Earl,
Maybe you’re missing that part in your configuration:
vlan_file=/etc/config/hostapd.vlan
That file should contain:
* wlan0.#
To add that line in your configuration:
uci add_list wireless.@wifi-iface[0].vlan_file=/etc/config/hostapd.vlan
It will add the configuration on the first SSID [0].
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) ::
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>)
and PacketFence (http://packetfence.org <http://packetfence.org/>)
> Le 2015-05-21 à 14:18, Ludovic Zammit <[email protected]> a écrit :
>
> HEllo Earl,
>
> Can you post the result of this command from the OpenWRT:
>
> cat /var/run/hostapd-phy0.conf
>
> Thanks,
>
>
> Ludovic Zammit
> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) ::
> www.inverse.ca <http://www.inverse.ca/>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org
> <http://packetfence.org/>)
>
>
>
>
>
>> Le 2015-05-21 à 14:06, Earl Robinson <[email protected]
>> <mailto:[email protected]>> a écrit :
>>
>> Wow,
>>
>> That's got me so much closer. I now have RADIUS auth against packetfence
>> with open SSID working. Apparently dynamic vlans on an open SSID isn't
>> working yet on the devel (trunk v15 r46***) branch yet. Hopefully that will
>> be resolved before the next release.
>>
>> So I'm left with issues with the wireless client on vlan 11 (wlan0.11)
>> joining a new bridge breth0.11, instead of the existing br-vlan11 that I've
>> configured. I posted to the openwrt wiki:
>> https://forum.openwrt.org/viewtopic.php?id=53227
>> <https://forum.openwrt.org/viewtopic.php?id=53227>
>>
>> so hopefully they can help me get closer still.
>>
>> Thanks,
>> Earl
>>
>>
>> On Wed, May 20, 2015 at 4:21 PM, Earl Robinson <[email protected]
>> <mailto:[email protected]>> wrote:
>> Thanks,
>>
>> I'll try this out and see if it works better for me. I appreciate you
>> including the sample wireless config as well. I've had lots of trouble
>> figuring out which config directives should work on various versions of
>> OpenWRT.
>>
>> -earl
>>
>> On Wed, May 20, 2015 at 11:57 AM, Ludovic Zammit <[email protected]
>> <mailto:[email protected]>> wrote:
>> Earl,
>>
>> This is the /lib/netifd/hostapd.sh for 14.07 BB:
>>
>> hostapd_add_rate() {
>> local var="$1"
>> local val="$(($2 / 1000))"
>> local sub="$((($2 / 100) % 10))"
>> append $var "$val" ","
>> [ $sub -gt 0 ] && append $var "."
>> }
>>
>> hostapd_add_basic_rate() {
>> local var="$1"
>> local val="$(($2 / 100))"
>> append $var "$val" " "
>> }
>>
>> hostapd_append_wep_key() {
>> local var="$1"
>>
>> wep_keyidx=0
>> set_default key 1
>> case "$key" in
>> [1234])
>> for idx in 1 2 3 4; do
>> local zidx
>> zidx=$(($idx - 1))
>> json_get_var ckey "key${idx}"
>> [ -n "$ckey" ] && \
>> append $var
>> "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
>> done
>> wep_keyidx=$((key - 1))
>> ;;
>> *)
>> append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T"
>> ;;
>> esac
>> }
>>
>> hostapd_add_log_config() {
>> config_add_boolean \
>> log_80211 \
>> log_8021x \
>> log_radius \
>> log_wpa \
>> log_driver \
>> log_iapp \
>> log_mlme
>>
>> config_add_int log_level
>> }
>>
>> hostapd_common_add_device_config() {
>> config_add_array basic_rate
>>
>> config_add_string country
>> config_add_boolean country_ie doth
>> config_add_string require_mode
>>
>> hostapd_add_log_config
>> }
>>
>> hostapd_prepare_device_config() {
>> local config="$1"
>> local driver="$2"
>>
>> local base="${config%%.conf}"
>> local base_cfg=
>>
>> json_get_vars country country_ie beacon_int doth require_mode
>>
>> hostapd_set_log_options base_cfg
>>
>> set_default country_ie 1
>> set_default doth 1
>>
>> [ -n "$country" ] && {
>> append base_cfg "country_code=$country" "$N"
>>
>> [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
>> [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg
