From: florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Mon, 11 Aug 2008 21:38:50 +0000 (+0000)
Subject: Add 802.1x client configuration support and corresponding documentation (#2069)
X-Git-Url: https://git.rohieb.name/openwrt.git/commitdiff_plain/17d1b91a9611b9278c926e82c9be938ade02d095

Add 802.1x client configuration support and corresponding documentation (#2069)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12283 3c298f89-4303-0410-b956-a3cf2f4a3e73
---

diff --git a/docs/wireless.tex b/docs/wireless.tex
index de764a312..675023385 100644
--- a/docs/wireless.tex
+++ b/docs/wireless.tex
@@ -272,6 +272,39 @@ config wifi-iface
     option key      "<psk for WDS>"
 \end{Verbatim}
 
+\paragraph{802.1x configurations}
+
+OpenWrt supports both 802.1x client and Access Point
+configurations. 802.1x client is only working with
+Atheros or mac80211 drivers. Configuration only
+supports EAP types TLS, TTLS or PEAP.
+
+\subparagraph{EAP-TLS}
+
+\begin{Verbatim}
+config wifi-iface
+    option device         "ath0"
+    option network        lan
+    option ssid           OpenWrt
+    option eap_type       tls
+    option ca_cert        "/etc/config/certs/ca.crt"
+    option priv_key       "/etc/config/certs/priv.crt"
+    option priv_key_pwd   "PKCS#12 passphrase"
+\end{Verbatim}
+
+\subparagraph{EAP-PEAP}
+
+\begin{Verbatim}
+config wifi-iface
+    option device         "ath0"
+    option network        lan
+    option ssid           OpenWrt
+    option eap_type       peap
+    option ca_cert        "/etc/config/certs/ca.crt"
+    option auth           MSCHAPV2
+    option identity       username
+    option password       password
+\end{Verbatim}
 
 \paragraph{Limitations:}
 
diff --git a/package/madwifi/files/lib/wifi/madwifi.sh b/package/madwifi/files/lib/wifi/madwifi.sh
index d8a6d00ea..284c6609c 100755
--- a/package/madwifi/files/lib/wifi/madwifi.sh
+++ b/package/madwifi/files/lib/wifi/madwifi.sh
@@ -81,6 +81,7 @@ enable_atheros() {
 		nosbeacon=
 		config_get ifname "$vif" ifname
 		config_get enc "$vif" encryption
+		config_get eap_type "$vif" eap_type
 		config_get mode "$vif" mode
 		
 		[ "$mode" = sta ] && config_get nosbeacon "$device" nosbeacon
@@ -301,8 +302,46 @@ network={
 }
 EOF
 					;;
-					WPA|wpa|WPA2|wpa2)
-						#add wpa_supplicant calls here
+					WPA|wpa|WPA2|wpa2i|8021x|8021X)
+						config_get ca_cert "$vif" ca_cert
+						eap_type=$(echo $eap_type | tr 'a-z' 'A-Z')
+						case "$eap_type" in
+							tls|TLS)
+								proto='proto=WPA2'
+								pairwise='pairwise=CCMP'
+								group='group=CCMP'
+								config_get priv_key "$vif" priv_key
+								config_get priv_key_pwd "$vif" priv_key_pwd
+								priv_key="private_key=\"$priv_key\""
+								priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
+							;;
+							peap|PEAP|ttls|TTLS)
+								proto='proto=WPA2'
+								config_get auth "$vif" auth
+								config_get identity "$vif" identity
+								config_get password "$vif" password
+								phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
+								identity="identity=\"$identity\""
+								password="password=\"$password\""
+							;;
+						esac
+						cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
+network={
+	scan_ssid=1
+	ssid="$ssid"
+	key_mgmt=WPA-EAP
+	$proto
+	$pairwise
+	$group
+	eap=$eap_type
+	ca_cert="$ca_cert"
+	$priv_key
+	$priv_key_pwd
+	$phase2
+	$identity
+	$password
+}
+EOF
 					;;
 				esac
 				[ -z "$proto" ] || wpa_supplicant ${bridge:+ -b $bridge} -B -D madwifi -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf