summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2008-08-11 21:38:50 +0000
committerflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2008-08-11 21:38:50 +0000
commit17d1b91a9611b9278c926e82c9be938ade02d095 (patch)
tree0e07a06b6bdd91ee100de261794f84dba4d4a14e
parent05edc29f3ac3329563fee24d570d22fbaade4328 (diff)
Add 802.1x client configuration support and corresponding documentation (#2069)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12283 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--docs/wireless.tex33
-rwxr-xr-xpackage/madwifi/files/lib/wifi/madwifi.sh43
2 files changed, 74 insertions, 2 deletions
diff --git a/docs/wireless.tex b/docs/wireless.tex
index de764a312..675023385 100644
--- a/docs/wireless.tex
+++ b/docs/wireless.tex
@@ -272,6 +272,39 @@ config wifi-iface
option key "<psk for WDS>"
\end{Verbatim}
+\paragraph{802.1x configurations}
+
+OpenWrt supports both 802.1x client and Access Point
+configurations. 802.1x client is only working with
+Atheros or mac80211 drivers. Configuration only
+supports EAP types TLS, TTLS or PEAP.
+
+\subparagraph{EAP-TLS}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type tls
+ option ca_cert "/etc/config/certs/ca.crt"
+ option priv_key "/etc/config/certs/priv.crt"
+ option priv_key_pwd "PKCS#12 passphrase"
+\end{Verbatim}
+
+\subparagraph{EAP-PEAP}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type peap
+ option ca_cert "/etc/config/certs/ca.crt"
+ option auth MSCHAPV2
+ option identity username
+ option password password
+\end{Verbatim}
\paragraph{Limitations:}
diff --git a/package/madwifi/files/lib/wifi/madwifi.sh b/package/madwifi/files/lib/wifi/madwifi.sh
index d8a6d00ea..284c6609c 100755
--- a/package/madwifi/files/lib/wifi/madwifi.sh
+++ b/package/madwifi/files/lib/wifi/madwifi.sh
@@ -81,6 +81,7 @@ enable_atheros() {
nosbeacon=
config_get ifname "$vif" ifname
config_get enc "$vif" encryption
+ config_get eap_type "$vif" eap_type
config_get mode "$vif" mode
[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
@@ -301,8 +302,46 @@ network={
}
EOF
;;
- WPA|wpa|WPA2|wpa2)
- #add wpa_supplicant calls here
+ WPA|wpa|WPA2|wpa2i|8021x|8021X)
+ config_get ca_cert "$vif" ca_cert
+ eap_type=$(echo $eap_type | tr 'a-z' 'A-Z')
+ case "$eap_type" in
+ tls|TLS)
+ proto='proto=WPA2'
+ pairwise='pairwise=CCMP'
+ group='group=CCMP'
+ config_get priv_key "$vif" priv_key
+ config_get priv_key_pwd "$vif" priv_key_pwd
+ priv_key="private_key=\"$priv_key\""
+ priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
+ ;;
+ peap|PEAP|ttls|TTLS)
+ proto='proto=WPA2'
+ config_get auth "$vif" auth
+ config_get identity "$vif" identity
+ config_get password "$vif" password
+ phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
+ identity="identity=\"$identity\""
+ password="password=\"$password\""
+ ;;
+ esac
+ cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
+network={
+ scan_ssid=1
+ ssid="$ssid"
+ key_mgmt=WPA-EAP
+ $proto
+ $pairwise
+ $group
+ eap=$eap_type
+ ca_cert="$ca_cert"
+ $priv_key
+ $priv_key_pwd
+ $phase2
+ $identity
+ $password
+}
+EOF
;;
esac
[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf