Thanks so much Earl. Your hostapd.sh patch is working perfectly for me as well. Great to have PF work with the latest version of OpenWRT.
On Thu, May 21, 2015 at 4:02 PM, Earl Robinson <[email protected]> wrote: > I've got it working! > > The solution was merging your version of /lib/netifd/hostapd.sh with some > changes from patch r41963 : https://dev.openwrt.org/changeset/41963 > I think the secret sauce is the lines with vlan_naming. I've attached the > version which is working for me. > hostapd.sh : md5 2fcef5f0bf3b858f38a9132bde40868a > > This change tells the hostapd.sh script to join the wireless client to the > existing bridge on vlan 11 named br-vlan11 rather than create a new bridge > named breth0.11 > > Thanks again for your help > -earl > > > On Thu, May 21, 2015 at 2:46 PM, Earl Robinson <[email protected]> wrote: > >> nope, I've got /etc/config/hostapd.vlan >> >> # cat /etc/config/hostapd.vlan >> * wlan0.# >> >> >> On Thu, May 21, 2015 at 2:23 PM, Ludovic Zammit <[email protected]> >> wrote: >> >>> Earl, >>> >>> Maybe you’re missing that part in your configuration: >>> >>> vlan_file=/etc/config/hostapd.vlan >>> >>> That file should contain: >>> >>> * wlan0.# >>> >>> To add that line in your configuration: >>> >>> uci add_list wireless.@wifi-iface[0].vlan_file=/etc/config/hostapd.vlan >>> >>> It will add the configuration on the first SSID [0]. >>> >>> Thanks, >>> >>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >>> (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> Le 2015-05-21 à 14:18, Ludovic Zammit <[email protected]> a écrit : >>> >>> HEllo Earl, >>> >>> Can you post the result of this command from the OpenWRT: >>> >>> cat /var/run/hostapd-phy0.conf >>> >>> Thanks, >>> >>> >>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >>> (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> Le 2015-05-21 à 14:06, Earl Robinson <[email protected]> a écrit : >>> >>> Wow, >>> >>> That's got me so much closer. I now have RADIUS auth against packetfence >>> with open SSID working. Apparently dynamic vlans on an open SSID isn't >>> working yet on the devel (trunk v15 r46***) branch yet. Hopefully that will >>> be resolved before the next release. >>> >>> So I'm left with issues with the wireless client on vlan 11 (wlan0.11) >>> joining a new bridge breth0.11, instead of the existing br-vlan11 that I've >>> configured. I posted to the openwrt wiki: >>> https://forum.openwrt.org/viewtopic.php?id=53227 >>> >>> so hopefully they can help me get closer still. >>> >>> Thanks, >>> Earl >>> >>> >>> On Wed, May 20, 2015 at 4:21 PM, Earl Robinson <[email protected]> >>> wrote: >>> >>>> Thanks, >>>> >>>> I'll try this out and see if it works better for me. I appreciate you >>>> including the sample wireless config as well. I've had lots of trouble >>>> figuring out which config directives should work on various versions of >>>> OpenWRT. >>>> >>>> -earl >>>> >>>> On Wed, May 20, 2015 at 11:57 AM, Ludovic Zammit <[email protected]> >>>> wrote: >>>> >>>>> Earl, >>>>> >>>>> This is the /lib/netifd/hostapd.sh for 14.07 BB: >>>>> >>>>> hostapd_add_rate() { >>>>> local var="$1" >>>>> local val="$(($2 / 1000))" >>>>> local sub="$((($2 / 100) % 10))" >>>>> append $var "$val" "," >>>>> [ $sub -gt 0 ] && append $var "." >>>>> } >>>>> >>>>> hostapd_add_basic_rate() { >>>>> local var="$1" >>>>> local val="$(($2 / 100))" >>>>> append $var "$val" " " >>>>> } >>>>> >>>>> hostapd_append_wep_key() { >>>>> local var="$1" >>>>> >>>>> wep_keyidx=0 >>>>> set_default key 1 >>>>> case "$key" in >>>>> [1234]) >>>>> for idx in 1 2 3 4; do >>>>> local zidx >>>>> zidx=$(($idx - 1)) >>>>> json_get_var ckey "key${idx}" >>>>> [ -n "$ckey" ] && \ >>>>> append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" >>>>> done >>>>> wep_keyidx=$((key - 1)) >>>>> ;; >>>>> *) >>>>> append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" >>>>> ;; >>>>> esac >>>>> } >>>>> >>>>> hostapd_add_log_config() { >>>>> config_add_boolean \ >>>>> log_80211 \ >>>>> log_8021x \ >>>>> log_radius \ >>>>> log_wpa \ >>>>> log_driver \ >>>>> log_iapp \ >>>>> log_mlme >>>>> >>>>> config_add_int log_level >>>>> } >>>>> >>>>> hostapd_common_add_device_config() { >>>>> config_add_array basic_rate >>>>> >>>>> config_add_string country >>>>> config_add_boolean country_ie doth >>>>> config_add_string require_mode >>>>> >>>>> hostapd_add_log_config >>>>> } >>>>> >>>>> hostapd_prepare_device_config() { >>>>> local config="$1" >>>>> local driver="$2" >>>>> >>>>> local base="${config%%.conf}" >>>>> local base_cfg= >>>>> >>>>> json_get_vars country country_ie beacon_int doth require_mode >>>>> >>>>> hostapd_set_log_options base_cfg >>>>> >>>>> set_default country_ie 1 >>>>> set_default doth 1 >>>>> >>>>> [ -n "$country" ] && { >>>>> append base_cfg "country_code=$country" "$N" >>>>> >>>>> [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" >>>>> [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" >>>>> "$N" >>>>> } >>>>> [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" >>>>> >>>>> local brlist= br >>>>> json_get_values basic_rate_list basic_rate >>>>> for br in $basic_rate_list; do >>>>> hostapd_add_basic_rate brlist "$br" >>>>> done >>>>> case "$require_mode" in >>>>> g) brlist="60 120 240" ;; >>>>> n) append base_cfg "require_ht=1" "$N";; >>>>> ac) append base_cfg "require_vht=1" "$N";; >>>>> esac >>>>> [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" >>>>> [ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N" >>>>> >>>>> cat > "$config" <<EOF >>>>> driver=$driver >>>>> $base_cfg >>>>> EOF >>>>> } >>>>> >>>>> hostapd_common_add_bss_config() { >>>>> config_add_string 'bssid:macaddr' 'ssid:string' >>>>> config_add_boolean wds wmm hidden >>>>> >>>>> config_add_int maxassoc max_inactivity >>>>> config_add_boolean disassoc_low_ack isolate short_preamble >>>>> >>>>> config_add_int \ >>>>> wep_rekey eap_reauth_period \ >>>>> wpa_group_rekey wpa_pair_rekey wpa_master_rekey >>>>> >>>>> config_add_boolean rsn_preauth auth_cache >>>>> config_add_int ieee80211w >>>>> >>>>> config_add_string 'auth_server:host' 'server:host' >>>>> config_add_string auth_secret >>>>> config_add_int 'auth_port:port' 'port:port' >>>>> >>>>> config_add_string acct_server >>>>> config_add_string acct_secret >>>>> config_add_int acct_port >>>>> >>>>> config_add_string dae_client >>>>> config_add_string dae_secret >>>>> config_add_int dae_port >>>>> >>>>> config_add_string nasid >>>>> config_add_string ownip >>>>> config_add_string iapp_interface >>>>> config_add_string eap_type ca_cert client_cert identity auth priv_key >>>>> priv_key_pwd >>>>> >>>>> config_add_int dynamic_vlan vlan_naming >>>>> config_add_string vlan_tagged_interface >>>>> >>>>> config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' >>>>> 'key4:wepkey' 'password:wpakey' >>>>> >>>>> config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 >>>>> config_add_string wps_device_type wps_device_name wps_manufacturer >>>>> wps_pin >>>>> >>>>> config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout >>>>> >>>>> config_add_string macfilter 'macfile:file' >>>>> config_add_array 'maclist:list(macaddr)' >>>>> >>>>> config_add_int mcast_rate >>>>> config_add_array basic_rate >>>>> } >>>>> >>>>> hostapd_set_bss_options() { >>>>> local var="$1" >>>>> local phy="$2" >>>>> local vif="$3" >>>>> >>>>> wireless_vif_parse_encryption >>>>> >>>>> local bss_conf >>>>> local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey >>>>> >>>>> json_get_vars \ >>>>> wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ >>>>> maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ >>>>> wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \ >>>>> wps_device_type wps_device_name wps_manufacturer wps_pin \ >>>>> macfilter ssid wmm hidden short_preamble rsn_preauth >>>>> >>>>> set_default isolate 0 >>>>> set_default maxassoc 0 >>>>> set_default max_inactivity 0 >>>>> set_default short_preamble 1 >>>>> set_default disassoc_low_ack 1 >>>>> set_default hidden 0 >>>>> set_default wmm 1 >>>>> >>>>> append bss_conf "ctrl_interface=/var/run/hostapd" >>>>> if [ "$isolate" -gt 0 ]; then >>>>> append bss_conf "ap_isolate=$isolate" "$N" >>>>> fi >>>>> if [ "$maxassoc" -gt 