>> "ieee80211h=1" "$N"
>> }
>> [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N"
>>
>> local brlist= br
>> json_get_values basic_rate_list basic_rate
>> for br in $basic_rate_list; do
>> hostapd_add_basic_rate brlist "$br"
>> done
>> case "$require_mode" in
>> g) brlist="60 120 240" ;;
>> n) append base_cfg "require_ht=1" "$N";;
>> ac) append base_cfg "require_vht=1" "$N";;
>> esac
>> [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
>> [ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N"
>>
>> cat > "$config" <<EOF
>> driver=$driver
>> $base_cfg
>> EOF
>> }
>>
>> hostapd_common_add_bss_config() {
>> config_add_string 'bssid:macaddr' 'ssid:string'
>> config_add_boolean wds wmm hidden
>>
>> config_add_int maxassoc max_inactivity
>> config_add_boolean disassoc_low_ack isolate short_preamble
>>
>> config_add_int \
>> wep_rekey eap_reauth_period \
>> wpa_group_rekey wpa_pair_rekey wpa_master_rekey
>>
>> config_add_boolean rsn_preauth auth_cache
>> config_add_int ieee80211w
>>
>> config_add_string 'auth_server:host' 'server:host'
>> config_add_string auth_secret
>> config_add_int 'auth_port:port' 'port:port'
>>
>> config_add_string acct_server
>> config_add_string acct_secret
>> config_add_int acct_port
>>
>> config_add_string dae_client
>> config_add_string dae_secret
>> config_add_int dae_port
>>
>> config_add_string nasid
>> config_add_string ownip
>> config_add_string iapp_interface
>> config_add_string eap_type ca_cert client_cert identity auth priv_key
>> priv_key_pwd
>>
>> config_add_int dynamic_vlan vlan_naming
>> config_add_string vlan_tagged_interface
>>
>> config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey'
>> 'key4:wepkey' 'password:wpakey'
>>
>> config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
>> config_add_string wps_device_type wps_device_name wps_manufacturer
>> wps_pin
>>
>> config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
>>
>> config_add_string macfilter 'macfile:file'
>> config_add_array 'maclist:list(macaddr)'
>>
>> config_add_int mcast_rate
>> config_add_array basic_rate
>> }
>>
>> hostapd_set_bss_options() {
>> local var="$1"
>> local phy="$2"
>> local vif="$3"
>>
>> wireless_vif_parse_encryption
>>
>> local bss_conf
>> local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey
>>
>> json_get_vars \
>> wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
>> maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
>> wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
>> wps_device_type wps_device_name wps_manufacturer wps_pin \
>> macfilter ssid wmm hidden short_preamble rsn_preauth
>>
>> set_default isolate 0
>> set_default maxassoc 0
>> set_default max_inactivity 0
>> set_default short_preamble 1
>> set_default disassoc_low_ack 1
>> set_default hidden 0
>> set_default wmm 1
>>
>> append bss_conf "ctrl_interface=/var/run/hostapd"
>> if [ "$isolate" -gt 0 ]; then
>> append bss_conf "ap_isolate=$isolate" "$N"
>> fi
>> if [ "$maxassoc" -gt 0 ]; then
>> append bss_conf "max_num_sta=$maxassoc" "$N"
>> fi
>> if [ "$max_inactivity" -gt 0 ]; then
>> append bss_conf "ap_max_inactivity=$max_inactivity" "$N"
>> fi
>>
>> append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N"
>> append bss_conf "preamble=$short_preamble" "$N"
>> append bss_conf "wmm_enabled=$wmm" "$N"
>> append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
>>
>> [ "$wpa" -gt 0 ] && {
>> [ -n "$wpa_group_rekey" ] && append bss_conf
>> "wpa_group_rekey=$wpa_group_rekey" "$N"
>> [ -n "$wpa_pair_rekey" ] && append bss_conf
>> "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
>> [ -n "$wpa_master_rekey" ] && append bss_conf
>> "wpa_gmk_rekey=$wpa_master_rekey" "$N"
>> }
>>
>> case "$auth_type" in
>> none)
>> wps_possible=1
>> # Here we make the assumption that if we're in open mode
>> # with WPS enabled, we got to be in unconfigured state.
