Closed hheinreich closed 5 months ago
hi,
wpa2 enterprise is a bit of a sophisticated feature.
if you're still around i'd be iwlling to work with you to get it functional. i have all of the programs but no user has ever had the equipment/setup to test it.
@hheinrich any interest here?
I never was able to make it work on ddwrt when I wanted the router to log into the AP using WPA2 Enterprise. I did get it to work using OpenWrt but not when I was using OpenVPN. OpenVPN would work on ddwrt if I was connected with ethernet.
A little confused (sorry writing from my BlackBerry Passport so there'll be lots of needless metadata because apparently nothing wants to parse their break properly).
So with wpad-ssl everything worked? Without it you couldn't get it to work?
I'm trying to understand whether the issue is my build or how dd-wrt offers eap.
And I assume with wpad-ssl it works with openvpn too? You should try the latest builds just in case some of these issues were fixed in config by the joker.
It's my intention to have eap fully working so I'd like to get this right.
From: brooksbUWO Sent: Tuesday, 25 October 2022 10:17 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
I never was able to make it work on ddwrt when I wanted the router to log into the AP using WPA2 Enterprise. I did get it to work using OpenWrt but not when I was using OpenVPN. OpenVPN would work on ddwrt if I was connected with ethernet.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1290820986, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGZOR3UYH4GFP2PDK4DWFAB2DANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
The router I was using was D-Link DIR-2640 A1.
So with wpad-ssl everything worked? Without it you couldn't get it to work?
It works with wpad-wolfssl with OpenWRT. It is suppose to work with wpad-ssl (on OpenWRT) and for some people it did, but it didn't have the correct options to select like wpad-wolfssl.
I'm trying to understand whether the issue is my build or how dd-wrt offers eap. And I assume with wpad-ssl it works with openvpn too?
I don't think it is your build. I think it is the way dd-wrt offers eap.
OpenVPN would not work with either wpad-ssl or wpad-wolfssl on OpenWRT. I could get the router to connect to the WPA2 Enterprise AP and devices could connect to the internet using the router's ethernet ports if I was not using VPN.
You should try the latest builds just in case some of these issues were fixed in config by the joker. It's my intention to have eap fully working so I'd like to get this right.
I can try again, but it won't be until later this week. I tried to get official support for the D-Link DIR-2640 A1. I asked about it in the dd-wrt forum and they requested I upload a default firmware dump. Then whoever was in charge of the forum blocked my ability to upload the default firmware dump. It appeared they wanted nothing to do with this router so I continued to use OpenWRT.
That's not a problem.
If you can tell me how to add the right features or fields to the eap section I'd be willing to do that. I want this working.
Yes on the dd-wrt forums you may get banned or squelched for mentioning this build. They claim I'm violating GPL but if I am, then brainslayer definitely is.
In reality I'm almost certain that there was huge pressure on BS to remove me from the forums (his external funders).
Most people hate these routers with OpenWrt or stock because openwrt:s mt76, quite frankly, sucks. And stock doesn't offer what people want.
All I know is i'm pretty sure these routers on my firmware are competitive with wifi6 offerings . I'm using a 2012 mac pro with a decent wifi card and I hit 500/500. And it's not a 4x4 adapter. I'm pretty sure these are my cards limits and not the router's. But I could be wrong on this too and maybe it tops out at 500/500ish even with a 4stream adapter.
Anyways I'd like to add eap because it'll bring more people here.
From: hheinreich Sent: Tuesday, 25 October 2022 11:07 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
The router I was using was D-Link DIR-2640 A1.
So with wpad-ssl everything worked? Without it you couldn't get it to work?
It works with wpad-wolfssl with OpenWRT. It is suppose to work with wpad-ssl (on OpenWRT) and for some people it did, but it didn't have the correct options to select like wpad-wolfssl.
I'm trying to understand whether the issue is my build or how dd-wrt offers eap. And I assume with wpad-ssl it works with openvpn too?
I don't think it is your build. I think it is the way dd-wrt offers eap.
