I've got it working! The solution was merging your version of /lib/netifd/hostapd.sh with some changes from patch r41963 : https://dev.openwrt.org/changeset/41963 I think the secret sauce is the lines with vlan_naming. I've attached the version which is working for me. hostapd.sh : md5 2fcef5f0bf3b858f38a9132bde40868a
This change tells the hostapd.sh script to join the wireless client to the existing bridge on vlan 11 named br-vlan11 rather than create a new bridge named breth0.11 Thanks again for your help -earl On Thu, May 21, 2015 at 2:46 PM, Earl Robinson <[email protected]> wrote: > nope, I've got /etc/config/hostapd.vlan > > # cat /etc/config/hostapd.vlan > * wlan0.# > > > On Thu, May 21, 2015 at 2:23 PM, Ludovic Zammit <[email protected]> > wrote: > >> Earl, >> >> Maybe you’re missing that part in your configuration: >> >> vlan_file=/etc/config/hostapd.vlan >> >> That file should contain: >> >> * wlan0.# >> >> To add that line in your configuration: >> >> uci add_list wireless.@wifi-iface[0].vlan_file=/etc/config/hostapd.vlan >> >> It will add the configuration on the first SSID [0]. >> >> Thanks, >> >> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >> (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> Le 2015-05-21 à 14:18, Ludovic Zammit <[email protected]> a écrit : >> >> HEllo Earl, >> >> Can you post the result of this command from the OpenWRT: >> >> cat /var/run/hostapd-phy0.conf >> >> Thanks, >> >> >> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >> (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> Le 2015-05-21 à 14:06, Earl Robinson <[email protected]> a écrit : >> >> Wow, >> >> That's got me so much closer. I now have RADIUS auth against packetfence >> with open SSID working. Apparently dynamic vlans on an open SSID isn't >> working yet on the devel (trunk v15 r46***) branch yet. Hopefully that will >> be resolved before the next release. >> >> So I'm left with issues with the wireless client on vlan 11 (wlan0.11) >> joining a new bridge breth0.11, instead of the existing br-vlan11 that I've >> configured. I posted to the openwrt wiki: >> https://forum.openwrt.org/viewtopic.php?id=53227 >> >> so hopefully they can help me get closer still. >> >> Thanks, >> Earl >> >> >> On Wed, May 20, 2015 at 4:21 PM, Earl Robinson <[email protected]> >> wrote: >> >>> Thanks, >>> >>> I'll try this out and see if it works better for me. I appreciate you >>> including the sample wireless config as well. I've had lots of trouble >>> figuring out which config directives should work on various versions of >>> OpenWRT. >>> >>> -earl >>> >>> On Wed, May 20, 2015 at 11:57 AM, Ludovic Zammit <[email protected]> >>> wrote: >>> >>>> Earl, >>>> >>>> This is the /lib/netifd/hostapd.sh for 14.07 BB: >>>> >>>> hostapd_add_rate() { >>>> local var="$1" >>>> local val="$(($2 / 1000))" >>>> local sub="$((($2 / 100) % 10))" >>>> append $var "$val" "," >>>> [ $sub -gt 0 ] && append $var "." >>>> } >>>> >>>> hostapd_add_basic_rate() { >>>> local var="$1" >>>> local val="$(($2 / 100))" >>>> append $var "$val" " " >>>> } >>>> >>>> hostapd_append_wep_key() { >>>> local var="$1" >>>> >>>> wep_keyidx=0 >>>> set_default key 1 >>>> case "$key" in >>>> [1234]) >>>> for idx in 1 2 3 4; do >>>> local zidx >>>> zidx=$(($idx - 1)) >>>> json_get_var ckey "key${idx}" >>>> [ -n "$ckey" ] && \ >>>> append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" >>>> done >>>> wep_keyidx=$((key - 1)) >>>> ;; >>>> *) >>>> append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" >>>> ;; >>>> esac >>>> } >>>> >>>> hostapd_add_log_config() { >>>> config_add_boolean \ >>>> log_80211 \ >>>> log_8021x \ >>>> log_radius \ >>>> log_wpa \ >>>> log_driver \ >>>> log_iapp \ >>>> log_mlme >>>> >>>> config_add_int log_level >>>> } >>>> >>>> hostapd_common_add_device_config() { >>>> config_add_array basic_rate >>>> >>>> config_add_string country >>>> config_add_boolean country_ie doth >>>> config_add_string require_mode >>>> >>>> hostapd_add_log_config >>>> } >>>> >>>> hostapd_prepare_device_config() { >>>> local config="$1" >>>> local driver="$2" >>>> >>>> local base="${config%%.conf}" >>>> local base_cfg= >>>> >>>> json_get_vars country country_ie beacon_int doth require_mode >>>> >>>> hostapd_set_log_options base_cfg >>>> >>>> set_default country_ie 1 >>>> set_default doth 1 >>>> >>>> [ -n "$country" ] && { >>>> append base_cfg "country_code=$country" "$N" >>>> >>>> [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" >>>> [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" >>>> "$N" >>>> } >>>> [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" >>>> >>>> local brlist= br >>>> json_get_values basic_rate_list basic_rate >>>> for br in $basic_rate_list; do >>>> hostapd_add_basic_rate brlist "$br" >>>> done >>>> case "$require_mode" in >>>> g) brlist="60 120 240" ;; >>>> n) append base_cfg "require_ht=1" "$N";; >>>> ac) append base_cfg "require_vht=1" "$N";; >>>> esac >>>> [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" >>>> [ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N" >>>> >>>> cat > "$config" <<EOF >>>> driver=$driver >>>> $base_cfg >>>> EOF >>>> } >>>> >>>> hostapd_common_add_bss_config() { >>>> config_add_string 'bssid:macaddr' 'ssid:string' >>>> config_add_boolean wds wmm hidden >>>> >>>> config_add_int maxassoc max_inactivity >>>> config_add_boolean disassoc_low_ack isolate short_preamble >>>> >>>> config_add_int \ >>>> wep_rekey eap_reauth_period \ >>>> wpa_group_rekey wpa_pair_rekey wpa_master_rekey >>>> >>>> config_add_boolean rsn_preauth auth_cache >>>> config_add_int ieee80211w >>>> >>>> config_add_string 'auth_server:host' 'server:host' >>>> config_add_string auth_secret >>>> config_add_int 'auth_port:port' 'port:port' >>>> >>>> config_add_string acct_server >>>> config_add_string acct_secret >>>> config_add_int acct_port >>>> >>>> config_add_string dae_client >>>> config_add_string dae_secret >>>> config_add_int dae_port >>>> >>>> config_add_string nasid >>>> config_add_string ownip >>>> config_add_string iapp_interface >>>> config_add_string eap_type ca_cert client_cert identity auth priv_key >>>> priv_key_pwd >>>> >>>> config_add_int dynamic_vlan vlan_naming >>>> config_add_string vlan_tagged_interface >>>> >>>> config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' >>>> 'key4:wepkey' 'password:wpakey' >>>> >>>> config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 >>>> config_add_string wps_device_type wps_device_name wps_manufacturer >>>> wps_pin >>>> >>>> config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout >>>> >>>> config_add_string macfilter 'macfile:file' >>>> config_add_array 'maclist:list(macaddr)' >>>> >>>> config_add_int mcast_rate >>>> config_add_array basic_rate >>>> } >>>> >>>> hostapd_set_bss_options() { >>>> local var="$1" >>>> local phy="$2" >>>> local vif="$3" >>>> >>>> wireless_vif_parse_encryption >>>> >>>> local bss_conf >>>> local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey >>>> >>>> json_get_vars \ >>>> wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ >>>> maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ >>>> wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \ >>>> wps_device_type wps_device_name wps_manufacturer wps_pin \ >>>> macfilter ssid wmm hidden short_preamble rsn_preauth >>>> >>>> set_default isolate 0 >>>> set_default maxassoc 0 >>>> set_default max_inactivity 0 >>>> set_default short_preamble 1 >>>> set_default disassoc_low_ack 1 >>>> set_default hidden 0 >>>> set_default wmm 1 >>>> >>>> append bss_conf "ctrl_interface=/var/run/hostapd" >>>> if [ "$isolate" -gt 0 ]; then >>>> append bss_conf "ap_isolate=$isolate" "$N" >>>> fi >>>> if [ "$maxassoc" -gt 0 ]; then >>>> append bss_conf "max_num_sta=$maxassoc" "$N" >>>> fi >>>> if [ "$max_inactivity" -gt 0 ]; then >>>> append bss_conf "ap_max_inactivity=$max_inactivity" "$N" >>>> fi >>>> >>>> append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" >>>> append bss_conf "preamble=$short_preamble" "$N" >>>> append bss_conf "wmm_enabled=$wmm" "$N" >>>> append bss_conf "ignore_broadcast_ssid=$hidden" "$N" >>>> >>>> [ "$wpa" -gt 0 ] && { >>>> [ -n "$wpa_group_rekey" ] && append bss_conf >>>> "wpa_group_rekey=$wpa_group_rekey" "$N" >>>> [ -n "$wpa_pair_rekey" ] && append bss_conf >>>> "wpa_ptk_rekey=$wpa_pair_rekey" "$N" >>>> [ -n "$wpa_master_rekey" ] && append bss_conf >>>> "wpa_gmk_rekey=$wpa_master_rekey" "$N" >>>> } >>>> >>>> case "$auth_type" in >>>> none) >>>> wps_possible=1 >>>> # Here we make the assumption that if we're in open mode >>>> # with WPS enabled, we got to be in unconfigured state. >>>> wps_not_configured=1 >>>> json_get_vars \ >>>> auth_server auth_secret auth_port \ >>>> acct_server acct_secret acct_port \ >>>> dae_client dae_secret dae_port \ >>>> nasid iapp_interface dynamic_vlan \ >>>> vlan_tagged_interface >>>> # legacy compatibility >>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>> >>>> set_default auth_port 1812 >>>> set_default acct_port 1813 >>>> >>>> set_default vlan_naming 1 >>>> >>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>> #Mac authentication >>>> append bss_conf "macaddr_acl=2" "$N" >>>> [ -n "$acct_server" ] && { >>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>> [ -n "$acct_secret" ] && \ >>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>> } >>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>> } >>>> >>>> append bss_conf "nas_identifier=$nasid" "$N" >>>> [ -n "$dynamic_vlan" ] && { >>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>> [ -n "$vlan_tagged_interface" ] && \ >>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>> } >>>> ;; >>>> psk) >>>> json_get_vars key >>>> if [ ${#key} -lt 8 ]; then >>>> wireless_setup_vif_failed INVALID_WPA_PSK >>>> return 1 >>>> elif [ ${#key} -eq 64 ]; then >>>> append bss_conf "wpa_psk=$key" "$N" >>>> else >>>> append bss_conf "wpa_passphrase=$key" "$N" >>>> json_get_vars \ >>>> auth_server auth_secret auth_port \ >>>> acct_server acct_secret acct_port \ >>>> dae_client dae_secret dae_port \ >>>> nasid iapp_interface dynamic_vlan \ >>>> vlan_tagged_interface >>>> # legacy compatibility >>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>> >>>> set_default auth_port 1812 >>>> set_default acct_port 1813 >>>> >>>> set_default vlan_naming 1 >>>> >>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>> #Mac authentication >>>> append bss_conf "macaddr_acl=2" "$N" >>>> [ -n "$acct_server" ] && { >>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>> [ -n "$acct_secret" ] && \ >>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>> } >>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>> } >>>> >>>> append bss_conf "nas_identifier=$nasid" "$N" >>>> [ -n "$dynamic_vlan" ] && { >>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>> [ -n "$vlan_tagged_interface" ] && \ >>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>> } >>>> >>>> fi >>>> wps_possible=1 >>>> ;; >>>> eap) >>>> json_get_vars \ >>>> auth_server auth_secret auth_port \ >>>> acct_server acct_secret acct_port \ >>>> dae_client dae_secret dae_port \ >>>> nasid iapp_interface ownip \ >>>> eap_reauth_period dynamic_vlan \ >>>> vlan_tagged_interface >>>> >>>> # legacy compatibility >>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>> >>>> set_default auth_port 1812 >>>> set_default acct_port 1813 >>>> set_default dae_port 3799 >>>> >>>> set_default vlan_naming 1 >>>> >>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>> >>>> [ -n "$acct_server" ] && { >>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>> [ -n "$acct_secret" ] && \ >>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>> } >>>> >>>> [ -n "$eap_reauth_period" ] && append bss_conf >>>> "eap_reauth_period=$eap_reauth_period" "$N" >>>> >>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>> } >>>> >>>> append bss_conf "nas_identifier=$nasid" "$N" >>>> [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" >>>> append bss_conf "eapol_key_index_workaround=1" "$N" >>>> append bss_conf "ieee8021x=1" "$N" >>>> append bss_conf "wpa_key_mgmt=WPA-EAP" "$N" >>>> >>>> [ -n "$dynamic_vlan" ] && { >>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>> [ -n "$vlan_tagged_interface" ] && \ >>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>> } >>>> ;; >>>> wep) >>>> local wep_keyidx=0 >>>> json_get_vars key >>>> hostapd_append_wep_key bss_conf >>>> append bss_conf "wep_default_key=$wep_keyidx" "$N" >>>> [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" >>>> "$N" >>>> ;; >>>> esac >>>> >>>> local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) >>>> append bss_conf "auth_algs=${auth_algs:-1}" "$N" >>>> append bss_conf "wpa=$wpa" "$N" >>>> [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" >>>> "$N" >>>> >>>> set_default wps_pushbutton 0 >>>> set_default wps_label 0 >>>> set_default wps_pbc_in_m1 0 >>>> >>>> config_methods= >>>> [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button >>>> [ "$wps_label" -gt 0 ] && append config_methods label >>>> >>>> [ -n "$wps_possible" -a -n "$config_methods" ] && { >>>> set_default ext_registrar 0 >>>> set_default wps_device_type "6-0050F204-1" >>>> set_default wps_device_name "OpenWrt AP" >>>> set_default wps_manufacturer "openwrt.org" >>>> >>>> wps_state=2 >>>> [ -n "$wps_configured" ] && wps_state=1 >>>> >>>> [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf >>>> "upnp_iface=$network_bridge" "$N" >>>> >>>> append bss_conf "eap_server=1" "$N" >>>> [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" >>>> append bss_conf "wps_state=$wps_state" "$N" >>>> append bss_conf "ap_setup_locked=0" "$N" >>>> append bss_conf "device_type=$wps_device_type" "$N" >>>> append bss_conf "device_name=$wps_device_name" "$N" >>>> append bss_conf "manufacturer=$wps_manufacturer" "$N" >>>> append bss_conf "config_methods=$config_methods" "$N" >>>> [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf >>>> "pbc_in_m1=$wps_pbc_in_m1" "$N" >>>> } >>>> >>>> append bss_conf "ssid=$ssid" "$N" >>>> [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" >>>> "$N" >>>> [ -n "$iapp_interface" ] && { >>>> iapp_interface="$(uci_get_state network "$iapp_interface" ifname >>>> "$iapp_interface")" >>>> [ -n "$iapp_interface" ] && append bss_conf >>>> "iapp_interface=$iapp_interface" "$N" >>>> } >>>> >>>> if [ "$wpa" -ge "2" ]; then >>>> if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then >>>> set_default auth_cache 1 >>>> append bss_conf "rsn_preauth=1" "$N" >>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" >>>> else >>>> set_default auth_cache 1 >>>> append bss_conf "rsn_preauth=1" "$N" >>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" >>>> fi >>>> >>>> append bss_conf "okc=$auth_cache" "$N" >>>> [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" >>>> >>>> # RSN -> allow management frame protection >>>> json_get_var ieee80211w ieee80211w >>>> case "$ieee80211w" in >>>> [012]) >>>> json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout >>>> append bss_conf "ieee80211w=$ieee80211w" "$N" >>>> [ "$ieee80211w" -gt "0" ] && { >>>> [ -n "$ieee80211w_max_timeout" ] && \ >>>> append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" >>>> "$N" >>>> [ -n "$ieee80211w_retry_timeout" ] && \ >>>> append bss_conf >>>> "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" >>>> } >>>> ;; >>>> esac >>>> fi >>>> >>>> _macfile="/var/run/hostapd-$ifname.maclist" >>>> case "$macfilter" in >>>> allow) >>>> append bss_conf "macaddr_acl=1" "$N" >>>> append bss_conf "accept_mac_file=$_macfile" "$N" >>>> ;; >>>> deny) >>>> append bss_conf "macaddr_acl=0" "$N" >>>> append bss_conf "deny_mac_file=$_macfile" "$N" >>>> ;; >>>> *) >>>> _macfile="" >>>> ;; >>>> esac >>>> >>>> [ -n "$_macfile" ] && { >>>> json_get_vars macfile >>>> json_get_values maclist maclist >>>> >>>> rm -f "$_macfile" >>>> ( >>>> for mac in $maclist; do >>>> echo "$mac" >>>> done >>>> [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" >>>> ) > "$_macfile" >>>> } >>>> >>>> append "$var" "$bss_conf" "$N" >>>> return 0 >>>> } >>>> >>>> hostapd_set_log_options() { >>>> local var="$1" >>>> >>>> local log_level log_80211 log_8021x log_radius log_wpa log_driver >>>> log_iapp log_mlme >>>> json_get_vars log_level log_80211 log_8021x log_radius log_wpa >>>> log_driver log_iapp log_mlme >>>> >>>> set_default log_level 1 >>>> set_default log_80211 1 >>>> set_default log_8021x 1 >>>> set_default log_radius 1 >>>> set_default log_wpa 1 >>>> set_default log_driver 1 >>>> set_default log_iapp 1 >>>> set_default log_mlme 1 >>>> >>>> local log_mask=$(( \ >>>> ($log_80211 << 0) | \ >>>> ($log_8021x << 1) | \ >>>> ($log_radius << 2) | \ >>>> ($log_wpa << 3) | \ >>>> ($log_driver << 4) | \ >>>> ($log_iapp << 5) | \ >>>> ($log_mlme << 6) \ >>>> )) >>>> >>>> append "$var" "logger_syslog=$log_mask" "$N" >>>> append "$var" "logger_syslog_level=$log_level" "$N" >>>> append "$var" "logger_stdout=$log_mask" "$N" >>>> append "$var" "logger_stdout_level=$log_level" "$N" >>>> >>>> return 0 >>>> } >>>> >>>> _wpa_supplicant_common() { >>>> local ifname="$1" >>>> >>>> _rpath="/var/run/wpa_supplicant" >>>> _config="${_rpath}-$ifname.conf" >>>> } >>>> >>>> wpa_supplicant_teardown_interface() { >>>> _wpa_supplicant_common "$1" >>>> rm -rf "$_rpath/$1" "$_config" >>>> } >>>> >>>> wpa_supplicant_prepare_interface() { >>>> local ifname="$1" >>>> _w_driver="$2" >>>> >>>> _wpa_supplicant_common "$1" >>>> >>>> json_get_vars mode wds >>>> >>>> [ -n "$network_bridge" ] && { >>>> fail= >>>> case "$mode" in >>>> adhoc) >>>> fail=1 >>>> ;; >>>> sta) >>>> [ "$wds" = 1 ] || fail=1 >>>> ;; >>>> esac >>>> >>>> [ -n "$fail" ] && { >>>> wireless_setup_vif_failed BRIDGE_NOT_ALLOWED >>>> return 1 >>>> } >>>> } >>>> >>>> local ap_scan= >>>> >>>> _w_mode="$mode" >>>> _w_modestr= >>>> >>>> [[ "$mode" = adhoc ]] && { >>>> ap_scan="ap_scan=2" >>>> >>>> _w_modestr="mode=1" >>>> } >>>> >>>> wpa_supplicant_teardown_interface "$ifname" >>>> cat > "$_config" <<EOF >>>> $ap_scan >>>> EOF >>>> return 0 >>>> } >>>> >>>> wpa_supplicant_add_network() { >>>> local ifname="$1" >>>> >>>> _wpa_supplicant_common "$1" >>>> wireless_vif_parse_encryption >>>> >>>> json_get_vars \ >>>> ssid bssid key \ >>>> basic_rate mcast_rate \ >>>> ieee80211w >>>> >>>> local key_mgmt='NONE' >>>> local enc_str= >>>> local network_data= >>>> local T=" " >>>> >>>> local wpa_key_mgmt="WPA-PSK" >>>> local scan_ssid="1" >>>> local freq >>>> >>>> [[ "$_w_mode" = "adhoc" ]] && { >>>> append network_data "mode=1" "$N$T" >>>> [ -n "$channel" ] && { >>>> freq="$(get_freq "$phy" "$channel")" >>>> append network_data "fixed_freq=1" "$N$T" >>>> append network_data "frequency=$freq" "$N$T" >>>> } >>>> >>>> scan_ssid=0 >>>> >>>> [ "$_w_driver" = "nl80211" ] || wpa_key_mgmt="WPA-NONE" >>>> } >>>> >>>> [[ "$_w_mode" = adhoc ]] && append network_data "$_w_modestr" "$N$T" >>>> >>>> case "$auth_type" in >>>> none) ;; >>>> wep) >>>> local wep_keyidx=0 >>>> hostapd_append_wep_key network_data >>>> append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" >>>> ;; >>>> psk) >>>> local passphrase >>>> >>>> key_mgmt="$wpa_key_mgmt" >>>> if [ ${#key} -eq 64 ]; then >>>> passphrase="psk=${key}" >>>> else >>>> passphrase="psk=\"${key}\"" >>>> fi >>>> append network_data "$passphrase" "$N$T" >>>> ;; >>>> eap) >>>> key_mgmt='WPA-EAP' >>>> >>>> json_get_vars eap_type identity ca_cert >>>> [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" >>>> [ -n "$identity" ] && append network_data "identity=\"$identity\"" >>>> "$N$T" >>>> case "$eap_type" in >>>> tls) >>>> json_get_vars client_cert priv_key priv_key_pwd >>>> append network_data "client_cert=\"$client_cert\"" "$N$T" >>>> append network_data "private_key=\"$priv_key\"" "$N$T" >>>> append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" >>>> ;; >>>> peap|ttls) >>>> json_get_vars auth password >>>> set_default auth MSCHAPV2 >>>> append network_data "phase2=\"$auth\"" "$N$T" >>>> append network_data "password=\"$password\"" "$N$T" >>>> ;; >>>> esac >>>> append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" >>>> ;; >>>> esac >>>> >>>> case "$wpa" in >>>> 1) >>>> append network_data "proto=WPA" "$N$T" >>>> ;; >>>> 2) >>>> append network_data "proto=RSN" "$N$T" >>>> ;; >>>> esac >>>> >>>> case "$ieee80211w" in >>>> [012]) >>>> [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" >>>> ;; >>>> esac >>>> >>>> local beacon_int brates mrate >>>> [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" >>>> [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" >>>> "$N$T" >>>> >>>> >>>> [ -n "$basic_rate" ] && { >>>> local br rate_list= >>>> for br in $basic_rate; do >>>> hostapd_add_rate rate_list "$br" >>>> done >>>> [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" >>>> } >>>> >>>> [ -n "$mcast_rate" ] && { >>>> local mc_rate= >>>> hostapd_add_rate mc_rate "$mcast_rate" >>>> append network_data "mcast_rate=$mc_rate" "$N$T" >>>> } >>>> >>>> local ht_str >>>> [ -n "$ht" ] && append network_data "htmode=$ht" "$N$T" >>>> >>>> cat >> "$_config" <<EOF >>>> network={ >>>> scan_ssid=$scan_ssid >>>> ssid="$ssid" >>>> key_mgmt=$key_mgmt >>>> $network_data >>>> } >>>> EOF >>>> return 0 >>>> } >>>> >>>> wpa_supplicant_run() { >>>> local ifname="$1"; shift >>>> >>>> _wpa_supplicant_common "$ifname" >>>> >>>> /usr/sbin/wpa_supplicant -B \ >>>> ${network_bridge:+-b $network_bridge} \ >>>> -P "/var/run/wpa_supplicant-${ifname}.pid" \ >>>> -D ${_w_driver:-wext} \ >>>> -i "$ifname" \ >>>> -c "$_config" \ >>>> -C "$_rpath" \ >>>> "$@" >>>> >>>> ret="$?" >>>> wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" >>>> /usr/sbin/wpa_supplicant 1 >>>> >>>> [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED >>>> >>>> return $ret >>>> } >>>> >>>> hostapd_common_cleanup() { >>>> killall hostapd wpa_supplicant meshd-nl80211 >>>> } >>>> >>>> /etc/config/wireless >>>> >>>> config wifi-device 'radio0' >>>> option type 'mac80211' >>>> option path 'pci0000:00/0000:00:00.0' >>>> option htmode 'HT20' >>>> option hwmode '11ng' >>>> list ht_capab 'SHORT-GI-40' >>>> list ht_capab 'TX-STBC' >>>> list ht_capab 'RX-STBC1' >>>> list ht_capab 'DSSS_CCK-40' >>>> option txpower '27' >>>> option country 'US' >>>> >>>> config wifi-iface >>>> option device 'radio0' >>>> option mode 'ap' >>>> option ssid 'Test' >>>> option network 'lan' >>>> option encryption ’none' >>>> option auth_server ‘172.X.X.X' >>>> option auth_port '1812' >>>> option auth_secret 'secret' >>>> option