Wifi - WPA2-EAP (PEAP;MSCHAPv2)



  • i just tried to get my omega online, but there aren't many options to setup the wifi,
    for example i have no way of entering my username, so out of the box there seems only support for WPA2-PSK? is that correct?
    i



  • Hi @Peter-Petermann, would you be able to tell us which browser you are using?



  • Yeah me too, this is my screen shot, no login is asked,
    currently using the Firefox v41.0.2 from OSX ElCapitan
    (even with Safari it's the same, no login, just.... all disabled
    (Onion + Mini Dock, using microUSB to USB, screen from terminal, with driver already installed, is failed too)

    Screen Shot 2015-11-05 at 9.39.33 AM.png



  • I initially got the same problem - same screen without any active content.
    This was using Firefox under Windows 10 - resolved by using Chrome or Microsoft Edge
    Apparently the problem is in the Omega javascript code and the same problem affects Safari.
    See the posts in https://community.onion.io/topic/5/troubleshooting-the-omega-setup - which also says:
    caused by a bug in the Javascript framework we are using. We have been working on a fix for it. We will include that in the next console release later this week.
    and
    the bug in Firefox as well as Safari



  • @Standard-User Can you open up the Javascript Console and give us a screenshot of the error message it shows? More information about how to open the Javascript Console can be found here: https://developer.mozilla.org/en-US/docs/Tools/Web_Console



  • This is the error that appeared in Web ConsoleScreen Shot 2015-11-05 at 1.28.18 PM.png



  • I think there might be a misunderstanding in this thread.

    My problem is not about login in to the Omega, it is about the possible options to connect it to an existing wifi network. It doesn't allow any login that requires a username/password (like WPA2-EAP with PEAP;MSCHAPv2, which is pretty common). Not on the web interface, and not on the console either (I actually took a bit more time to look at the wifisetup script and it only allows:

    • no encryption (sigh)
    • wep
    • wpa with psk (pre shared key)
    • wpa2 with psk

    now i didn't spend too much time on it, as I'm quite limited with that resource lately, but to me it seems that the underlying software should support the other variants as well (quick look seemed quite similar to openwrt, but i didn't check versions of the packages or anything), but where not added to the wifisetup script (and apparently not to the webinterface either).

    The thing is, that being only allowed to connect to networks with shared keys is quite a harsh limit, as a lot of networks (company network, university networks etc) require a per-user login, thus use something that actually supports this.



  • @Peter-Petermann That makes sense. The underlying software in OpenWRT does support connecting to this wifi networks that requires username/password authentication. We have not built that into the GUI client or the CLI client (wifisetup) yet. That will be something we will keep in mind as we work on Console and utilities on the Omega.

    For now, you should be able to connect the Omega to these kind of network with UCI. More information about setting up wireless configurations through UCI can be found here: http://wiki.openwrt.org/doc/uci/wireless.



  • I tried configured it manually by calling uci set wireless.@wifi-iface[1].ssid etc... following what's inside wifisetup.sh and referring to https://wiki.openwrt.org/doc/uci/wireless#wpa_enterprise_client it just won't even attempt to connect. After executing wifi, I'm only getting.

    IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
    IPv6: ADDRCONF(NETDEV_UP): wlan0-1: link is not ready
    

    It only works if I'm connecting to psk/psk2 SSID.

    IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
    IPv6: ADDRCONF(NETDEV_UP): wlan0-1: link is not ready
    wlan0-1: authenticate with xx:xx:xx:xx:xx:xx
    wlan0-1: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
    wlan0-1: authenticated
    

    If I set the encryption to psk2 for an WPA2-EAP SSID, it won't even try to connect, or at least that's what I get from the console.

    Below is the output from my cat /etc/config/wireless

    config wifi-device 'radio0'
    	option type 'mac80211'
    	option hwmode '11g'
    	option path 'platform/ar933x_wmac'
    	option htmode 'HT20'
    	option disabled '0'
    	option channel '9'
    	option txpower '30'
    	option country 'US'
    
    config wifi-iface
    	option device 'radio0'
    	option encryption 'none'
    	option ssid 'Omega-1678'
    	option network 'wlan'
    	option mode 'sta'
    
    config wifi-iface
    	option device 'radio0'
    	option mode 'sta'
    	option auth 'auth=MSCHAPV2'
    	option network 'wwan'
    	option password 'xxxxxxxx'
    	option eap_type 'peap'
    	option identity 'xxxxxx\xxxxxxxxxxx'
    	option encryption 'wpa+tkip'
    	option ssid 'xxxxxxxx'
    

    Executing ubus call iwinfo scan '{"device":"wlan0"}' gets me

    {
    			"ssid": "XXXXXXX",
    			"bssid": "xx:xx:xx:xx:xx:xx",
    			"mode": "Master",
    			"channel": 8,
    			"signal": -76,
    			"quality": 34,
    			"quality_max": 70,
    			"encryption": {
    				"enabled": true,
    				"wpa": [
    					1,
    					2
    				],
    				"authentication": [
    					"802.1x"
    				],
    				"ciphers": [
    					"tkip",
    					"ccmp"
    				]
    			}
    		},
    


  • At last, got it working after reading http://superuser.com/questions/756438/openwrt-wpa2-enterprise-radius-config-is-not-applied and https://wiki.openwrt.org/doc/howto/wireless.utilities#hostapd-mini_and_wpad-mini

    Basically we need to replace wpad-mini with wpad which have support for 802.1x and EAP. In order to do that, we must first have access to internet via another non EAP wifi AP. Then do this

    opkg update
    opkg remove wpad-mini
    opkg install wpad
    

    Tested with the above configuration and it works, though sacrificing another 0.3MB of space. I'll give it a try to add this into wifisetup.sh



  • hey faulty,
    sorry i hadn't posted about this anymore - basically i came to the same solution as you did - just i wasn't able to implement it yet, as I did lack the network, so i postponed to "when i have some more time"
    great job and very helpful post for everyone who might struggle with the same problems!

    regards,
    PP


Log in to reply
 

Looks like your connection to Onion Community was lost, please wait while we try to reconnect.