OpenVPN would not work with either wpad-ssl or wpad-wolfssl on OpenWRT. I could get the router to connect to the WPA2 Enterprise AP and devices could connect to the internet using the router's ethernet ports if I was not using VPN.
You should try the latest builds just in case some of these issues were fixed in config by the joker. It's my intention to have eap fully working so I'd like to get this right.
I can try again, but it won't be until later this week. I tried to get official support for the D-Link DIR-2640 A1. I asked about it in the dd-wrt forumhttps://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1258894#1258894 and they requested I upload a default firmware dump. Then whoever was in charge of the forum blocked my ability to upload the default firmware dump. It appeared they wanted nothing to do with this router so I continued to use OpenWRT.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1290877398, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG33MYZQYFJADZ67T33WFAHUNANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
Below are the missing items from ddwrt. There are variations or multiple combinations of the choices. However the ones that I'm interested in using are part of the 802.1x, Eduroam which is used by universities all over the world. So this would help to get your release more exposure.
The specific information that needs to be specified is: EAP-Method: PEAP, Authentication: EAP-MSCHAPv2, Identity: Username, and Password: Password. None of these options are available for any of the WPAx-EAP choices on ddwrt.
I'll help by testing to see if ddwrt can connect after you make the changes.
thanks man i'll look into this.
just wondering: why are your HWADDRs showing as 00s? did you set them to that via nvram just to anonymise?
i was kind of concerned seeing that 😜
From: hheinreich @.> Sent: October 25, 2022 4:02 PM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
Below are the missing items from ddwrt. There are variations or multiple combinations of the choices. However the ones that I'm interested in using are part of the 802.1x, Eduroamhttps://eduroam.org/how/ which is used by universities all over the world. So this would help to get your release more exposure.
The specific information that needs to be specified is: EAP-Method: PEAP, Authentication: EAP-MSCHAPv2, Identity: Username, and Password: Password. None of these options are available for any of the WPAx-EAP choices on ddwrt.
[2022-03-21 15_03_36-Window]https://user-images.githubusercontent.com/57774075/159355044-4f4696cb-514b-4e88-9e77-b28a7a77e4ff.png
I'll help by testing to see if ddwrt can connect after you make the changes.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1291190325, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG2RXEU4KYNEYUMPBFDWFBKIBANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
so i have been speaking to @paldier about this
i had the right program but it needed a big update to accommodate the new authentication protocols (PEAP, MSCHAPv2).
the first thing i realised after thinking about your request is that you need to put the radio in station mode (I THINK). maybe you're already doing that.
you're asking the router radio to act as a client, so this is the first hurdle and explains why you're not seeing those options inthe menu.
the second hurdle is figuring out how to configure the /tmp/RT2860{_pci}.dat file to authenticate you.
i will be uploading a new build shortly here with an updated rtdot1x program. if you really want this to work i would recommend you check out the README file here:
you should be able to play with the dat files without me having to change the GUI. really that's how i've been able to test the current features people see in the menus before adding them.
i am pretty sure this program does what you want. the question is whether we can get the radio in station mode and have this program authenticate.
actually instead of uploading a new build now, i can just give you the program.
scp it to your ~ and make a symlink:
ln -s rt2860apd rtinicapd
call rt2860apd if you want to test it out on 2.4ghz radio, and rtinicapd if you want to test it on the 5ghz radio.
i think i figured out the problem.
i never built my stuff with WPA_SUPPLICANT2=y
this is probably why you couldn't do this. i am in the process of adding it as we speak
hehehe
the weird thing is i don't know how to get it to show up in the GUI. i think you'd have to put it in repeater mode or something? if you set the nvram variable "{wl0,wl1}_security_mode=8021X" , the menu shows up.
posting it now. let me know where to find this option. it has to be there somewhre.
well? did you try it?
you're asking the router radio to act as a client, so this is the first hurdle and explains why you're not seeing those options in the menu.
