B1300 Connecting to a WPA Enterprise Network

startung · August 11, 2018, 5:44am

Hi, I have a B1300 running firmware v2.264 and I’d like to connect it to my university’s network, but there is no option for WPA Enterprise security in LuCI.

Most guides for other routers suggest removing wpad-mini and installing wpad:
root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg remove wpad-mini
root@OpenWrt:~# opkg install wpad

… but this router doesn’t have wpad-mini and wpad isn’t available. Is it possible to connect this router to a WPA Enterprise secured wifi network?

Johnex · August 11, 2018, 11:18am

Might be just missing packages in the repository.

@kyson-lok can you see if wpad is in the b1300 repo?

kyson-lok · August 12, 2018, 6:06am

@hansome please confirm it.

hansome · August 13, 2018, 3:14am

qcawifi can support wpa enterprise as encryption, with the default builtin qca-wpa-supplicant and qca-hostap,
but currently have no web GUI to set them.
For wpa enterprise client, the following is a uci example for /etc/config/wireless
config wifi-iface ‘sta’
option device ‘wifi0’
option ifname ‘wlan-sta0’
option network ‘wwan’
option mode ‘sta’
option ssid ‘GL-MT300A-6b9’
option encryption ‘8021x’
option eap_type ‘peap’
option identity ‘test’
option password ‘goodlife’
encryption ‘8021x’ is for wpa enterprise.
You may check /lib/wifi/wpa_supplicant.sh and your radius server config for proper option.

startung · August 14, 2018, 9:57am

I have updated the config file as suggested, but it still won’t connect, eduroam is the relevant network

I have a machine running ubuntu connected directly to the network. This is an extract from that machines Network Manager config file:

[802-1x]
anonymous-identity=MyName
domain-suffix-match=rug.nl
eap=ttls;
identity=myemail@rug.nl
password=MyPassword
phase2-auth=mschapv2

… do these options need to be applied to the /etc/config/wireless file?

hansome · August 22, 2018, 10:47am

config wifi-iface ‘sta’
option device ‘wifi1’
option ifname ‘wlan-sta0’
option network ‘wwan’
option mode ‘sta’
option ssid ‘eduroam’
option encryption ‘8021x’
option eap_type ‘ttls’
option identity ‘myemail@rug.nl’
option password ‘MyPassword’
This should work.
I tested it ok with a default freeradius server setup from Docker Hub
Could you show me debug info of this command,

wpa_cli -p /var/run/wpa_supplicant-wlan-sta0 status

startung · August 22, 2018, 3:09pm

I clean installed the firmware, and appended the lines on to the end of the wireless file. It sees the network but does not get an IP

Here is the debug info requested:
root@GL-B1300:~# wpa_cli -p /var/run/wpa_supplicant-wlan-sta0 status
Selected interface ‘wlan-sta0’
bssid=70:df:2f:51:f3:af
freq=5320
ssid=eduroam
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
address=ea:95:6e:44:c0:d1
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=21 (EAP-TTLS)
eap_tls_version=TLSv1
EAP TLS cipher=ECDHE-RSA-AES256-SHA
tls_session_reused=0
EAP-TTLSv0 Phase2 method=MSCHAPV2
eap_session_id=159a5f6b5d3194481aac8c24e2fb3ee01baeef02d56c438f06134fed49719f99b8eff7405267be2ca9fa30a06fbf0ad173103c992b84a5422b9431709f0392cbb3
uuid=c29fba4f-3063-5d8f-9e54-036b7e412a66

… and a ping to test connectivity:
root@GL-B1300:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is unreachable

hansome · August 22, 2018, 3:22pm

Please show me the following info:

ip link show wlan-sta0
ifstatus wwan

startung · August 22, 2018, 5:19pm

root@GL-B1300:~# ip link show wlan-sta0
14: wlan-sta0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether ea:95:6e:44:c0:d1 brd ff:ff:ff:ff:ff:ff

root@GL-B1300:~# ifstatus wwan
Interface wwan not found

hansome · August 23, 2018, 3:01am

Got it.
Please add wwan section in network:

uci set network.wwan=interface
uci set network.wwan.proto='dhcp'
uci set network.wwan.ifname='wlan-sta0'
uci set network.wwan.metric='20'
uci commit network

startung · August 24, 2018, 8:43am

Almost there. It now connects an acquires an IP address, and I can ping from the terminal once I SSH to the router, but the router does not bridge the connection to the wifi network it broadcasts.

Here is the contents of my wireless file (with passwords changed).

config wifi-device ‘wifi0’
option type ‘qcawifi’
option channel ‘auto’
option macaddr ‘e4:95:6e:44:c0:d0’
option hwmode ‘11ng’
option htmode ‘HT20’

config wifi-iface
option device ‘wifi0’
option network ‘lan’
option mode ‘ap’
option blockdfschan ‘1’
option encryption ‘psk-mixed’
option wds ‘1’
option ifname ‘ath0’
option disablecoext ‘0’
option ssid ‘waaromfi2’
option key ‘mypassword’

config wifi-device ‘wifi1’
option type ‘qcawifi’
option channel ‘auto’
option macaddr ‘e4:95:6e:44:c0:d1’
option hwmode ‘11ac’
option disabled ‘0’
option htmode ‘HT80’

config wifi-iface
option device ‘wifi1’
option network ‘lan’
option mode ‘ap’
option blockdfschan ‘1’
option encryption ‘psk-mixed’
option ifname ‘ath1’
option ssid ‘waaromfi’
option key ‘mypassword’

config wifi-iface ‘sta’
option device ‘wifi1’
option ifname ‘wlan-sta0’
option network ‘wwan’
option mode ‘sta’
option ssid ‘eduroam’
option encryption ‘8021x’
option eap_type ‘ttls’
option identity ‘myid’
option password ‘anotherpassword’

hansome · August 24, 2018, 10:26am

Please use folloing command to add wwan to wan firewall zone:

uci set firewall.@zone[1].network='wan wan6 wwan'
uci commit firewall
/etc/init.d/network restart

startung · August 24, 2018, 5:53pm

It works! Thanks for all your help.