Hello,

first thing is first, I am a new user of both OpenWRT and linux.  What I have managed to do is, hack my router (hack=loading openwrt without failure ) and connect it with ssh and winscp. I have also managed to install Wpad full version.

What I want (need) to do is, connect to my university AP (which has: WPA2 AES EAP TTLS PAP authentication with a server CA certificate also) with my router (Tube 2h Alfa Network, Barrier Breaker r43618).

My log file says:
Sat Dec 27 00:27:22 2014 daemon.info dnsmasq-dhcp[1671]: DHCPDISCOVER(br-lan) 0.0.0.0 XXXX
Sat Dec 27 00:27:22 2014 daemon.info dnsmasq-dhcp[1671]: DHCPOFFER(br-lan) 192.168.1.102 XXXX
Sat Dec 27 00:27:22 2014 daemon.info dnsmasq-dhcp[1671]: DHCPREQUEST(br-lan) 192.168.1.102XXXX
Sat Dec 27 00:27:22 2014 daemon.info dnsmasq-dhcp[1671]: DHCPACK(br-lan) 192.168.1.102 XXXX
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.500000] wlan0: authenticate with YYYY
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.510000] wlan0: send auth toYYYY (try 1/3)
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.520000] wlan0: authenticated
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.530000] wlan0: associate with YYYY (try 1/3)
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.530000] wlan0: RX AssocResp from YYYY(capab=0x431 status=0 aid=1)
Sat Dec 27 00:27:55 2014 kern.info kernel: [  100.540000] wlan0: associated
Sat Dec 27 00:27:55 2014 daemon.notice netifd: Network device 'wlan0' link is up
Sat Dec 27 00:27:55 2014 daemon.notice netifd: Interface 'wwan' has link connectivity
Sat Dec 27 00:27:59 2014 kern.info kernel: [  104.730000] wlan0: deauthenticating from YYYY by local choice (Reason: 3=DEAUTH_LEAVING)
Sat Dec 27 00:27:59 2014 daemon.notice netifd: Network device 'wlan0' link is down
Sat Dec 27 00:27:59 2014 daemon.notice netifd: Interface 'wwan' has link connectivity loss

Thats where I get lost. I dont understant What is wrong?? I dont think it is a dbm issue because the same AP has a guest account without password and It connects without any problem...

What I have done?
I have erased wpad mini and installed Wpad "wpa-supplicant_2014-06-03.1-1_ar71xx.ipk" (because it gives error If I dont install it without removing wpad mini) And uploaded certificate file "au-wifi-net.der" to /etc/ssl/ folder. I also put this file to web interface.

I have tried to connect a WPA2 PSK AP and managed it without any problem.

What exactly is happening?
It connects to AP (ap name shown on web UI), waits 5-10 seconds and disconnects... Keeps doing this all the time. One time with code 3 DEAUTH_LEAVING, one time with code 1 UNSPECIFIED... It changes sporadically.

What I think?
I guess it leaves ap because it doesnt get any IP from it, or maybe a certificate problem. Or maybe its because of anonymous identity. TTLS PAP authentication needs a "anonymous identity" box but there is none (at least I havent found any...).

Full connection details:
SSID "AU WiFi Net"
WPA2 Enterprise EAP
AES
TTLS
PAP
anonymous identity: anonymous@ankara.edu.tr
user name: XXXX@ankara.edu.tr
pass: XXXXXX
CA certificate file: http://kablosuz.ankara.edu.tr/dosyalar/au-wifi-net.der
Settings placed at: http://kablosuz.ankara.edu.tr/ubuntu14.php

Any little help will be appreciated... I am completely hopeless now...

(Last edited by routeraddict on 29 Dec 2014, 22:08)

Today I have noticed that, since my android phone is able to connect AP, why dont I copy it?

So I have seen my phone's "wpa_supplicant.conf" file and wrote exact same things to the routers conf file. And started wpa_supplicant with this conf file. Still no good news...

OpenWrt's wpa supplicant doesnt login to the ap, even the settings are come from a working android...

For the record, androids wpa_supplicant.conf file content is:

ctrl_interface=eth0
update_config=1
device_name=
manufacturer=
model_name=
model_number=
serial_number=
device_type=
config_methods=physical_display virtual_push_button keypad

network={
    ssid="AU WiFi Net"
    scan_ssid=1
    key_mgmt=WPA-EAP IEEE8021X
    eap=TTLS
    identity="xxxxxxxxxx@ankara.edu.tr"
    anonymous_identity="anonymous@ankara.edu.tr"
    password="xxxxxxxxxx"
    ca_cert="keystore://CACERT_au-wifi-net"
    phase2="auth=PAP"
}

So, alone I have gone a little more But (spoiler alert) still there is no success (yet). I am writing it down so maybe someone needs it.

I just learned some basic linux and I was able to stop other instances of wpa_supplicant and start a new one with a automatically generated wpa_supplicant-wlan0.conf file!!!

And a new error is in town

Now, EAP started to talk with me and AP. And it says:

Successfully initialized wpa_supplicant
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
wlan0: Trying to associate with XXXX (SSID='AU WiFi Net' freq=2437 MHz)
ioctl[SIOCSIWFREQ]: Device or resource busy
wlan0: Association request to the driver failed
wlan0: Associated with XXXX
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLSv1: Reject under 768-bit DH prime (insecure; only 512 bits)
wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan0: Authentication with XXXX timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=XXXX reason=3 locally_generated=1
wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="AU WiFi Net" auth_failures=1 duration=10 reason=AUTH_FAILED
wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="AU WiFi Net"
wlan0: Trying to associate with XXXX (SSID='AU WiFi Net' freq=2437 MHz)
ioctl[SIOCSIWFREQ]: Device or resource busy
wlan0: Association request to the driver failed
wlan0: Associated with XXXX
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLSv1: Reject under 768-bit DH prime (insecure; only 512 bits)
wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan0: Authentication with XXXX timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=XXXX reason=3 locally_generated=1
wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="AU WiFi Net" auth_failures=2 duration=23 reason=AUTH_FAILED
wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="AU WiFi Net" auth_failures=3 duration=46 reason=CONN_FAILED
^Z[12]+  Stopped           

Yes I know, it doesnt work yet but, I guess I started to like wpa_supplicant . Even if it was cool and doesnt talk to me any more

(Last edited by routeraddict on 31 Dec 2014, 01:31)

nope...

since no one ever mentioned "768 bit dh prime" error before,

http://www.google.com/search?q=%22rejec … h+prime%22

I dont have any idea about it. Bu I dont understand why wpa_supplicant acts different way. Im not a familiar with linux but if I m not wrong, there is an identical wpa supplicant app, but different os. So Android connects the AP within 1 second but openwrt... 1 month? I believe there is a bug and its way over me... I give up.

I have just lost my last hope...

(Last edited by routeraddict on 30 Dec 2014, 14:19)

It seems that this is a security patch that was introduced in hostapd/wpa_supplicant to make it safer.

Its introduced in http://w1.fi/cgit/hostap/commit/src/tls … 7048fa064d
(2014-03-16) - so earlier hostapd/wpa_supplicant/wpad versions should work

AA has an older version
BB does not

Thanks for the response, I will try if I can find an older version of it. Could you give me a link?

Thank you very very much....

I have spent almost a month to make it happen... Now it works like a charm. Without even touching to wpa_supplicant file or messing with terminal. Just set it from Luci (without even writing anonymous account) and forget it.