>> wps_not_configured=1
>> json_get_vars \
>> auth_server auth_secret auth_port \
>> acct_server acct_secret acct_port \
>> dae_client dae_secret dae_port \
>> nasid iapp_interface dynamic_vlan \
>> vlan_tagged_interface
>> # legacy compatibility
>> [ -n "$auth_server" ] || json_get_var auth_server server
>> [ -n "$auth_port" ] || json_get_var auth_port port
>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>
>> set_default auth_port 1812
>> set_default acct_port 1813
>>
>> set_default vlan_naming 1
>>
>> append bss_conf "auth_server_addr=$auth_server" "$N"
>> append bss_conf "auth_server_port=$auth_port" "$N"
>> append bss_conf
>> "auth_server_shared_secret=$auth_secret" "$N"
>> append bss_conf "vlan_file=/etc/config/hostapd.vlan"
>> "$N"
>> #Mac authentication
>> append bss_conf "macaddr_acl=2" "$N"
>> [ -n "$acct_server" ] && {
>> append bss_conf "acct_server_addr=$acct_server"
>> "$N"
>> append bss_conf "acct_server_port=$acct_port"
>> "$N"
>> [ -n "$acct_secret" ] && \
>> append bss_conf
>> "acct_server_shared_secret=$acct_secret" "$N"
>> }
>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>> append bss_conf "radius_das_port=$dae_port" "$N"
>> append bss_conf "radius_das_client=$dae_client
>> $dae_secret" "$N"
>> }
>>
>> append bss_conf "nas_identifier=$nasid" "$N"
>> [ -n "$dynamic_vlan" ] && {
>> append bss_conf "dynamic_vlan=$dynamic_vlan"
>> "$N"
>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>> [ -n "$vlan_tagged_interface" ] && \
>> append bss_conf
>> "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>> }
>> ;;
>> psk)
>> json_get_vars key
>> if [ ${#key} -lt 8 ]; then
>> wireless_setup_vif_failed INVALID_WPA_PSK
>> return 1
>> elif [ ${#key} -eq 64 ]; then
>> append bss_conf "wpa_psk=$key" "$N"
>> else
>> append bss_conf "wpa_passphrase=$key" "$N"
>> json_get_vars \
>> auth_server auth_secret auth_port \
>> acct_server acct_secret acct_port \
>> dae_client dae_secret dae_port \
>> nasid iapp_interface dynamic_vlan \
>> vlan_tagged_interface
>> # legacy compatibility
>> [ -n "$auth_server" ] || json_get_var auth_server server
>> [ -n "$auth_port" ] || json_get_var auth_port port
>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>
>> set_default auth_port 1812
>> set_default acct_port 1813
>>
>> set_default vlan_naming 1
>>
>> append bss_conf "auth_server_addr=$auth_server" "$N"
>> append bss_conf "auth_server_port=$auth_port" "$N"
>> append bss_conf
>> "auth_server_shared_secret=$auth_secret" "$N"
>> append bss_conf "vlan_file=/etc/config/hostapd.vlan"
>> "$N"
>> #Mac authentication
>> append bss_conf "macaddr_acl=2" "$N"
>> [ -n "$acct_server" ] && {
>> append bss_conf "acct_server_addr=$acct_server"
>> "$N"
>> append bss_conf "acct_server_port=$acct_port"
>> "$N"
>> [ -n "$acct_secret" ] && \
>> append bss_conf
>> "acct_server_shared_secret=$acct_secret" "$N"
>> }
>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>> append bss_conf "radius_das_port=$dae_port" "$N"
>> append bss_conf "radius_das_client=$dae_client
>> $dae_secret" "$N"
>> }
>>
>> append bss_conf "nas_identifier=$nasid" "$N"
>> [ -n "$dynamic_vlan" ] && {
>> append bss_conf "dynamic_vlan=$dynamic_vlan"
>> "$N"
>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>> [ -n "$vlan_tagged_interface" ] && \
>> append bss_conf
>> "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>> }
>>
>> fi
>> wps_possible=1
>> ;;
>> eap)
>> json_get_vars \
>> auth_server auth_secret auth_port \
>> acct_server acct_secret acct_port \