acct_server ‘172.X.X.X' >>>> option acct_port '1812' >>>> option acct_secret 'secret' >>>> option dynamic_vlan '2' >>>> option vlan_file '/etc/config/hostapd.vlan' >>>> option vlan_tagged_interface 'eth0' >>>> option dae_secret 'secret' >>>> option dae_client ‘172.X.X.X' >>>> option macfilter '2' >>>> option dae_port '3799' >>>> option nasid ‘Ubiquiti’ >>>> >>>> >>>> You will need the wpad package and hostapd >>>> >>>> Thanks, >>>> >>>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >>>> (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> Le 2015-05-20 à 11:46, Earl Robinson <[email protected]> a écrit : >>>> >>>> Thanks Chris, >>>> >>>> I tried with the current stable release ,14.07 (barrier breaker), a few >>>> weeks ago and I was having problems with getting drivers for 5ghz wifi >>>> working. I'm assuming the driver situation with 12.09 (attitude adjustment) >>>> is even worse since that release is 18 months older. >>>> >>>> I've got a spare 2.4ghz router I can try with 14.07. There seems to be >>>> a lot of changes to the code for dynamic vlans between 14.07 and trunk >>>> (16.?) so I was hoping there's some config magic that hasn't made it to the >>>> docs yet that will resolve the issues I've had. >>>> >>>> I'll followup on this list on how my testing goes. >>>> >>>> -earl >>>> >>>> On Tue, May 19, 2015 at 1:33 PM, Chris Abel <[email protected] >>>> > wrote: >>>> >>>>> Make sure to use OpenWRT 12.09 Attitude Adjustment. >>>>> >>>>> On Tue, May 19, 2015 at 1:26 PM, Earl Robinson <[email protected]> >>>>> wrote: >>>>> >>>>>> Hey Ludovic, >>>>>> >>>>>> I'm running on a TP-Link Archer C7 v2 and a TP-Link TL-WDR4300 v1. I >>>>>> have hostapd and hostapd-common installed. If I try to install wpad i get >>>>>> the error: >>>>>> root@OpenWRT:~# opkg install wpad >>>>>> Installing wpad (2015-03-25-1) to root... >>>>>> Downloading >>>>>> http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/wpad_2015-03-25-1_ar71xx.ipk >>>>>> . >>>>>> Collected errors: >>>>>> * check_data_file_clashes: Package wpad wants to install file >>>>>> /usr/sbin/hostapd >>>>>> But that file is already provided by package * hostapd >>>>>> * opkg_install_cmd: Cannot install package wpad. >>>>>> >>>>>> -earl >>>>>> >>>>>> On Tue, May 19, 2015 at 10:53 AM, Ludovic Zammit <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Earl, >>>>>>> >>>>>>> With which equipment you are using the OpenWRT ? >>>>>>> >>>>>>> The radius part is handle by Hostapd and wpad so make sure that >>>>>>> these two packages are installed ( hostap-common + wpad ). >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Ludovic [email protected] <[email protected]> :: >>>>>>> +1.514.447.4918 (x145) :: www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le 2015-05-18 à 16:18, Earl Robinson <[email protected]> a écrit : >>>>>>> >>>>>>> I've been working to get PacketFence (v5.0.1) working with OpenWRT >>>>>>> (devel v15 r46557). >>>>>>> >>>>>>> My end goal is to have PacketFence controlling the OpenWRT AP in >>>>>>> VLAN mode, using dynamic VLAN assignment. I've followed the PF Device >>>>>>> configuration guide and the administration guide, the new ZEN >>>>>>> out-of-band >>>>>>> quick guide. I've used various docs to sett up the OpenWRT AP including >>>>>>> this one: >>>>>>> http://wiki.openwrt.org/doc/howto/wireless.security.8021x >>>>>>> >>>>>>> I've been able to get a cisco 3560 switch working great. When I >>>>>>> connect a device, the cisco switch automatically send a RADIUS auth >>>>>>> request >>>>>>> to the pf server using the device mac address (mab). And when I auth to >>>>>>> the >>>>>>> pf server via the web, my VLAN is reassigned properly. >>>>>>> >>>>>>> With the same client devices, I can