nope, I've got /etc/config/hostapd.vlan
# cat /etc/config/hostapd.vlan
* wlan0.#
On Thu, May 21, 2015 at 2:23 PM, Ludovic Zammit <[email protected]> wrote:
> Earl,
>
> Maybe you’re missing that part in your configuration:
>
> vlan_file=/etc/config/hostapd.vlan
>
> That file should contain:
>
> * wlan0.#
>
> To add that line in your configuration:
>
> uci add_list wireless.@wifi-iface[0].vlan_file=/etc/config/hostapd.vlan
>
> It will add the configuration on the first SSID [0].
>
> Thanks,
>
> Ludovic [email protected] <[email protected]> :: +1.514.447.4918
> (x145) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
>
>
>
> Le 2015-05-21 à 14:18, Ludovic Zammit <[email protected]> a écrit :
>
> HEllo Earl,
>
> Can you post the result of this command from the OpenWRT:
>
> cat /var/run/hostapd-phy0.conf
>
> Thanks,
>
>
> Ludovic [email protected] <[email protected]> :: +1.514.447.4918
> (x145) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
>
>
>
> Le 2015-05-21 à 14:06, Earl Robinson <[email protected]> a écrit :
>
> Wow,
>
> That's got me so much closer. I now have RADIUS auth against packetfence
> with open SSID working. Apparently dynamic vlans on an open SSID isn't
> working yet on the devel (trunk v15 r46***) branch yet. Hopefully that will
> be resolved before the next release.
>
> So I'm left with issues with the wireless client on vlan 11 (wlan0.11)
> joining a new bridge breth0.11, instead of the existing br-vlan11 that I've
> configured. I posted to the openwrt wiki:
> https://forum.openwrt.org/viewtopic.php?id=53227
>
> so hopefully they can help me get closer still.
>
> Thanks,
> Earl
>
>
> On Wed, May 20, 2015 at 4:21 PM, Earl Robinson <[email protected]> wrote:
>
>> Thanks,
>>
>> I'll try this out and see if it works better for me. I appreciate you
>> including the sample wireless config as well. I've had lots of trouble
>> figuring out which config directives should work on various versions of
>> OpenWRT.
>>
>> -earl
>>
>> On Wed, May 20, 2015 at 11:57 AM, Ludovic Zammit <[email protected]>
>> wrote:
>>
>>> Earl,
>>>
>>> This is the /lib/netifd/hostapd.sh for 14.07 BB:
>>>
>>> hostapd_add_rate() {
>>> local var="$1"
>>> local val="$(($2 / 1000))"
>>> local sub="$((($2 / 100) % 10))"
>>> append $var "$val" ","
>>> [ $sub -gt 0 ] && append $var "."
>>> }
>>>
>>> hostapd_add_basic_rate() {
>>> local var="$1"
>>> local val="$(($2 / 100))"
>>> append $var "$val" " "
>>> }
>>>
>>> hostapd_append_wep_key() {
>>> local var="$1"
>>>
>>> wep_keyidx=0
>>> set_default key 1
>>> case "$key" in
>>> [1234])
>>> for idx in 1 2 3 4; do
>>> local zidx
>>> zidx=$(($idx - 1))
>>> json_get_var ckey "key${idx}"
>>> [ -n "$ckey" ] && \
>>> append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
>>> done
>>> wep_keyidx=$((key - 1))
>>> ;;
>>> *)
>>> append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T"
>>> ;;
>>> esac
>>> }
>>>
>>> hostapd_add_log_config() {
>>> config_add_boolean \
>>> log_80211 \
>>> log_8021x \
>>> log_radius \
>>> log_wpa \
>>> log_driver \
>>> log_iapp \
>>> log_mlme
>>>
>>> config_add_int log_level
>>> }
>>>
>>> hostapd_common_add_device_config() {
>>> config_add_array basic_rate
>>>
>>> config_add_string country
>>> config_add_boolean country_ie doth
>>> config_add_string require_mode
>>>
>>> hostapd_add_log_config
>>> }
>>>
>>> hostapd_prepare_device_config() {
>>> local config="$1"
>>> local driver="$2"
>>>
>>> local base="${config%%.conf}"
>>> local base_cfg=
>>>
>>> json_get_vars country country_ie beacon_int doth require_mode
>>>
>>> hostapd_set_log_options base_cfg
>>>
>>> set_default country_ie 1
>>> set_default doth 1
>>>
>>> [ -n "$country" ] && {
>>> append base_cfg "country_code=$country" "$N"
>>>
>>> [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
>>> [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1"
>>> "$N"
>>> }
>>> [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N"