And now, I am writing from via my openwrt client router

---

Sat Dec 13 10:23:38 2014 daemon.notice netifd: Interface 'wwan' is enabled
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.880000] wlan0: authenticate with XXXX
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.890000] wlan0: send auth to XXXX (try 1/3)
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.900000] wlan0: authenticated
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.920000] wlan0: associate with XXXX (try 1/3)
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.920000] wlan0: RX AssocResp from XXXX (capab=0x431 status=0 aid=1)
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.930000] wlan0: associated
Sat Dec 13 10:23:39 2014 kern.info kernel: [  341.930000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Sat Dec 13 10:23:39 2014 daemon.notice netifd: Network device 'wlan0' link is up
Sat Dec 13 10:23:39 2014 daemon.notice netifd: Interface 'wwan' has link connectivity
Sat Dec 13 10:23:39 2014 daemon.notice netifd: Interface 'wwan' is setting up now
Sat Dec 13 10:23:40 2014 daemon.notice netifd: wwan (2471): udhcpc (v1.22.1) started
Sat Dec 13 10:23:40 2014 daemon.notice netifd: wwan (2471): Sending discover...
Sat Dec 13 10:23:40 2014 user.info syslog: module is already loaded - xt_multiport
Sat Dec 13 10:23:40 2014 kern.emerg already loaded - xt_multiport
Sat Dec 13 10:23:40 2014 user.info syslog: module is already loaded - xt_comment
Sat Dec 13 10:23:40 2014 kern.emerg already loaded - xt_comment
Sat Dec 13 10:23:40 2014 user.info syslog: module is already loaded - xt_length
Sat Dec 13 10:23:40 2014 kern.emerg already loaded - xt_length
Sat Dec 13 10:23:41 2014 daemon.notice netifd: wwan (2471): Sending select for YYYY...
Sat Dec 13 10:23:41 2014 daemon.notice netifd: wwan (2471): Lease of YYYY obtained, lease time 900
Sat Dec 13 10:23:41 2014 daemon.notice netifd: Interface 'wwan' is now up
Sat Dec 13 10:23:42 2014 user.notice firewall: Reloading firewall due to ifup of wwan (wlan0)
Sat Dec 13 10:23:44 2014 daemon.info dnsmasq[1676]: reading /tmp/resolv.conf.auto
Sat Dec 13 10:23:44 2014 daemon.info dnsmasq[1676]: using local addresses only for domain lan
Sat Dec 13 10:23:44 2014 daemon.info dnsmasq[1676]: using nameserver YYYY#53
Sat Dec 13 10:23:44 2014 daemon.info dnsmasq[1676]: using nameserver YYYY#53

---

So what about the fix. What I have made?

After a hard reset, I have uninstalled wpad-mini and downloaded wpa_supplicant package from openwrt download page. But this time with a little difference version from

https://downloads.openwrt.org/attitude_ … /packages/

this file:

wpa-supplicant_20120910-1_ar71xx.ipk

And installed via ssh (you need a little)

Thats all!

About this connection issue:
Even if It took my a lot of time (and hard bricking a few routers ) and make me learn some basic linux, I am happy now! Because my router is not only a door stopper any more. But there must be a config for this bit check issue. I have read all of example wpa_supplicant file but there is none! You cant set it from conf file. So new version of wpa supplicant and luci must have an option to disable bit check.

Anyway, thanks for your help zloop!

(Last edited by routeraddict on 31 Dec 2014, 01:29)

many many thanks to you man .....

I finally get my router TP-Link TL-WR1043ND v3 (Installed with stable Chaos Calmer 15.05.1 for TL-WR1043ND v2) works as client for WPA2-Enterprise.
Now I can connect my devices (ex. desktop) with the Ethernet ports of the router and they work like charms, but I was wondering if I can make the router repeat or extend the WPA2-Enterprise WiFi network that it is connected to. In other words, is it possible to make my wireless devices (ex. mobile) connect to the router the same way the Ethernet devices (desktop) do without losing the client connection to WPA2-Enterprise wireless network (sharing WPA2 connection for both ethernet ports and wireless BSSID you created)

Thanks to all of you guys...

I believe you can do this. But only problem is your router's wifi module. If it supports double SSID simultaneously, its a piece of cake for Openwrt I also used it that way.

Hi all, maybe someone can help,
try to do aoutorization via eap-peap mschap v2
have a log on devise, ip addres not reseive from ISP via WISP

Can you share how did you make it work?