Yes, I want it to ONLY act as a client. I want to use it for WiFi-to-ethernet and not using the radios for AP.
well? did you try it?
Sorry, I have not had a chance YET.
i had the right program but it needed a big update to accommodate the new authentication protocols (PEAP, MSCHAPv2).
I was waiting until after your update. Tonight, I will put the update on my router and bring it with me tomorrow to test on the same WPA2 Enterprise network as when I first asked about this in March. Are you interested in anything in particular that I should look for?
I tried it and I can't get the option to show up.
It has to be in station mode.
You need to see if wl0_net_mode is 'sta' or 'apsta'
If it's not, then you have to set it to one of those before the option shows up.
From: hheinreich Sent: Wednesday, 9 November 2022 8:57 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
I tried it and I can't get the option to show up.
[2022-11-09 09_53_54-RichoMP (build 50813M) - Wireless Security]https://user-images.githubusercontent.com/57774075/200878206-39a06a7f-a6cd-4fcc-86ac-a75b10c0bd7d.png
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1308976119, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGYJPN236YDJFR63EF3WHPCXPANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
sorry i meant wl0_mode should be 'sta'
or wl1_mode should be 'sta'.
i will probably add an apsta macro in there too but if you have sta it should show up.
From: Gagan Sidhu @.> Sent: November 9, 2022 9:02 AM To: hheinreich @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
It has to be in station mode.
You need to see if wl0_net_mode is 'sta' or 'apsta'
If it's not, then you have to set it to one of those before the option shows up.
From: hheinreich Sent: Wednesday, 9 November 2022 8:57 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
I tried it and I can't get the option to show up.
[2022-11-09 09_53_54-RichoMP (build 50813M) - Wireless Security]https://user-images.githubusercontent.com/57774075/200878206-39a06a7f-a6cd-4fcc-86ac-a75b10c0bd7d.png
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1308976119, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGYJPN236YDJFR63EF3WHPCXPANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
sorry i meant wl0_mode should be 'sta' or wl1_mode should be 'sta'.
Here's the list of modes that show up:
thanks for bringing this to my attention.
it turns out the way BS configured hte code, you wouldn't be able to select 8021x from the menus if you were in STA because the 'client' option isn't ther.e
nor would you have been able to select 8021x in APSTA mode (repeater) because he didn't add the 'apsta' check for rt2880, which meant the menu didn't show up.
50843 will have this fixed, and i'm going to build and push it out right away here.
stay tuned.
From: hheinreich @.> Sent: November 9, 2022 9:17 AM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
sorry i meant wl0_mode should be 'sta' or wl1_mode should be 'sta'.
Here's the list of modes that show up: [2022-11-09 10_14_59-]https://user-images.githubusercontent.com/57774075/200883169-9e74f09e-cb62-419b-9d96-2127a82b80d5.png
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309005502, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG4SM3WM3MQTDPUWYHDWHPFCVANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
This is not really a big deal, but I also noticed when I disabled a radio, the LED remains on. If disabled, then it will start OFF after a reboot.
What router do you have?
From: hheinreich Sent: Wednesday, 9 November 2022 9:38 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
This is not really a big deal, but I also noticed when I disabled a radio, the LED remains on. If disabled, then it will start OFF after a reboot.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309032229, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG5AKFXEDPW6U6DN7ODWHPHP5ANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
What router do you have?
DIR-2640
i can't tell you why that's happening right now. i have an 882 and i'll check it out in an hour or so, but nothing in the code has changed for radios.
i do test this feature here and there but have not tested it recently.
i think that behaviour, of disabling the raido and rebooting with it 'off', is how it's supposed to work.
i didn't change anything there. all i did was add a little bit of code for the LEDs on the MT_WIFI driver. i didn't touch anything else.
From: hheinreich @.> Sent: November 9, 2022 9:40 AM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
What router do you have?
DIR-2640
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309035564, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG5N4NL2CX43HHFWEPLWHPHZXANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
how do you know it's disabled without seeing the light off?
usually when i tested it, i would hold the button until the light turned off, then hold it again until it turned on.