>>>
>>> local brlist= br
>>> json_get_values basic_rate_list basic_rate
>>> for br in $basic_rate_list; do
>>> hostapd_add_basic_rate brlist "$br"
>>> done
>>> case "$require_mode" in
>>> g) brlist="60 120 240" ;;
>>> n) append base_cfg "require_ht=1" "$N";;
>>> ac) append base_cfg "require_vht=1" "$N";;
>>> esac
>>> [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
>>> [ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N"
>>>
>>> cat > "$config" <<EOF
>>> driver=$driver
>>> $base_cfg
>>> EOF
>>> }
>>>
>>> hostapd_common_add_bss_config() {
>>> config_add_string 'bssid:macaddr' 'ssid:string'
>>> config_add_boolean wds wmm hidden
>>>
>>> config_add_int maxassoc max_inactivity
>>> config_add_boolean disassoc_low_ack isolate short_preamble
>>>
>>> config_add_int \
>>> wep_rekey eap_reauth_period \
>>> wpa_group_rekey wpa_pair_rekey wpa_master_rekey
>>>
>>> config_add_boolean rsn_preauth auth_cache
>>> config_add_int ieee80211w
>>>
>>> config_add_string 'auth_server:host' 'server:host'
>>> config_add_string auth_secret
>>> config_add_int 'auth_port:port' 'port:port'
>>>
>>> config_add_string acct_server
>>> config_add_string acct_secret
>>> config_add_int acct_port
>>>
>>> config_add_string dae_client
>>> config_add_string dae_secret
>>> config_add_int dae_port
>>>
>>> config_add_string nasid
>>> config_add_string ownip
>>> config_add_string iapp_interface
>>> config_add_string eap_type ca_cert client_cert identity auth priv_key
>>> priv_key_pwd
>>>
>>> config_add_int dynamic_vlan vlan_naming
>>> config_add_string vlan_tagged_interface
>>>
>>> config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey'
>>> 'key4:wepkey' 'password:wpakey'
>>>
>>> config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
>>> config_add_string wps_device_type wps_device_name wps_manufacturer
>>> wps_pin
>>>
>>> config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
>>>
>>> config_add_string macfilter 'macfile:file'
>>> config_add_array 'maclist:list(macaddr)'
>>>
>>> config_add_int mcast_rate
>>> config_add_array basic_rate
>>> }
>>>
>>> hostapd_set_bss_options() {
>>> local var="$1"
>>> local phy="$2"
>>> local vif="$3"
>>>
>>> wireless_vif_parse_encryption
>>>
>>> local bss_conf
>>> local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey
>>>
>>> json_get_vars \
>>> wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
>>> maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
>>> wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
>>> wps_device_type wps_device_name wps_manufacturer wps_pin \
>>> macfilter ssid wmm hidden short_preamble rsn_preauth
>>>
>>> set_default isolate 0
>>> set_default maxassoc 0
>>> set_default max_inactivity 0
>>> set_default short_preamble 1
>>> set_default disassoc_low_ack 1
>>> set_default hidden 0
>>> set_default wmm 1
>>>
>>> append bss_conf "ctrl_interface=/var/run/hostapd"
>>> if [ "$isolate" -gt 0 ]; then
>>> append bss_conf "ap_isolate=$isolate" "$N"
>>> fi
>>> if [ "$maxassoc" -gt 0 ]; then
>>> append bss_conf "max_num_sta=$maxassoc" "$N"
>>> fi
>>> if [ "$max_inactivity" -gt 0 ]; then
>>> append bss_conf "ap_max_inactivity=$max_inactivity" "$N"
>>> fi
>>>
>>> append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N"
>>> append bss_conf "preamble=$short_preamble" "$N"
>>> append bss_conf "wmm_enabled=$wmm" "$N"
>>> append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
>>>
>>> [ "$wpa" -gt 0 ] && {
>>> [ -n "$wpa_group_rekey" ] && append bss_conf
>>> "wpa_group_rekey=$wpa_group_rekey" "$N"
>>> [ -n "$wpa_pair_rekey" ] && append bss_conf
>>> "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
>>> [ -n "$wpa_master_rekey" ] && append bss_conf
>>> "wpa_gmk_rekey=$wpa_master_rekey" "$N"
>>> }
>>>
>>> case "$auth_type" in
>>> none)
>>> wps_possible=1
>>> # Here we make the assumption that if we're in open mode
>>> # with WPS enabled, we got to be in unconfigured state.
