This use-case is a pretty rare one, but in some circumstances, it can be very helpful. For example when you live in a student dormatory which only offers one 802.1x-encrypted LAN-port in your room, but you want to run your own wifi-network to be online with other clients, too, like your laptop or smartphone. In this case, normal routers with stock firmware won't help you out because most don't support this networking protocol. OpenWrt on the other hand offers you the possibility to connect your router (you could buy this one if you don't already have a suiting router) to the 802.1x-network via WAN and enable you to have an own, independent network. Here's how.
Important: before you attempt to do this, it is NECESSARY to ask your network admin if he/she is okay with your usage scenario. This can cause some trouble if you do it without permission, as many 802.1x-networks aim to prevent this exact use-case.
So here's the deal. At first, you will need to establish an internet connection that does not rely on the network you're trying to connect to.
Example: use your smartphone with data plan as a mobile hotspot. After having activated the hotspot, connect your router to the hotspot
in LuCI: Network > Wireless > Scan
Next, update the packages and install a good editor like Nano if you haven't done that already, then remove the package wpad-mini
and install wpad
which is capable of 802.1x-authentification:
opkg update
opkg install nano
opkg remove wpad-mini
opkg install wpad
nano /etc/config/wpa.conf
In wpa.conf, your access data for the network is stored. This example assumes the network uses PEAP for outer auth and MSCHAPV2 for inner auth (when in doubt ask your network admin):
ctrl_interface=/var/run/wpa_supplicant
network={
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="IDENTITY_HERE"
password="PASSWORD_HERE"
}
Now, hook up your desired LAN-port (probably eth0
) to this config file to enable the 802.1x-auth:
wpa_supplicant -D wired -i eth0 -c /etc/config/wpa.conf
The following script is necessary to automatically bring up your configuration on boot (we call it wpa-autostart):
nano /etc/init.d/wpa-autostart
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org
START=99
start() {
echo start
wpa_supplicant -D wired -i eth0 -c /etc/config/wpa.conf &
}
Finally, give rights to the script:
chmod +x /etc/init.d/wpa-autostart
/etc/init.d/wpa-autostart enable
/etc/init.d/wpa-autostart start
That's it. Have fun!
Reference: This tutorial is a shorter version of this one here. Check the link if you need more detailed instructions.
Hello, great tutorial. I've been using this method for some time, but recently, after the update from the version 19 to 21, it stopped suddenly working. Looks like there is a conflict in choosing the right method of EAP to authenticate.... Opened openwrt/openwrt#9836