0 ]; then >>>>> append bss_conf "max_num_sta=$maxassoc" "$N" >>>>> fi >>>>> if [ "$max_inactivity" -gt 0 ]; then >>>>> append bss_conf "ap_max_inactivity=$max_inactivity" "$N" >>>>> fi >>>>> >>>>> append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" >>>>> append bss_conf "preamble=$short_preamble" "$N" >>>>> append bss_conf "wmm_enabled=$wmm" "$N" >>>>> append bss_conf "ignore_broadcast_ssid=$hidden" "$N" >>>>> >>>>> [ "$wpa" -gt 0 ] && { >>>>> [ -n "$wpa_group_rekey" ] && append bss_conf >>>>> "wpa_group_rekey=$wpa_group_rekey" "$N" >>>>> [ -n "$wpa_pair_rekey" ] && append bss_conf >>>>> "wpa_ptk_rekey=$wpa_pair_rekey" "$N" >>>>> [ -n "$wpa_master_rekey" ] && append bss_conf >>>>> "wpa_gmk_rekey=$wpa_master_rekey" "$N" >>>>> } >>>>> >>>>> case "$auth_type" in >>>>> none) >>>>> wps_possible=1 >>>>> # Here we make the assumption that if we're in open mode >>>>> # with WPS enabled, we got to be in unconfigured state. >>>>> wps_not_configured=1 >>>>> json_get_vars \ >>>>> auth_server auth_secret auth_port \ >>>>> acct_server acct_secret acct_port \ >>>>> dae_client dae_secret dae_port \ >>>>> nasid iapp_interface dynamic_vlan \ >>>>> vlan_tagged_interface >>>>> # legacy compatibility >>>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>>> >>>>> set_default auth_port 1812 >>>>> set_default acct_port 1813 >>>>> >>>>> set_default vlan_naming 1 >>>>> >>>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>>> #Mac authentication >>>>> append bss_conf "macaddr_acl=2" "$N" >>>>> [ -n "$acct_server" ] && { >>>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>>> [ -n "$acct_secret" ] && \ >>>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>>> } >>>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>>> } >>>>> >>>>> append bss_conf "nas_identifier=$nasid" "$N" >>>>> [ -n "$dynamic_vlan" ] && { >>>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>>> [ -n "$vlan_tagged_interface" ] && \ >>>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>>> } >>>>> ;; >>>>> psk) >>>>> json_get_vars key >>>>> if [ ${#key} -lt 8 ]; then >>>>> wireless_setup_vif_failed INVALID_WPA_PSK >>>>> return 1 >>>>> elif [ ${#key} -eq 64 ]; then >>>>> append bss_conf "wpa_psk=$key" "$N" >>>>> else >>>>> append bss_conf "wpa_passphrase=$key" "$N" >>>>> json_get_vars \ >>>>> auth_server auth_secret auth_port \ >>>>> acct_server acct_secret acct_port \ >>>>> dae_client dae_secret dae_port \ >>>>> nasid iapp_interface dynamic_vlan \ >>>>> vlan_tagged_interface >>>>> # legacy compatibility >>>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>>> >>>>> set_default auth_port 1812 >>>>> set_default acct_port 1813 >>>>> >>>>> set_default vlan_naming 1 >>>>> >>>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>>> #Mac authentication >>>>> append bss_conf "macaddr_acl=2" "$N" >>>>> [ -n "$acct_server" ] && { >>>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>>> [ -n "$acct_secret" ] && \ >>>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>>> } >>>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>>> } >>>>> >>>>> append bss_conf "nas_identifier=$nasid" "$N" >>>>> [ -n "$dynamic_vlan" ] && { >>>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>>> [ -n "$vlan_tagged_interface" ] && \ >>>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>>> } >>>>> >>>>> fi >>>>> wps_possible=1 >>>>> ;; >>>>> eap) >>>>> json_get_vars \ >>>>> auth_server auth_secret auth_port \ >>>>> acct_server acct_secret acct_port \ >>>>> dae_client dae_secret dae_port \ >>>>> nasid iapp_interface ownip \ >>>>> eap_reauth_period dynamic_vlan \ >>>>> vlan_tagged_interface >>>>> >>>>> # legacy compatibility >>>>> [ -n "$auth_server" ] || json_get_var auth_server server >>>>> [ -n "$auth_port" ] || json_get_var auth_port port >>>>> [ -n "$auth_secret" ] || json_get_var auth_secret key >>>>> >>>>> set_default auth_port 1812 >>>>> set_default acct_port 1813 >>>>> set_default dae_port 3799 >>>>> >>>>> set_default vlan_naming 1 >>>>> >>>>> append bss_conf "auth_server_addr=$auth_server" "$N" >>>>> append bss_conf "auth_server_port=$auth_port" "$N" >>>>> append