>>> wps_not_configured=1
>>> json_get_vars \
>>> auth_server auth_secret auth_port \
>>> acct_server acct_secret acct_port \
>>> dae_client dae_secret dae_port \
>>> nasid iapp_interface dynamic_vlan \
>>> vlan_tagged_interface
>>> # legacy compatibility
>>> [ -n "$auth_server" ] || json_get_var auth_server server
>>> [ -n "$auth_port" ] || json_get_var auth_port port
>>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>>
>>> set_default auth_port 1812
>>> set_default acct_port 1813
>>>
>>> set_default vlan_naming 1
>>>
>>> append bss_conf "auth_server_addr=$auth_server" "$N"
>>> append bss_conf "auth_server_port=$auth_port" "$N"
>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N"
>>> #Mac authentication
>>> append bss_conf "macaddr_acl=2" "$N"
>>> [ -n "$acct_server" ] && {
>>> append bss_conf "acct_server_addr=$acct_server" "$N"
>>> append bss_conf "acct_server_port=$acct_port" "$N"
>>> [ -n "$acct_secret" ] && \
>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
>>> }
>>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>>> append bss_conf "radius_das_port=$dae_port" "$N"
>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
>>> }
>>>
>>> append bss_conf "nas_identifier=$nasid" "$N"
>>> [ -n "$dynamic_vlan" ] && {
>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
>>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>>> [ -n "$vlan_tagged_interface" ] && \
>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>>> }
>>> ;;
>>> psk)
>>> json_get_vars key
>>> if [ ${#key} -lt 8 ]; then
>>> wireless_setup_vif_failed INVALID_WPA_PSK
>>> return 1
>>> elif [ ${#key} -eq 64 ]; then
>>> append bss_conf "wpa_psk=$key" "$N"
>>> else
>>> append bss_conf "wpa_passphrase=$key" "$N"
>>> json_get_vars \
>>> auth_server auth_secret auth_port \
>>> acct_server acct_secret acct_port \
>>> dae_client dae_secret dae_port \
>>> nasid iapp_interface dynamic_vlan \
>>> vlan_tagged_interface
>>> # legacy compatibility
>>> [ -n "$auth_server" ] || json_get_var auth_server server
>>> [ -n "$auth_port" ] || json_get_var auth_port port
>>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>>
>>> set_default auth_port 1812
>>> set_default acct_port 1813
>>>
>>> set_default vlan_naming 1
>>>
>>> append bss_conf "auth_server_addr=$auth_server" "$N"
>>> append bss_conf "auth_server_port=$auth_port" "$N"
>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N"
>>> #Mac authentication
>>> append bss_conf "macaddr_acl=2" "$N"
>>> [ -n "$acct_server" ] && {
>>> append bss_conf "acct_server_addr=$acct_server" "$N"
>>> append bss_conf "acct_server_port=$acct_port" "$N"
>>> [ -n "$acct_secret" ] && \
>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
>>> }
>>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>>> append bss_conf "radius_das_port=$dae_port" "$N"
>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
>>> }
>>>
>>> append bss_conf "nas_identifier=$nasid" "$N"
>>> [ -n "$dynamic_vlan" ] && {
>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
>>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>>> [ -n "$vlan_tagged_interface" ] && \
>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>>> }
>>>
>>> fi
>>> wps_possible=1
>>> ;;
>>> eap)
>>> json_get_vars \
>>> auth_server auth_secret auth_port \
>>> acct_server acct_secret acct_port \
>>> dae_client dae_secret dae_port \
>>> nasid iapp_interface ownip \
>>> eap_reauth_period dynamic_vlan \
>>> vlan_tagged_interface
>>>
>>> # legacy compatibility
>>> [ -n "$auth_server" ] || json_get_var auth_server server
>>> [ -n "$auth_port" ] || json_get_var auth_port port
>>> [ -n "$auth_secret" ] || json_get_var auth_secret key
>>>
>>> set_default auth_port 1812
>>> set_default acct_port 1813
>>> set_default dae_port 3799
>>>
>>> set_default vlan_naming 1
>>>
>>> append bss_conf "auth_server_addr=$auth_server" "$N"
>>> append bss_conf "auth_server_port=$auth_port" "$N"
>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N"
>>>
>>> [ -n "$acct_server" ] && {
>>> append bss_conf "acct_server_addr=$acct_server" "$N"
>>> append bss_conf "acct_server_port=$acct_port" "$N"
>>> [ -n "$acct_secret" ] && \
>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
>>> }
>>>
>>> [ -n "$eap_reauth_period" ] && append bss_conf
>>> "eap_reauth_period=$eap_reauth_period" "$N"
>>>
>>> [ -n "$dae_client" -a -n "$dae_secret" ] && {
>>> append bss_conf "radius_das_port=$dae_port" "$N"
>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
>>> }
>>>
>>> append bss_conf "nas_identifier=$nasid" "$N"
>>> [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
>>> append bss_conf "eapol_key_index_workaround=1" "$N"
>>> append bss_conf "ieee8021x=1" "$N"
>>> append bss_conf "wpa_key_mgmt=WPA-EAP" "$N"
>>>
>>> [ -n "$dynamic_vlan" ] && {
>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
>>> append bss_conf "vlan_naming=$vlan_naming" "$N"
>>> [ -n "$vlan_tagged_interface" ] && \
>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
>>> }
>>> ;;
>>> wep)
>>> local wep_keyidx=0
>>> json_get_vars key
>>> hostapd_append_wep_key bss_conf
>>> append bss_conf "wep_default_key=$wep_keyidx" "$N"
>>> [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N"
>>> ;;
>>> esac
>>>
>>> local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open))
>>> append bss_conf "auth_algs=${auth_algs:-1}" "$N"
>>> append bss_conf "wpa=$wpa" "$N"
>>> [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise"
>>> "$N"
>>>
>>> set_default wps_pushbutton 0
>>> set_default wps_label 0
>>> set_default wps_pbc_in_m1 0
>>>
>>> config_methods=
>>> [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button
>>> [ "$wps_label" -gt 0 ] && append config_methods label
>>>
>>> [ -n "$wps_possible" -a -n "$config_methods" ] && {
>>> set_default ext_registrar 0
>>> set_default wps_device_type "6-0050F204-1"
>>> set_default wps_device_name "OpenWrt AP"
>>> set_default wps_manufacturer "openwrt.org"
>>>
>>> wps_state=2
>>> [ -n "$wps_configured" ] && wps_state=1
>>>
>>> [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf
>>> "upnp_iface=$network_bridge" "$N"
>>>
>>> append bss_conf "eap_server=1" "$N"
>>> [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
>>> append bss_conf "wps_state=$wps_state" "$N"
>>> append bss_conf "ap_setup_locked=0" "$N"
>>> append bss_conf "device_type=$wps_device_type" "$N"
>>> append bss_conf "device_name=$wps_device_name" "$N"
>>> append bss_conf "manufacturer=$wps_manufacturer" "$N"
>>> append bss_conf "config_methods=$config_methods" "$N"
>>> [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1"
>>> "$N"
>>> }
>>>
>>> append bss_conf "ssid=$ssid" "$N"
>>> [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
>>> [ -n "$iapp_interface" ] && {
>>> iapp_interface="$(uci_get_state network "$iapp_interface" ifname
>>> "$iapp_interface")"
>>> [ -n "$iapp_interface" ] && append bss_conf
>>> "iapp_interface=$iapp_interface" "$N"
>>> }
>>>
>>> if [ "$wpa" -ge "2" ]; then
>>> if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
>>> set_default auth_cache 1
>>> append bss_conf "rsn_preauth=1" "$N"
>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
>>> else
>>> set_default auth_cache 1
>>> append bss_conf "rsn_preauth=1" "$N"
>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
>>> fi
>>>
>>> append bss_conf "okc=$auth_cache" "$N"
>>> [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N"
>>>
>>> # RSN -> allow management frame protection
>>> json_get_var ieee80211w ieee80211w
>>> case "$ieee80211w" in
>>> [012])
>>> json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout
>>> append bss_conf "ieee80211w=$ieee80211w" "$N"
>>> [ "$ieee80211w" -gt "0" ] && {
>>> [ -n "$ieee80211w_max_timeout" ] && \
>>> append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
>>> [ -n "$ieee80211w_retry_timeout" ] && \
>>> append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout"
>>> "$N"
>>> }
>>> ;;
>>> esac
>>> fi
>>>
>>> _macfile="/var/run/hostapd-$ifname.maclist"
>>> case "$macfilter" in
>>> allow)
>>> append bss_conf "macaddr_acl=1" "$N"
>>> append bss_conf "accept_mac_file=$_macfile" "$N"
>>> ;;
>>> deny)
>>> append bss_conf "macaddr_acl=0" "$N"
>>> append bss_conf "deny_mac_file=$_macfile" "$N"
>>> ;;
>>> *)
>>> _macfile=""
>>> ;;
>>> esac
>>>
>>> [ -n "$_macfile" ] && {
>>> json_get_vars macfile
>>> json_get_values maclist maclist
>>>
>>> rm -f "$_macfile"
>>> (
>>> for mac in $maclist; do
>>> echo "$mac"
>>> done
>>> [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile"
>>> ) > "$_macfile"
>>> }
>>>
>>> append "$var" "$bss_conf" "$N"
>>> return 0
>>> }
>>>
>>> hostapd_set_log_options() {
>>> local var="$1"
>>>
>>> local log_level log_80211 log_8021x log_radius log_wpa log_driver
>>> log_iapp log_mlme
>>> json_get_vars log_level log_80211 log_8021x log_radius log_wpa
>>> log_driver log_iapp log_mlme
>>>
>>> set_default log_level 1
>>> set_default log_80211 1
>>> set_default log_8021x 1
>>> set_default log_radius 1
>>> set_default log_wpa 1
>>> set_default log_driver 1
>>> set_default log_iapp 1
>>> set_default log_mlme 1
>>>
>>> local log_mask=$(( \
>>> ($log_80211 << 0) | \
>>> ($log_8021x << 1) | \
>>> ($log_radius << 2) | \
>>> ($log_wpa << 3) | \
>>> ($log_driver << 4) | \
>>> ($log_iapp << 5) | \
>>> ($log_mlme << 6) \
>>> ))
>>>
>>> append "$var" "logger_syslog=$log_mask" "$N"
>>> append "$var" "logger_syslog_level=$log_level" "$N"
>>> append "$var" "logger_stdout=$log_mask" "$N"
>>> append "$var" "logger_stdout_level=$log_level" "$N"
>>>
>>> return 0
>>> }
>>>
>>> _wpa_supplicant_common() {
>>> local ifname="$1"
>>>
>>> _rpath="/var/run/wpa_supplicant"
>>> _config="${_rpath}-$ifname.conf"
>>> }
>>>
>>> wpa_supplicant_teardown_interface() {
>>> _wpa_supplicant_common "$1"
>>> rm -rf "$_rpath/$1" "$_config"
>>> }
>>>
>>> wpa_supplicant_prepare_interface() {
>>> local ifname="$1"
>>> _w_driver="$2"
>>>
>>> _wpa_supplicant_common "$1"
>>>
>>> json_get_vars mode wds
>>>
>>> [ -n "$network_bridge" ] && {
>>> fail=
>>> case "$mode" in
>>> adhoc)
>>> fail=1
>>> ;;
>>> sta)
>>> [ "$wds" = 1 ] || fail=1
>>> ;;
>>> esac
>>>
>>> [ -n "$fail" ] && {
>>> wireless_setup_vif_failed BRIDGE_NOT_ALLOWED
>>> return 1
>>> }
>>> }
>>>
>>> local ap_scan=
>>>
>>> _w_mode="$mode"
>>> _w_modestr=
>>>
>>> [[ "$mode" = adhoc ]] && {
>>> ap_scan="ap_scan=2"
>>>
>>> _w_modestr="mode=1"
>>> }
>>>