>> dae_client dae_secret dae_port \
>> nasid iapp_interface ownip \
>> eap_reauth_period dynamic_vlan \
>> vlan_tagged_interface
>>
>> # legacy compatibility
>> [ -n "$auth_server" ] || json_get_var auth_server server
>> [ -n "$auth_port" ] || json_get_var auth_port port
>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>
>> set_default auth_port 1812
>> set_default acct_port 1813
>> set_default dae_port 3799
>>
>> set_default vlan_naming 1
>>
>> append bss_conf "auth_server_addr=$auth_server" "$N"
>> append bss_conf "auth_server_port=$auth_port" "$N"
>> append bss_conf
>> "auth_server_shared_secret=$auth_secret" "$N"
>> append bss_conf "vlan_file=/etc/config/hostapd.vlan"
>> "$N"
>>
>> [ -n "$acct_server" ] && {
>> append bss_conf "acct_server_addr=$acct_server"
>> "$N"
>> append bss_conf "acct_server_port=$acct_port"
>> "$N"
>> [ -n "$acct_secret" ] && \
>> append bss_conf
>> "acct_server_shared_secret=$acct_secret" "$N"
>> }
>>
>> [ -n "$eap_reauth_period" ] && append bss_conf
>> "eap_reauth_period=$eap_reauth_period" "$N"
>>
>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>> append bss_conf "radius_das_port=$dae_port" "$N"
>> append bss_conf "radius_das_client=$dae_client
>> $dae_secret" "$N"
>> }
>>
>> append bss_conf "nas_identifier=$nasid" "$N"
>> [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip"
>> "$N"
>> append bss_conf "eapol_key_index_workaround=1" "$N"
>> append bss_conf "ieee8021x=1" "$N"
>> append bss_conf "wpa_key_mgmt=WPA-EAP" "$N"
>>
>> [ -n "$dynamic_vlan" ] && {
>> append bss_conf "dynamic_vlan=$dynamic_vlan"
>> "$N"
>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>> [ -n "$vlan_tagged_interface" ] && \
>> append bss_conf
>> "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>> }
>> ;;
>> wep)
>> local wep_keyidx=0
>> json_get_vars key
>> hostapd_append_wep_key bss_conf
>> append bss_conf "wep_default_key=$wep_keyidx" "$N"
>> [ -n "$wep_rekey" ] && append bss_conf
>> "wep_rekey_period=$wep_rekey" "$N"
>> ;;
>> esac
>>
>> local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open))
>> append bss_conf "auth_algs=${auth_algs:-1}" "$N"
>> append bss_conf "wpa=$wpa" "$N"
>> [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise"
>> "$N"
>>
>> set_default wps_pushbutton 0
>> set_default wps_label 0
>> set_default wps_pbc_in_m1 0
>>
>> config_methods=
>> [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button
>> [ "$wps_label" -gt 0 ] && append config_methods label
>>
>> [ -n "$wps_possible" -a -n "$config_methods" ] && {
>> set_default ext_registrar 0
>> set_default wps_device_type "6-0050F204-1"
>> set_default wps_device_name "OpenWrt AP"
>> set_default wps_manufacturer "openwrt.org <http://openwrt.org/>"
>>
>> wps_state=2
>> [ -n "$wps_configured" ] && wps_state=1
>>
>> [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append
>> bss_conf "upnp_iface=$network_bridge" "$N"
>>
>> append bss_conf "eap_server=1" "$N"
>> [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
>> append bss_conf "wps_state=$wps_state" "$N"
>> append bss_conf "ap_setup_locked=0" "$N"
>> append bss_conf "device_type=$wps_device_type" "$N"
>> append bss_conf "device_name=$wps_device_name" "$N"
>> append bss_conf "manufacturer=$wps_manufacturer" "$N"
>> append bss_conf "config_methods=$config_methods" "$N"
>> [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf
>> "pbc_in_m1=$wps_pbc_in_m1" "$N"
>> }
>>
>> append bss_conf "ssid=$ssid" "$N"
>> [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge"
>> "$N"
