generic-tplink_archer-c7-v2-squashfs-sysupgrade.bin

Yes. Like explained, the packages might see updates but the firmare images probably do not. You need to generate a custom image using the link in post #11. That will use the updated packages you include.

1 Like

Ok, cool! Will give it a try and report back.

1 Like

@Borromini
You saved the day mate! Thx.

Installed 21.02.1, coming from stock/factory TP-Link firmware.
After that I did the sysupgrade through http://sysupgrade.openwrt.org/ and I'm now running 21.0.2.2 without the "WPA EAP/Enterprise bug".

1 Like

Glad I could get you on your way.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.