>>> wpa_supplicant_teardown_interface "$ifname"
>>> cat > "$_config" <<EOF
>>> $ap_scan
>>> EOF
>>> return 0
>>> }
>>>
>>> wpa_supplicant_add_network() {
>>> local ifname="$1"
>>>
>>> _wpa_supplicant_common "$1"
>>> wireless_vif_parse_encryption
>>>
>>> json_get_vars \
>>> ssid bssid key \
>>> basic_rate mcast_rate \
>>> ieee80211w
>>>
>>> local key_mgmt='NONE'
>>> local enc_str=
>>> local network_data=
>>> local T=" "
>>>
>>> local wpa_key_mgmt="WPA-PSK"
>>> local scan_ssid="1"
>>> local freq
>>>
>>> [[ "$_w_mode" = "adhoc" ]] && {
>>> append network_data "mode=1" "$N$T"
>>> [ -n "$channel" ] && {
>>> freq="$(get_freq "$phy" "$channel")"
>>> append network_data "fixed_freq=1" "$N$T"
>>> append network_data "frequency=$freq" "$N$T"
>>> }
>>>
>>> scan_ssid=0
>>>
>>> [ "$_w_driver" = "nl80211" ] || wpa_key_mgmt="WPA-NONE"
>>> }
>>>
>>> [[ "$_w_mode" = adhoc ]] && append network_data "$_w_modestr" "$N$T"
>>>
>>> case "$auth_type" in
>>> none) ;;
>>> wep)
>>> local wep_keyidx=0
>>> hostapd_append_wep_key network_data
>>> append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
>>> ;;
>>> psk)
>>> local passphrase
>>>
>>> key_mgmt="$wpa_key_mgmt"
>>> if [ ${#key} -eq 64 ]; then
>>> passphrase="psk=${key}"
>>> else
>>> passphrase="psk=\"${key}\""
>>> fi
>>> append network_data "$passphrase" "$N$T"
>>> ;;
>>> eap)
>>> key_mgmt='WPA-EAP'
>>>
>>> json_get_vars eap_type identity ca_cert
>>> [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
>>> [ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
>>> case "$eap_type" in
>>> tls)
>>> json_get_vars client_cert priv_key priv_key_pwd
>>> append network_data "client_cert=\"$client_cert\"" "$N$T"
>>> append network_data "private_key=\"$priv_key\"" "$N$T"
>>> append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
>>> ;;
>>> peap|ttls)
>>> json_get_vars auth password
>>> set_default auth MSCHAPV2
>>> append network_data "phase2=\"$auth\"" "$N$T"
>>> append network_data "password=\"$password\"" "$N$T"
>>> ;;
>>> esac
>>> append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T"
>>> ;;
>>> esac
>>>
>>> case "$wpa" in
>>> 1)
>>> append network_data "proto=WPA" "$N$T"
>>> ;;
>>> 2)
>>> append network_data "proto=RSN" "$N$T"
>>> ;;
>>> esac
>>>
>>> case "$ieee80211w" in
>>> [012])
>>> [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T"
>>> ;;
>>> esac
>>>
>>> local beacon_int brates mrate
>>> [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T"
>>> [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int"
>>> "$N$T"
>>>
>>>
>>> [ -n "$basic_rate" ] && {
>>> local br rate_list=
>>> for br in $basic_rate; do
>>> hostapd_add_rate rate_list "$br"
>>> done
>>> [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T"
>>> }
>>>
>>> [ -n "$mcast_rate" ] && {
>>> local mc_rate=
>>> hostapd_add_rate mc_rate "$mcast_rate"
>>> append network_data "mcast_rate=$mc_rate" "$N$T"
>>> }
>>>
>>> local ht_str
>>> [ -n "$ht" ] && append network_data "htmode=$ht" "$N$T"
>>>
>>> cat >> "$_config" <<EOF
>>> network={
>>> scan_ssid=$scan_ssid
>>> ssid="$ssid"
>>> key_mgmt=$key_mgmt
>>> $network_data
>>> }
>>> EOF
>>> return 0
>>> }
>>>
>>> wpa_supplicant_run() {
>>> local ifname="$1"; shift
>>>
>>> _wpa_supplicant_common "$ifname"
>>>
>>> /usr/sbin/wpa_supplicant -B \
>>> ${network_bridge:+-b $network_bridge} \
>>> -P "/var/run/wpa_supplicant-${ifname}.pid" \
>>> -D ${_w_driver:-wext} \
>>> -i "$ifname" \
>>> -c "$_config" \
>>> -C "$_rpath" \
>>> "$@"
>>>
>>> ret="$?"