>> [ -n "$iapp_interface" ] && {
>> iapp_interface="$(uci_get_state network "$iapp_interface"
>> ifname "$iapp_interface")"
>> [ -n "$iapp_interface" ] && append bss_conf
>> "iapp_interface=$iapp_interface" "$N"
>> }
>>
>> if [ "$wpa" -ge "2" ]; then
>> if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
>> set_default auth_cache 1
>> append bss_conf "rsn_preauth=1" "$N"
>> append bss_conf
>> "rsn_preauth_interfaces=$network_bridge" "$N"
>> else
>> set_default auth_cache 1
>> append bss_conf "rsn_preauth=1" "$N"
>> append bss_conf
>> "rsn_preauth_interfaces=$network_bridge" "$N"
>> fi
>>
>> append bss_conf "okc=$auth_cache" "$N"
>> [ "$auth_cache" = 0 ] && append bss_conf
>> "disable_pmksa_caching=1" "$N"
>>
>> # RSN -> allow management frame protection
>> json_get_var ieee80211w ieee80211w
>> case "$ieee80211w" in
>> [012])
>> json_get_vars ieee80211w_max_timeout
>> ieee80211w_retry_timeout
>> append bss_conf "ieee80211w=$ieee80211w" "$N"
>> [ "$ieee80211w" -gt "0" ] && {
>> [ -n "$ieee80211w_max_timeout" ] && \
>> append bss_conf
>> "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
>> [ -n "$ieee80211w_retry_timeout" ] && \
>> append bss_conf
>> "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
>> }
>> ;;
>> esac
>> fi
>>
>> _macfile="/var/run/hostapd-$ifname.maclist"
>> case "$macfilter" in
>> allow)
>> append bss_conf "macaddr_acl=1" "$N"
>> append bss_conf "accept_mac_file=$_macfile" "$N"
>> ;;
>> deny)
>> append bss_conf "macaddr_acl=0" "$N"
>> append bss_conf "deny_mac_file=$_macfile" "$N"
>> ;;
>> *)
>> _macfile=""
>> ;;
>> esac
>>
>> [ -n "$_macfile" ] && {
>> json_get_vars macfile
>> json_get_values maclist maclist
>>
>> rm -f "$_macfile"
>> (
>> for mac in $maclist; do
>> echo "$mac"
>> done
>> [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile"
>> ) > "$_macfile"
>> }
>>
>> append "$var" "$bss_conf" "$N"
>> return 0
>> }
>>
>> hostapd_set_log_options() {
>> local var="$1"
>>
>> local log_level log_80211 log_8021x log_radius log_wpa log_driver
>> log_iapp log_mlme
>> json_get_vars log_level log_80211 log_8021x log_radius log_wpa
>> log_driver log_iapp log_mlme
>>
>> set_default log_level 1
>> set_default log_80211 1
>> set_default log_8021x 1
>> set_default log_radius 1
>> set_default log_wpa 1
>> set_default log_driver 1
>> set_default log_iapp 1
>> set_default log_mlme 1
>>
>> local log_mask=$(( \
>> ($log_80211 << 0) | \
>> ($log_8021x << 1) | \
>> ($log_radius << 2) | \
>> ($log_wpa << 3) | \
>> ($log_driver << 4) | \
>> ($log_iapp << 5) | \
>> ($log_mlme << 6) \
>> ))
>>
>> append "$var" "logger_syslog=$log_mask" "$N"
>> append "$var" "logger_syslog_level=$log_level" "$N"
>> append "$var" "logger_stdout=$log_mask" "$N"
>> append "$var" "logger_stdout_level=$log_level" "$N"
>>
>> return 0
>> }
>>
>> _wpa_supplicant_common() {
>> local ifname="$1"
>>
>> _rpath="/var/run/wpa_supplicant"
>> _config="${_rpath}-$ifname.conf"
>> }
>>
>> wpa_supplicant_teardown_interface() {
>> _wpa_supplicant_common "$1"
>> rm -rf "$_rpath/$1" "$_config"
>> }
>>
>> wpa_supplicant_prepare_interface() {
>> local ifname="$1"
>> _w_driver="$2"
>>
>> _wpa_supplicant_common "$1"
>>
>> json_get_vars mode wds
>>
>> [ -n "$network_bridge" ] && {
>> fail=
>> case "$mode" in
>> adhoc)
>> fail=1
>> ;;
>> sta)
>> [ "$wds" = 1 ] || fail=1
>> ;;
>> esac
>>
>> [ -n "$fail" ] && {
>> wireless_setup_vif_failed BRIDGE_NOT_ALLOWED
>> return 1
>> }
>> }
>>
>> local ap_scan=
>>
>> _w_mode="$mode"
>> _w_modestr=
>>
>> [[ "$mode" = adhoc ]] && {