connect to an open SSID on the >>>>>>> AP, but then get no RADIUS traffic (dynamic VLANs and nab doesn't work >>>>>>> with >>>>>>> an open SSID?). So I have to set the SSID to WPA2, and then I get an >>>>>>> 802.1x >>>>>>> auth prompt on the client, which generates a RADIUS request back to pf. >>>>>>> >>>>>>> There's a thread on the openwrt list from 2013-2014: >>>>>>> https://forum.openwrt.org/viewtopic.php?id=44968 >>>>>>> which seems to show Fabrice was able to implement what I want with >>>>>>> earlier versions of OpenWRT, but with heavy mods. The current devel >>>>>>> version >>>>>>> is supposed to work without any special mods. >>>>>>> >>>>>>> Has anybody been able to get this working recently, and if so have >>>>>>> any guidance? At this point I believe my problem lies on the OpenWRT >>>>>>> side, >>>>>>> but I figure somebody on this list is likely to know the fix. >>>>>>> >>>>>>> Thanks, >>>>>>> Earl >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> One dashboard for servers and applications across >>>>>>> Physical-Virtual-Cloud >>>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>>> Performance metrics, stats and reports that give you Actionable >>>>>>> Insights >>>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>>> >>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> One dashboard for servers and applications across >>>>>>> Physical-Virtual-Cloud >>>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>>> Performance metrics, stats and reports that give you Actionable >>>>>>> Insights >>>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> One dashboard for servers and applications across >>>>>> Physical-Virtual-Cloud >>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>> Performance metrics, stats and reports that give you Actionable >>>>>> Insights >>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chris Abel >>>>> Systems and Network Administrator >>>>> Wildwood Programs >>>>> 2995 Curry Road Extension >>>>> Schenectady, NY 12303 >>>>> 518-836-2341 >>>>> >>>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>>> intended recipient and may contain confidential information, which is, or >>>>> may be, legally privileged or otherwise protected by law from further >>>>> disclosure. If you are not the intended recipient, any disclosure, >>>>> copying, >>>>> use, or distribution of the information included in this email and any >>>>> attachments is prohibited. If you have received this communication in >>>>> error, please notify the sender by reply email and immediately and >>>>> permanently delete this email and any attachments. >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> One dashboard for servers and applications across >>>>> Physical-Virtual-Cloud >>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>> Performance metrics, stats and reports that give you Actionable >>>>> Insights >>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> One dashboard for servers and applications across >>>> Physical-Virtual-Cloud >>>> Widest out-of-the-box monitoring support with 50+ applications >>>> Performance metrics, stats and reports that give you Actionable Insights >>>> Deep dive visibility with transaction tracing using APM Insight. >>>> >>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> One dashboard for servers and applications across Physical-Virtual-Cloud >>>> Widest out-of-the-box monitoring support with 50+ applications >>>> Performance metrics, stats and reports that give you Actionable Insights >>>> Deep dive visibility with transaction tracing using APM Insight. >>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >
hostapd.sh
Description: Bourne shell script
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