>>> wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")"
>>> /usr/sbin/wpa_supplicant 1
>>>
>>> [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
>>>
>>> return $ret
>>> }
>>>
>>> hostapd_common_cleanup() {
>>> killall hostapd wpa_supplicant meshd-nl80211
>>> }
>>>
>>> /etc/config/wireless
>>>
>>> config wifi-device 'radio0'
>>> option type 'mac80211'
>>> option path 'pci0000:00/0000:00:00.0'
>>> option htmode 'HT20'
>>> option hwmode '11ng'
>>> list ht_capab 'SHORT-GI-40'
>>> list ht_capab 'TX-STBC'
>>> list ht_capab 'RX-STBC1'
>>> list ht_capab 'DSSS_CCK-40'
>>> option txpower '27'
>>> option country 'US'
>>>
>>> config wifi-iface
>>> option device 'radio0'
>>> option mode 'ap'
>>> option ssid 'Test'
>>> option network 'lan'
>>> option encryption ’none'
>>> option auth_server ‘172.X.X.X'
>>> option auth_port '1812'
>>> option auth_secret 'secret'
>>> option acct_server ‘172.X.X.X'
>>> option acct_port '1812'
>>> option acct_secret 'secret'
>>> option dynamic_vlan '2'
>>> option vlan_file '/etc/config/hostapd.vlan'
>>> option vlan_tagged_interface 'eth0'
>>> option dae_secret 'secret'
>>> option dae_client ‘172.X.X.X'
>>> option macfilter '2'
>>> option dae_port '3799'
>>> option nasid ‘Ubiquiti’
>>>
>>>
>>> You will need the wpad package and hostapd
>>>
>>> Thanks,
>>>
>>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918
>>> (x145) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 2015-05-20 à 11:46, Earl Robinson <[email protected]> a écrit :
>>>
>>> Thanks Chris,
>>>
>>> I tried with the current stable release ,14.07 (barrier breaker), a few
>>> weeks ago and I was having problems with getting drivers for 5ghz wifi
>>> working. I'm assuming the driver situation with 12.09 (attitude adjustment)
>>> is even worse since that release is 18 months older.
>>>
>>> I've got a spare 2.4ghz router I can try with 14.07. There seems to be a
>>> lot of changes to the code for dynamic vlans between 14.07 and trunk (16.?)
>>> so I was hoping there's some config magic that hasn't made it to the docs
>>> yet that will resolve the issues I've had.
>>>
>>> I'll followup on this list on how my testing goes.
>>>
>>> -earl
>>>
>>> On Tue, May 19, 2015 at 1:33 PM, Chris Abel <[email protected]>
>>> wrote:
>>>
>>>> Make sure to use OpenWRT 12.09 Attitude Adjustment.
>>>>
>>>> On Tue, May 19, 2015 at 1:26 PM, Earl Robinson <[email protected]>
>>>> wrote:
>>>>
>>>>> Hey Ludovic,
>>>>>
>>>>> I'm running on a TP-Link Archer C7 v2 and a TP-Link TL-WDR4300 v1. I
>>>>> have hostapd and hostapd-common installed. If I try to install wpad i get
>>>>> the error:
>>>>> root@OpenWRT:~# opkg install wpad
>>>>> Installing wpad (2015-03-25-1) to root...
>>>>> Downloading
>>>>> http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/wpad_2015-03-25-1_ar71xx.ipk
>>>>> .
>>>>> Collected errors:
>>>>> * check_data_file_clashes: Package wpad wants to install file
>>>>> /usr/sbin/hostapd
>>>>> But that file is already provided by package * hostapd
>>>>> * opkg_install_cmd: Cannot install package wpad.