>> ap_scan="ap_scan=2"
>>
>> _w_modestr="mode=1"
>> }
>>
>> wpa_supplicant_teardown_interface "$ifname"
>> cat > "$_config" <<EOF
>> $ap_scan
>> EOF
>> return 0
>> }
>>
>> wpa_supplicant_add_network() {
>> local ifname="$1"
>>
>> _wpa_supplicant_common "$1"
>> wireless_vif_parse_encryption
>>
>> json_get_vars \
>> ssid bssid key \
>> basic_rate mcast_rate \
>> ieee80211w
>>
>> local key_mgmt='NONE'
>> local enc_str=
>> local network_data=
>> local T=" "
>>
>> local wpa_key_mgmt="WPA-PSK"
>> local scan_ssid="1"
>> local freq
>>
>> [[ "$_w_mode" = "adhoc" ]] && {
>> append network_data "mode=1" "$N$T"
>> [ -n "$channel" ] && {
>> freq="$(get_freq "$phy" "$channel")"
>> append network_data "fixed_freq=1" "$N$T"
>> append network_data "frequency=$freq" "$N$T"
>> }
>>
>> scan_ssid=0
>>
>> [ "$_w_driver" = "nl80211" ] || wpa_key_mgmt="WPA-NONE"
>> }
>>
>> [[ "$_w_mode" = adhoc ]] && append network_data "$_w_modestr" "$N$T"
>>
>> case "$auth_type" in
>> none) ;;
>> wep)
>> local wep_keyidx=0
>> hostapd_append_wep_key network_data
>> append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
>> ;;
>> psk)
>> local passphrase
>>
>> key_mgmt="$wpa_key_mgmt"
>> if [ ${#key} -eq 64 ]; then
>> passphrase="psk=${key}"
>> else
>> passphrase="psk=\"${key}\""
>> fi
>> append network_data "$passphrase" "$N$T"
>> ;;
>> eap)
>> key_mgmt='WPA-EAP'
>>
>> json_get_vars eap_type identity ca_cert
>> [ -n "$ca_cert" ] && append network_data
>> "ca_cert=\"$ca_cert\"" "$N$T"
>> [ -n "$identity" ] && append network_data
>> "identity=\"$identity\"" "$N$T"
>> case "$eap_type" in
>> tls)
>> json_get_vars client_cert priv_key
>> priv_key_pwd
>> append network_data
>> "client_cert=\"$client_cert\"" "$N$T"
>> append network_data
>> "private_key=\"$priv_key\"" "$N$T"
>> append network_data
>> "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
>> ;;
>> peap|ttls)
>> json_get_vars auth password
>> set_default auth MSCHAPV2
>> append network_data "phase2=\"$auth\""
>> "$N$T"
>> append network_data
>> "password=\"$password\"" "$N$T"
>> ;;
>> esac
>> append network_data "eap=$(echo $eap_type | tr 'a-z'
>> 'A-Z')" "$N$T"
>> ;;
>> esac
>>
>> case "$wpa" in
>> 1)
>> append network_data "proto=WPA" "$N$T"
>> ;;
>> 2)
>> append network_data "proto=RSN" "$N$T"
>> ;;
>> esac
>>
>> case "$ieee80211w" in
>> [012])
>> [ "$wpa" -ge 2 ] && append network_data
>> "ieee80211w=$ieee80211w" "$N$T"
>> ;;
>> esac
>>
>> local beacon_int brates mrate
>> [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T"
>> [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int"
>> "$N$T"
>>
>>
>> [ -n "$basic_rate" ] && {
>> local br rate_list=
>> for br in $basic_rate; do
>> hostapd_add_rate rate_list "$br"
>> done
>> [ -n "$rate_list" ] && append network_data "rates=$rate_list"
>> "$N$T"
>> }
>>
>> [ -n "$mcast_rate" ] && {
>> local mc_rate=
>> hostapd_add_rate mc_rate "$mcast_rate"
>> append network_data "mcast_rate=$mc_rate" "$N$T"
>> }
>>
>> local ht_str
>> [ -n "$ht" ] && append network_data "htmode=$ht" "$N$T"
>>
>> cat >> "$_config" <<EOF
>> network={
>> scan_ssid=$scan_ssid
>> ssid="$ssid"
>> key_mgmt=$key_mgmt
>> $network_data
>> }
>> EOF
>> return 0
>> }
>>
>> wpa_supplicant_run() {
>> local ifname="$1"; shift
>>
>> _wpa_supplicant_common "$ifname"
>>
>> /usr/sbin/wpa_supplicant -B \
>> ${network_bridge:+-b $network_bridge} \
>> -P "/var/run/wpa_supplicant-${ifname}.pid" \
>> -D ${_w_driver:-wext} \
>> -i "$ifname" \
>> -c "$_config" \
>> -C "$_rpath" \
>> "$@"
>>
>> ret="$?"
>> wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")"
>> /usr/sbin/wpa_supplicant 1
>>
>> [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
>>
>> return $ret
>> }
>>
>> hostapd_common_cleanup() {
>> killall hostapd wpa_supplicant meshd-nl80211
>> }
>>
>> /etc/config/wireless
>>
>> config wifi-device 'radio0'
>> option type 'mac80211'
>> option path 'pci0000:00/0000:00:00.0'
>> option htmode 'HT20'
>> option hwmode '11ng'
>> list ht_capab 'SHORT-GI-40'
>> list ht_capab 'TX-STBC'
>> list ht_capab 'RX-STBC1'
>> list ht_capab 'DSSS_CCK-40'
>> option txpower '27'
>> option country 'US'
>>
>> config wifi-iface
>> option device 'radio0'
>> option mode 'ap'
>> option ssid 'Test'
>> option network 'lan'
>> option encryption ’none'
>> option auth_server ‘172.X.X.X'
>> option auth_port '1812'
>> option auth_secret 'secret'
>> option acct_server ‘172.X.X.X'
>> option acct_port '1812'
>> option acct_secret 'secret'
>> option dynamic_vlan '2'
>> option vlan_file '/etc/config/hostapd.vlan'
>> option vlan_tagged_interface 'eth0'
>> option dae_secret 'secret'
>> option dae_client ‘172.X.X.X'
>> option macfilter '2'
>> option dae_port '3799'
>> option nasid ‘Ubiquiti’
>>
>>
>> You will need the wpad package and hostapd
>>
>> Thanks,
>>
>> Ludovic Zammit
>> [email protected] <mailto:[email protected]> :: +1.514.447.4918
>> <tel:%2B1.514.447.4918> (x145) :: www.inverse.ca <http://www.inverse.ca/>
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org
>> <http://packetfence.org/>)
>>
>>
>>
>>
>>
>>> Le 2015-05-20 à 11:46, Earl Robinson <[email protected]
>>> <mailto:[email protected]>> a écrit :
>>>
>>> Thanks Chris,
>>>
>>> I tried with the current stable release ,14.07 (barrier breaker), a few
>>> weeks ago and I was having problems with getting drivers for 5ghz wifi
>>> working. I'm assuming the driver situation with 12.09 (attitude adjustment)
>>> is even worse since that release is 18 months older.
>>>
>>> I've got a spare 2.4ghz router I can try with 14.07. There seems to be a
>>> lot of changes to the code for dynamic vlans between 14.07 and trunk (16.?)
>>> so I was hoping there's some config magic that hasn't made it to the docs
>>> yet that will resolve the issues I've had.
>>>
>>> I'll followup on this list on how my testing goes.
>>>
>>> -earl
>>>
>>> On Tue, May 19, 2015 at 1:33 PM, Chris Abel <[email protected]
>>> <mailto:[email protected]>> wrote:
>>> Make sure to use OpenWRT 12.09 Attitude Adjustment.
>>>
>>> On Tue, May 19, 2015 at 1:26 PM, Earl Robinson <[email protected]
>>> <mailto:[email protected]>> wrote:
>>> Hey Ludovic,
>>>
>>> I'm running on a TP-Link Archer C7 v2 and a TP-Link TL-WDR4300 v1. I have
>>> hostapd and hostapd-common installed. If I try to install wpad i get the
>>> error:
>>> root@OpenWRT:~# opkg install wpad
>>> Installing wpad (2015-03-25-1) to root...