bss_conf "auth_server_shared_secret=$auth_secret" "$N" >>>>> append bss_conf "vlan_file=/etc/config/hostapd.vlan" "$N" >>>>> >>>>> [ -n "$acct_server" ] && { >>>>> append bss_conf "acct_server_addr=$acct_server" "$N" >>>>> append bss_conf "acct_server_port=$acct_port" "$N" >>>>> [ -n "$acct_secret" ] && \ >>>>> append bss_conf "acct_server_shared_secret=$acct_secret" "$N" >>>>> } >>>>> >>>>> [ -n "$eap_reauth_period" ] && append bss_conf >>>>> "eap_reauth_period=$eap_reauth_period" "$N" >>>>> >>>>> [ -n "$dae_client" -a -n "$dae_secret" ] && { >>>>> append bss_conf "radius_das_port=$dae_port" "$N" >>>>> append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" >>>>> } >>>>> >>>>> append bss_conf "nas_identifier=$nasid" "$N" >>>>> [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" >>>>> append bss_conf "eapol_key_index_workaround=1" "$N" >>>>> append bss_conf "ieee8021x=1" "$N" >>>>> append bss_conf "wpa_key_mgmt=WPA-EAP" "$N" >>>>> >>>>> [ -n "$dynamic_vlan" ] && { >>>>> append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" >>>>> append bss_conf "vlan_naming=$vlan_naming" "$N" >>>>> [ -n "$vlan_tagged_interface" ] && \ >>>>> append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" >>>>> } >>>>> ;; >>>>> wep) >>>>> local wep_keyidx=0 >>>>> json_get_vars key >>>>> hostapd_append_wep_key bss_conf >>>>> append bss_conf "wep_default_key=$wep_keyidx" "$N" >>>>> [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" >>>>> "$N" >>>>> ;; >>>>> esac >>>>> >>>>> local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) >>>>> append bss_conf "auth_algs=${auth_algs:-1}" "$N" >>>>> append bss_conf "wpa=$wpa" "$N" >>>>> [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" >>>>> "$N" >>>>> >>>>> set_default wps_pushbutton 0 >>>>> set_default wps_label 0 >>>>> set_default wps_pbc_in_m1 0 >>>>> >>>>> config_methods= >>>>> [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button >>>>> [ "$wps_label" -gt 0 ] && append config_methods label >>>>> >>>>> [ -n "$wps_possible" -a -n "$config_methods" ] && { >>>>> set_default ext_registrar 0 >>>>> set_default wps_device_type "6-0050F204-1" >>>>> set_default wps_device_name "OpenWrt AP" >>>>> set_default wps_manufacturer "openwrt.org" >>>>> >>>>> wps_state=2 >>>>> [ -n "$wps_configured" ] && wps_state=1 >>>>> >>>>> [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf >>>>> "upnp_iface=$network_bridge" "$N" >>>>> >>>>> append bss_conf "eap_server=1" "$N" >>>>> [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" >>>>> append bss_conf "wps_state=$wps_state" "$N" >>>>> append bss_conf "ap_setup_locked=0" "$N" >>>>> append bss_conf "device_type=$wps_device_type" "$N" >>>>> append bss_conf "device_name=$wps_device_name" "$N" >>>>> append bss_conf "manufacturer=$wps_manufacturer" "$N" >>>>> append bss_conf "config_methods=$config_methods" "$N" >>>>> [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf >>>>> "pbc_in_m1=$wps_pbc_in_m1" "$N" >>>>> } >>>>> >>>>> append bss_conf "ssid=$ssid" "$N" >>>>> [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" >>>>> "$N" >>>>> [ -n "$iapp_interface" ] && { >>>>> iapp_interface="$(uci_get_state network "$iapp_interface" ifname >>>>> "$iapp_interface")" >>>>> [ -n "$iapp_interface" ] && append bss_conf >>>>> "iapp_interface=$iapp_interface" "$N" >>>>> } >>>>> >>>>> if [ "$wpa" -ge "2" ]; then >>>>> if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then >>>>> set_default auth_cache 1 >>>>> append bss_conf "rsn_preauth=1" "$N" >>>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" >>>>> else >>>>> set_default auth_cache 1 >>>>> append bss_conf "rsn_preauth=1" "$N" >>>>> append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" >>>>> fi >>>>> >>>>> append bss_conf "okc=$auth_cache" "$N" >>>>> [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" >>>>> >>>>> # RSN -> allow management frame protection >>>>> json_get_var ieee80211w ieee80211w >>>>> case "$ieee80211w" in >>>>> [012]) >>>>> json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout >>>>> append bss_conf "ieee80211w=$ieee80211w" "$N" >>>>> [ "$ieee80211w" -gt "0" ] && { >>>>> [ -n "$ieee80211w_max_timeout" ] && \ >>>>> append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" >>>>> "$N" >>>>> [ -n "$ieee80211w_retry_timeout" ] && \ >>>>> append bss_conf >>>>> "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" >>>>> } >>>>> ;; >>>>> esac >>>>> fi >>>>> >>>>> _macfile="/var/run/hostapd-$ifname.maclist" >>>>> case "$macfilter" in >>>>> allow) >>>>> append bss_conf "macaddr_acl=1" "$N" >>>>> append bss_conf "accept_mac_file=$_macfile" "$N" >>>>> ;; >>>>> deny) >>>>> append bss_conf "macaddr_acl=0" "$N" >>>>> append bss_conf "deny_mac_file=$_macfile" "$N" >>>>> ;; >>>>> *) >>>>> _macfile="" >>>>> ;; >>>>> esac >>>>> >>>>> [ -n "$_macfile" ] && { >>>>> json_get_vars macfile >>>>> json_get_values maclist maclist >>>>> >>>>> rm -f "$_macfile" >>>>> ( >>>>> for mac in $maclist; do >>>>> echo "$mac" >>>>> done >>>>> [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" >>>>> ) > "$_macfile" >>>>> } >>>>> >>>>> append "$var" "$bss_conf" "$N" >>>>> return 0 >>>>> } >>>>> >>>>> hostapd_set_log_options() { >>>>> local var="$1" >>>>> >>>>> local log_level log_80211 log_8021x log_radius log_wpa log_driver >>>>> log_iapp log_mlme >>>>> json_get_vars log_level log_80211 log_8021x log_radius log_wpa >>>>> log_driver log_iapp log_mlme >>>>> >>>>> set_default log_level 1 >>>>> set_default log_80211 1 >>>>> set_default log_8021x 1 >>>>> set_default log_radius 1 >>>>> set_default log_wpa 1 >>>>> set_default log_driver 1 >>>>> set_default log_iapp 1 >>>>> set_default log_mlme 1 >>>>> >>>>> local log_mask=$(( \ >>>>> ($log_80211 << 0) | \ >>>>> ($log_8021x << 1) | \ >>>>> ($log_radius << 2) | \ >>>>> ($log_wpa << 3) | \ >>>>> ($log_driver << 4) | \ >>>>> ($log_iapp << 5) | \ >>>>> ($log_mlme << 6) \ >>>>> )) >>>>> >>>>> append "$var" "logger_syslog=$log_mask" "$N" >>>>> append "$var" "logger_syslog_level=$log_level" "$N" >>>>> append "$var" "logger_stdout=$log_mask" "$N" >>>>> append "$var" "logger_stdout_level=$log_level" "$N" >>>>> >>>>> return 0 >>>>> } >>>>> >>>>> _wpa_supplicant_common() { >>>>> local ifname="$1" >>>>> >>>>> _rpath="/var/run/wpa_supplicant" >>>>> _config="${_rpath}-$ifname.conf" >>>>> } >>>>> >>>>> wpa_supplicant_teardown_interface() { >>>>> _wpa_supplicant_common "$1" >>>>> rm -rf "$_rpath/$1" "$_config" >>>>> } >>>>> >>>>> wpa_supplicant_prepare_interface() { >>>>> local ifname="$1" >>>>> _w_driver="$2" >>>>> >>>>> _wpa_supplicant_common "$1" >>>>> >>>>> json_get_vars mode wds >>>>> >>>>> [ -n "$network_bridge" ] && { >>>>> fail= >>>>> case "$mode" in >>>>> adhoc) >>>>> fail=1 >>>>> ;; >>>>> sta) >>>>> [ "$wds" = 1 ] || fail=1 >>>>> ;; >>>>> esac >>>>> >>>>> [ -n "$fail" ] && { >>>>> wireless_setup_vif_failed BRIDGE_NOT_ALLOWED >>>>> return 1 >>>>> } >>>>> } >>>>> >>>>> local ap_scan= >>>>> >>>>> _w_mode="$mode" >>>>> _w_modestr= >>>>> >>>>> [[ "$mode" = adhoc ]] && { >>>>> ap_scan="ap_scan=2" >>>>> >>>>> _w_modestr="mode=1" >>>>> } >>>>> >>>>> wpa_supplicant_teardown_interface "$ifname" >>>>> cat > "$_config" <<EOF >>>>> $ap_scan >>>>> EOF >>>>> return 0 >>>>> } >>>>> >>>>> wpa_supplicant_add_network() { >>>>> local ifname="$1" >>>>> >>>>> _wpa_supplicant_common "$1" >>>>> wireless_vif_parse_encryption >>>>> >>>>> json_get_vars \ >>>>> ssid bssid key \ >>>>> basic_rate mcast_rate \ >>>>> ieee80211w >>>>> >>>>> local key_mgmt='NONE' >>>>> local enc_str= >>>>> local network_data= >>>>> local T=" " >>>>> >>>>> local wpa_key_mgmt="WPA-PSK" >>>>> local scan_ssid="1" >>>>> local freq >>>>> >>>>> [[ "$_w_mode" = "adhoc" ]] && { >>>>> append network_data "mode=1" "$N$T" >>>>> [ -n "$channel" ] && { >>>>> freq="$(get_freq "$phy" "$channel")" >>>>> append network_data "fixed_freq=1" "$N$T" >>>>> append network_data "frequency=$freq" "$N$T" >>>>> } >>>>> >>>>> scan_ssid=0 >>>>> >>>>> [ "$_w_driver" = "nl80211" ] || wpa_key_mgmt="WPA-NONE" >>>>> } >>>>> >>>>> [[ "$_w_mode" = adhoc ]] && append network_data "$_w_modestr" "$N$T" >>>>> >>>>> case "$auth_type" in >>>>> none) ;; >>>>> wep) >>>>> local wep_keyidx=0 >>>>> hostapd_append_wep_key network_data >>>>> append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" >>>>> ;; >>>>> psk) >>>>> local passphrase >>>>> >>>>> key_mgmt="$wpa_key_mgmt" >>>>> if [ ${#key} -eq 64 ]; then >>>>> passphrase="psk=${key}" >>>>> else >>>>> passphrase="psk=\"${key}\"" >>>>> fi >>>>> append network_data "$passphrase" "$N$T" >>>>> ;; >>>>> eap) >>>>> key_mgmt='WPA-EAP' >>>>> >>>>> json_get_vars eap_type identity ca_cert >>>>> [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" >>>>> [ -n "$identity" ] && append network_data "identity=\"$identity\"" >>>>> "$N$T" >>>>> case "$eap_type" in >>>>> tls) >>>>> json_get_vars client_cert priv_key priv_key_pwd >>>>> append network_data "client_cert=\"$client_cert\"" "$N$T" >>>>> append network_data "private_key=\"$priv_key\"" "$N$T" >>>>> append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" >>>>> ;; >>>>> peap|ttls) >>>>> json_get_vars auth password >>>>> set_default auth MSCHAPV2 >>>>> append network_data "phase2=\"$auth\"" "$N$T" >>>>> append network_data "password=\"$password\"" "$N$T" >>>>> ;; >>>>> esac >>>>> append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" >>>>> ;; >>>>> esac >>>>> >>>>> case "$wpa" in >>>>> 1) >>>>> append network_data "proto=WPA" "$N$T" >>>>> ;; >>>>> 2) >>>>> append network_data "proto=RSN" "$N$T" >>>>> ;; >>>>> esac >>>>> >>>>> case "$ieee80211w" in >>>>> [012]) >>>>> [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" >>>>> ;; >>>>> esac >>>>> >>>>> local beacon_int brates mrate >>>>> [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" >>>>> [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" >>>>> "$N$T" >>>>> >>>>> >>>>> [ -n "$basic_rate" ] && { >>>>> local br rate_list= >>>>> for br in $basic_rate; do >>>>> hostapd_add_rate rate_list "$br" >>>>> done >>>>> [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" >>>>> } >>>>> >>>>> [ -n "$mcast_rate" ] && { >>>>> local mc_rate= >>>>> hostapd_add_rate mc_rate "$mcast_rate" >>>>> append network_data "mcast_rate=$mc_rate" "$N$T" >>>>> } >>>>> >>>>> local ht_str >>>>> [ -n "$ht" ] && append network_data "htmode=$ht" "$N$T" >>>>> >>>>> cat >> "$_config" <<EOF >>>>> network={ >>>>> scan_ssid=$scan_ssid >>>>> ssid="$ssid" >>>>> key_mgmt=$key_mgmt >>>>> $network_data >>>>> } >>>>> EOF >>>>> return 0 >>>>> } >>>>> >>>>> wpa_supplicant_run() { >>>>> local ifname="$1"; shift >>>>> >>>>> _wpa_supplicant_common "$ifname" >>>>> >>>>> /usr/sbin/wpa_supplicant -B \ >>>>> ${network_bridge:+-b $network_bridge} \ >>>>> -P "/var/run/wpa_supplicant-${ifname}.pid" \ >>>>> -D ${_w_driver:-wext} \ >>>>> -i "$ifname" \ >>>>> -c "$_config" \ >>>>> -C "$_rpath" \ >>>>> "$@" >>>>> >>>>> ret="$?" >>>>> wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" >>>>> /usr/sbin/wpa_supplicant 1 >>>>> >>>>> [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED >>>>> >>>>> return $ret >>>>> } >>>>> >>>>> hostapd_common_cleanup() { >>>>> killall hostapd wpa_supplicant meshd-nl80211 >>>>> } >>>>> >>>>> /etc/config/wireless >>>>> >>>>> config wifi-device 'radio0' >>>>> option type 'mac80211' >>>>> option path 'pci0000:00/0000:00:00.0' >>>>> option htmode 'HT20' >>>>> option hwmode '11ng' >>>>> list ht_capab 'SHORT-GI-40' >>>>> list ht_capab 'TX-STBC' >>>>> list ht_capab 'RX-STBC1' >>>>> list ht_capab 'DSSS_CCK-40' >>>>> option txpower '27' >>>>> option country 'US' >>>>> >>>>> config wifi-iface >>>>> option device 'radio0' >>>>> option mode 'ap' >>>>> option ssid 'Test' >>>>> option network 'lan' >>>>> option encryption ’none' >>>>> option auth_server ‘172.X.X.X' >>>>> option auth_port '1812' >>>>> option auth_secret 'secret' >>>>> option acct_server ‘172.X.X.X' >>>>> option acct_port '1812' >>>>> option acct_secret 'secret' >>>>> option dynamic_vlan '2' >>>>> option vlan_file '/etc/config/hostapd.vlan' >>>>> option vlan_tagged_interface 'eth0' >>>>> option dae_secret 'secret' >>>>> option dae_client ‘172.X.X.X' >>>>> option macfilter '2' >>>>> option dae_port '3799' >>>>> option nasid ‘Ubiquiti’ >>>>> >>>>> >>>>> You will need the wpad package and hostapd >>>>> >>>>> Thanks, >>>>> >>>>> Ludovic [email protected] <[email protected]> :: +1.514.447.4918 >>>>> (x145) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Le 2015-05-20 à 11:46, Earl Robinson <[email protected]> a écrit : >>>>> >>>>> Thanks Chris, >>>>> >>>>> I tried with the current stable release ,14.07 (barrier breaker), a >>>>> few weeks ago and I was having problems with getting drivers for 5ghz wifi >>>>> working. I'm assuming the driver situation with 12.09 (attitude >>>>> adjustment) >>>>> is even worse since that release is 18 months older. >>>>> >>>>> I've got a spare 2.4ghz router I can try with 14.07. There seems to be >>>>> a lot of changes to the code for dynamic vlans between 14.07 and trunk >>>>> (16.?) so I was hoping there's some config magic that hasn't made it to >>>>> the >>>>> docs yet that will resolve the issues I've had. >>>>> >>>>> I'll followup on this list on how my testing goes. >>>>> >>>>> -earl >>>>> >>>>> On Tue, May 19, 2015 at 1:33 PM, Chris Abel < >>>>> [email protected]> wrote: >>>>> >>>>>> Make sure to use OpenWRT 12.09 Attitude Adjustment. >>>>>> >>>>>> On Tue, May 19, 2015 at 1:26 PM, Earl Robinson <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hey Ludovic, >>>>>>> >>>>>>> I'm running on a TP-Link Archer C7 v2 and a TP-Link TL-WDR4300 v1. I >>>>>>> have hostapd and hostapd-common installed. If I try to install wpad i >>>>>>> get >>>>>>> the error: >>>>>>> root@OpenWRT:~# opkg install wpad >>>>>>> Installing wpad (2015-03-25-1) to root... >>>>>>> Downloading >>>>>>> http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/wpad_2015-03-25-1_ar71xx.ipk >>>>>>> . >>>>>>> Collected errors: >>>>>>> * check_data_file_clashes: Package wpad wants to install file >>>>>>> /usr/sbin/hostapd >>>>>>> But that file is already provided by package * hostapd >>>>>>> * opkg_install_cmd: Cannot install package wpad. >>>>>>> >>>>>>> -earl >>>>>>> >>>>>>> On Tue, May 19, 2015 at 10:53 AM, Ludovic Zammit <[email protected] >>>>>>> > wrote: >>>>>>> >>>>>>>> Hello Earl, >>>>>>>> >>>>>>>> With which equipment you are using the OpenWRT ? >>>>>>>> >>>>>>>> The radius part is handle by Hostapd and wpad so make sure that >>>>>>>> these two packages are installed ( hostap-common + wpad ). >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Ludovic [email protected] <[email protected]> :: >>>>>>>> +1.514.447.4918 (x145) :: www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Le 2015-05-18 à 16:18, Earl Robinson <[email protected]> a écrit : >>>>>>>> >>>>>>>> I've been working to get PacketFence (v5.0.1) working with OpenWRT >>>>>>>> (devel v15 r46557). >>>>>>>> >>>>>>>> My end goal is to have PacketFence controlling the OpenWRT AP in >>>>>>>> VLAN mode, using dynamic VLAN assignment. I've followed the PF Device >>>>>>>> configuration guide and the administration guide, the new ZEN >>>>>>>> out-of-band >>>>>>>> quick guide. I've used various docs to sett up the OpenWRT AP including >>>>>>>> this one: >>>>>>>> http://wiki.openwrt.org/doc/howto/wireless.security.8021x >>>>>>>> >>>>>>>> I've been able to get a cisco 3560 switch working great. When I >>>>>>>> connect a device, the cisco switch automatically send a RADIUS auth >>>>>>>> request >>>>>>>> to the pf server using the device mac address (mab). And when I auth >>>>>>>> to the >>>>>>>> pf server via the web, my VLAN is reassigned properly. >>>>>>>> >>>>>>>> With the same client devices, I can connect to an open SSID on the >>>>>>>> AP, but then get no RADIUS traffic (dynamic VLANs and nab doesn't work >>>>>>>> with >>>>>>>> an open SSID?). So I have to set the SSID to WPA2, and then I get an >>>>>>>> 802.1x >>>>>>>> auth prompt on the client, which generates a RADIUS request back to pf. >>>>>>>> >>>>>>>> There's a thread on the openwrt list from 2013-2014: >>>>>>>> https://forum.openwrt.org/viewtopic.php?id=44968 >>>>>>>> which seems to show Fabrice was able to implement what I want with >>>>>>>> earlier versions of OpenWRT, but with heavy mods. The current devel >>>>>>>> version >>>>>>>> is supposed to work without any special mods. >>>>>>>> >>>>>>>> Has anybody been able to get this working recently, and if so have >>>>>>>> any guidance? At this point I believe my problem lies on the OpenWRT >>>>>>>> side, >>>>>>>> but I figure somebody on this list is likely to know the fix. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Earl >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> One dashboard for servers and applications across >>>>>>>> Physical-Virtual-Cloud >>>>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>>>> Performance metrics, stats and reports that give you Actionable >>>>>>>> Insights >>>>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>>>> >>>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> One dashboard for servers and applications across >>>>>>>> Physical-Virtual-Cloud >>>>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>>>> Performance metrics, stats and reports that give you Actionable >>>>>>>> Insights >>>>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> One dashboard for servers and applications across >>>>>>> Physical-Virtual-Cloud >>>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>>> Performance metrics, stats and reports that give you Actionable >>>>>>> Insights >>>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chris Abel >>>>>> Systems and Network Administrator >>>>>> Wildwood Programs >>>>>> 2995 Curry Road Extension >>>>>> Schenectady, NY 12303 >>>>>> 518-836-2341 >>>>>> >>>>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>>>> intended recipient and may contain confidential information, which is, or >>>>>> may be, legally privileged or otherwise protected by law from further >>>>>> disclosure. If you are not the intended recipient, any disclosure, >>>>>> copying, >>>>>> use, or distribution of the information included in this email and any >>>>>> attachments is prohibited. If you have received this communication in >>>>>> error, please notify the sender by reply email and immediately and >>>>>> permanently delete this email and any attachments. >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> One dashboard for servers and applications across >>>>>> Physical-Virtual-Cloud >>>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>>> Performance metrics, stats and reports that give you Actionable >>>>>> Insights >>>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> One dashboard for servers and applications across >>>>> Physical-Virtual-Cloud >>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>> Performance metrics, stats and reports that give you Actionable >>>>> Insights >>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>> >>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> One dashboard for servers and applications across >>>>> Physical-Virtual-Cloud >>>>> Widest out-of-the-box monitoring support with 50+ applications >>>>> Performance metrics, stats and reports that give you Actionable >>>>> Insights >>>>> Deep dive visibility with transaction tracing using APM Insight. >>>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> One dashboard for servers and applications across Physical-Virtual-Cloud >>> Widest out-of-the-box monitoring support with 50+ applications >>> Performance metrics, stats and reports that give you Actionable Insights >>> Deep dive visibility with transaction tracing using APM Insight. >>> >>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> One dashboard for servers and applications across Physical-Virtual-Cloud >>> Widest out-of-the-box monitoring support with 50+ applications >>> Performance metrics, stats and reports that give you Actionable Insights >>> Deep dive visibility with transaction tracing using APM Insight. >>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Chris Abel Systems and Network Administrator Wildwood Programs 2995 Curry Road Extension Schenectady, NY 12303 518-836-2341 -- IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information, which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this email and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply email and immediately and permanently delete this email and any attachments.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