>>>>>
>>>>> -earl
>>>>>
>>>>> On Tue, May 19, 2015 at 10:53 AM, Ludovic Zammit <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hello Earl,
>>>>>>
>>>>>> With which equipment you are using the OpenWRT ?
>>>>>>
>>>>>> The radius part is handle by Hostapd and wpad so make sure that these
>>>>>> two packages are installed ( hostap-common + wpad ).
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Ludovic [email protected] <[email protected]> ::
>>>>>> +1.514.447.4918 (x145) :: www.inverse.ca
>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>>>> (http://packetfence.org)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le 2015-05-18 à 16:18, Earl Robinson <[email protected]> a écrit :
>>>>>>
>>>>>> I've been working to get PacketFence (v5.0.1) working with OpenWRT
>>>>>> (devel v15 r46557).
>>>>>>
>>>>>> My end goal is to have PacketFence controlling the OpenWRT AP in VLAN
>>>>>> mode, using dynamic VLAN assignment. I've followed the PF Device
>>>>>> configuration guide and the administration guide, the new ZEN out-of-band
>>>>>> quick guide. I've used various docs to sett up the OpenWRT AP including
>>>>>> this one:
>>>>>> http://wiki.openwrt.org/doc/howto/wireless.security.8021x
>>>>>>
>>>>>> I've been able to get a cisco 3560 switch working great. When I
>>>>>> connect a device, the cisco switch automatically send a RADIUS auth
>>>>>> request
>>>>>> to the pf server using the device mac address (mab). And when I auth to
>>>>>> the
>>>>>> pf server via the web, my VLAN is reassigned properly.
>>>>>>
>>>>>> With the same client devices, I can connect to an open SSID on the
>>>>>> AP, but then get no RADIUS traffic (dynamic VLANs and nab doesn't work
>>>>>> with
>>>>>> an open SSID?). So I have to set the SSID to WPA2, and then I get an
>>>>>> 802.1x
>>>>>> auth prompt on the client, which generates a RADIUS request back to pf.
>>>>>>
>>>>>> There's a thread on the openwrt list from 2013-2014:
>>>>>> https://forum.openwrt.org/viewtopic.php?id=44968
>>>>>> which seems to show Fabrice was able to implement what I want with
>>>>>> earlier versions of OpenWRT, but with heavy mods. The current devel
>>>>>> version
>>>>>> is supposed to work without any special mods.
>>>>>>
>>>>>> Has anybody been able to get this working recently, and if so have
>>>>>> any guidance? At this point I believe my problem lies on the OpenWRT
>>>>>> side,
>>>>>> but I figure somebody on this list is likely to know the fix.
>>>>>>
>>>>>> Thanks,
>>>>>> Earl
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> One dashboard for servers and applications across
>>>>>> Physical-Virtual-Cloud
>>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>>> Performance metrics, stats and reports that give you Actionable
>>>>>> Insights
>>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>>>
>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> One dashboard for servers and applications across
>>>>>> Physical-Virtual-Cloud
>>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>>> Performance metrics, stats and reports that give you Actionable
>>>>>> Insights
>>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> One dashboard for servers and applications across
>>>>> Physical-Virtual-Cloud
>>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>>> Performance metrics, stats and reports that give you Actionable
>>>>> Insights
>>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Chris Abel
>>>> Systems and Network Administrator
>>>> Wildwood Programs
>>>> 2995 Curry Road Extension
>>>> Schenectady, NY 12303
>>>> 518-836-2341
>>>>
>>>> IMPORTANT NOTICE: This message and any attachments are solely for the
>>>> intended recipient and may contain confidential information, which is, or
>>>> may be, legally privileged or otherwise protected by law from further
>>>> disclosure. If you are not the intended recipient, any disclosure, copying,
>>>> use, or distribution of the information included in this email and any
>>>> attachments is prohibited. If you have received this communication in
>>>> error, please notify the sender by reply email and immediately and
>>>> permanently delete this email and any attachments.
>>>>
>>>> ------------------------------------------------------------------------------
>>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>>> Widest out-of-the-box monitoring support with 50+ applications
>>>> Performance metrics, stats and reports that give you Actionable Insights
>>>> Deep dive visibility with transaction tracing using APM Insight.
>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>>
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
>
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