>>> Downloading
>>> http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/wpad_2015-03-25-1_ar71xx.ipk
>>>
>>> <http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/wpad_2015-03-25-1_ar71xx.ipk>.
>>> Collected errors:
>>> * check_data_file_clashes: Package wpad wants to install file
>>> /usr/sbin/hostapd
>>> But that file is already provided by package * hostapd
>>> * opkg_install_cmd: Cannot install package wpad.
>>>
>>> -earl
>>>
>>> On Tue, May 19, 2015 at 10:53 AM, Ludovic Zammit <[email protected]
>>> <mailto:[email protected]>> wrote:
>>> Hello Earl,
>>>
>>> With which equipment you are using the OpenWRT ?
>>>
>>> The radius part is handle by Hostapd and wpad so make sure that these two
>>> packages are installed ( hostap-common + wpad ).
>>>
>>> Thanks,
>>> Ludovic Zammit
>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918
>>> <tel:%2B1.514.447.4918> (x145) :: www.inverse.ca <http://www.inverse.ca/>
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org
>>> <http://packetfence.org/>)
>>>
>>>
>>>
>>>
>>>
>>>> Le 2015-05-18 à 16:18, Earl Robinson <[email protected]
>>>> <mailto:[email protected]>> a écrit :
>>>>
>>>> I've been working to get PacketFence (v5.0.1) working with OpenWRT (devel
>>>> v15 r46557).
>>>>
>>>> My end goal is to have PacketFence controlling the OpenWRT AP in VLAN
>>>> mode, using dynamic VLAN assignment. I've followed the PF Device
>>>> configuration guide and the administration guide, the new ZEN out-of-band
>>>> quick guide. I've used various docs to sett up the OpenWRT AP including
>>>> this one:
>>>> http://wiki.openwrt.org/doc/howto/wireless.security.8021x
>>>> <http://wiki.openwrt.org/doc/howto/wireless.security.8021x>
>>>>
>>>> I've been able to get a cisco 3560 switch working great. When I connect a
>>>> device, the cisco switch automatically send a RADIUS auth request to the
>>>> pf server using the device mac address (mab). And when I auth to the pf
>>>> server via the web, my VLAN is reassigned properly.
>>>>
>>>> With the same client devices, I can connect to an open SSID on the AP, but
>>>> then get no RADIUS traffic (dynamic VLANs and nab doesn't work with an
>>>> open SSID?). So I have to set the SSID to WPA2, and then I get an 802.1x
>>>> auth prompt on the client, which generates a RADIUS request back to pf.
>>>>
>>>> There's a thread on the openwrt list from 2013-2014:
>>>> https://forum.openwrt.org/viewtopic.php?id=44968
>>>> <https://forum.openwrt.org/viewtopic.php?id=44968>
>>>> which seems to show Fabrice was able to implement what I want with earlier
>>>> versions of OpenWRT, but with heavy mods. The current devel version is
>>>> supposed to work without any special mods.
>>>>
>>>> Has anybody been able to get this working recently, and if so have any
>>>> guidance? At this point I believe my problem lies on the OpenWRT side, but
>>>> I figure somebody on this list is likely to know the fix.
>>>>
>>>> Thanks,
>>>> Earl
>>>> ------------------------------------------------------------------------------
>>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>> Performance metrics, stats and reports that give you Actionable Insights
>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>>>
>>>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________>
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> <mailto:[email protected]>
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>>
>>>
>>> --
>>> Chris Abel
>>> Systems and Network Administrator
>>> Wildwood Programs
>>> 2995 Curry Road Extension
>>> Schenectady, NY 12303
>>> 518-836-2341 <tel:518-836-2341>
>>>
>>> IMPORTANT NOTICE: This message and any attachments are solely for the
>>> intended recipient and may contain confidential information, which is, or
>>> may be, legally privileged or otherwise protected by law from further
>>> disclosure. If you are not the intended recipient, any disclosure, copying,
>>> use, or distribution of the information included in this email and any
>>> attachments is prohibited. If you have received this communication in
>>> error, please notify the sender by reply email and immediately and
>>> permanently delete this email and any attachments.
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>>
>>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________>
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>
>> <http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________>
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