From: Gagan Sidhu @.> Sent: November 9, 2022 9:55 AM To: i3roly/glibc_ddwrt @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
i can't tell you why that's happening right now. i have an 882 and i'll check it out in an hour or so, but nothing in the code has changed for radios.
i do test this feature here and there but have not tested it recently.
i think that behaviour, of disabling the raido and rebooting with it 'off', is how it's supposed to work.
i didn't change anything there. all i did was add a little bit of code for the LEDs on the MT_WIFI driver. i didn't touch anything else.
From: hheinreich @.> Sent: November 9, 2022 9:40 AM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
What router do you have?
DIR-2640
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309035564, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG5N4NL2CX43HHFWEPLWHPHZXANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
how do you know it's disabled without seeing the light off?
I have not used the buttons on the back. I was disabling in the menu. It also does not turn on when enabled in the menu.
lollllll
you're using network mode 'disabled'. i never even tested that hahahhahahahah that's hilariuos
From: hheinreich @.> Sent: November 9, 2022 10:06 AM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
how do you know it's disabled without seeing the light off?
I have not used the buttons on the back. I was disabling in the menu. It also does not turn on when enabled in the menu.
[2022-11-09 11_04_28-RichoMP (build 50813M) - Info]https://user-images.githubusercontent.com/57774075/200894478-600af5d6-f01c-4e1a-8f9a-9bc77fd9a40f.png
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309069061, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGZWY242SGZJ436F2B3WHPKZVANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
you're using network mode 'disabled'. i never even tested that hahahhahahahah that's hilariuos
Yes, when it is disabled, the radio status changes to Inactive. If the radio is not active, then the LED should be off. Anyway, I thought I would point this out since you are doing a rebuild. If it's not easy to change, then don't worry about it.
it should be fixedin the next build.
have to rebuild for the extra line i needed to add to turn off the radio if you have it set as disabled.
should work in next build. it'll be up in 20 or 30 mins
From: hheinreich @.> Sent: November 9, 2022 10:11 AM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
you're using network mode 'disabled'. i never even tested that hahahhahahahah that's hilariuos
Yes, when it is disabled, the radio status changes to Inactive. If the radio is not active, then the LED should be off. Anyway, I thought I would point this out since you are doing a rebuild. If it's not easy to change, then don't worry about it.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309075110, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG7NZUUTVHOXESMOYCTWHPLKJANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
There's now an option for station mode and the security mode has option for PEAP but is it really using MSCHAPv2 for the phase 2 authentication?
I also can't access the router after making the changes in the above screenshot. I have done reboot and still can't access router, but maybe I'm just impatient and will get it working. Here's some good news, the LED is on for the radio now that it is active. I didn't get to see if it goes off when set to inactive because I can't access router YET.
I'll try more tomorrow to see what happens. Thank you for your interest in this issue.
I don't get why your mac addresses are showing up as 0..
It's possible I need to tweak a few settings.
It's also not unlikely that when you apply the settings or reboot you can't access the router because something happens in the supplicant part of the code.
The first thing is to ensure you're getting a mac address and hjust zeroing it for the screenshot.
The next thing is: can you access the router via ssh via wired at all after applying the settings?
From: hheinreich Sent: Wednesday, 9 November 2022 3:42 PM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
There's now an option for station mode and the security mode has option for PEAP but is it really using MSCHAPv2 for the phase 2 authentication?
[2022-11-09 16_26_35-Window]https://user-images.githubusercontent.com/57774075/200956942-af4a1232-b33e-4f72-b95b-603e1d34b75f.png
I also can't access the router after making the changes in the above screenshot. I have done reboot and still can't access router, but maybe I'm just impatient and will get it working. Here's some good news, the LED is on for the radio now that it is active. I didn't get to see if it goes off when set to inactive because I can't access router YET.
I'll try more tomorrow to see what happens. Thank you for your interest in this issue.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309485406, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGYZN5H7ZEF3K3DD2RDWHQSFNANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
I don't get why your mac addresses are showing up as 0..
I noticed that too and I didn't set it to zeros.
The next thing is: can you access the router via ssh via wired at all after applying the settings?
I lost access while I was hard wired to it. I haven't tried putty connection yet.
Tomorrow, I will first do a soft reset so everything is initialized with default settings. I'm not super familiar with ddwrt and at one time I could remember how to do soft reset from memory, but right now all I can think of is holding in the reset button on the back of the router, is that the way you would do it?
yeah you hold the reset button and eventually it should reboot and reset.
i am very curious about why your mac addresses are zero though.
this is probably orthogonal to the supplicant issue, which i'm going to look at via serial in a few minutes.
can you do me a favour? use the "flash" program via command line
flash -r 0x10e000 -c 32
and share the output?
you do get an ethernet mac address, right?
From: hheinreich @.> Sent: November 9, 2022 5:05 PM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
I don't get why your mac addresses are showing up as 0..
I noticed that too and I didn't set it to zeros.
The next thing is: can you access the router via ssh via wired at all after applying the settings?
I lost access while I was hard wired to it. I haven't tried putty connection yet.
Tomorrow, I will first do a soft reset so everything is initialized with default settings. I'm not super familiar with ddwrt and at one time I could remember how to do soft reset from memory, but right now all I can think of is holding in the reset button on the back of the router, is that the way you would do it?
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309565210, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG77X2OQ6MJH7MUFWIDWHQ327ANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
hey man,
so i did whatever checking i could, but i can't do much since i don't have a RADIUS server in my vicinity.
it seems to me the issue is you don't have a proper mac address.
in my situation the firmware boots perfectly fine, but wpa_supplicant fails because obviously i have nothing to connect to.
i'm going to post a build with the debug version of wpa_supplicant just for you, so we can check the output. we still need to figure out why the mac address isn't showing up.
it could be a very simple fix (probably is). i just need to make sure the spots on your flash are where the mac address actually is (and should be, see here: https://forum.openwrt.org/t/dir-2640-2660-1960-1760-whatever-wifi-mac-addresses/)
the issue with the hanging seems to be related to the lack of a mac address. it's probably exacerbated when you run hostapd, since it needs one.
https://www.sendspace.com/file/qsb9mj https://www.sendspace.com/file/7ug0cb
I don't get why your mac addresses are showing up as 0..
I noticed that too and I didn't set it to zeros.
The next thing is: can you access the router via ssh via wired at all after applying the settings?
I lost access while I was hard wired to it. I haven't tried putty connection yet.
Tomorrow, I will first do a soft reset so everything is initialized with default settings. I'm not super familiar with ddwrt and at one time I could remember how to do soft reset from memory, but right now all I can think of is holding in the reset button on the back of the router, is that the way you would do it?
it seems to me the issue is you don't have a proper mac address.
That's a problem but should be easy to fix. However, I do suspect that "Phase 2 Authentication: MSCHAPv2" could be an issue. I'm not able to test any further tonight. Tomorrow, the first thing will be making sure there's a real MAC address.
flash -r 0x10e000 -c 32
I'll try this if I can putty into the router. Otherwise I will do a reset.
maybe it will be an issue, but the hostapd2 config file has MSCHAPv2 enabled, so if you're worried about the protocol not being supported, i wouldn't be.
it's all clumped into PEAP from what i can make of it (i'm no pro here).
you probably won't be able to putty until you reset the router, but you can try. i am pretty sure it's going to freeze at boot because there's no mac address.
i'm miffed as to how that would happen, but i think it's potentially due to a simple unsigned/overflow issue
From: hheinreich @.> Sent: November 9, 2022 7:36 PM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
it seems to me the issue is you don't have a proper mac address.
That's a problem but should be easy to fix. However, I do suspect that "Phase 2 Authentication: MSCHAPv2" could be an issue. I'm not able to test any further tonight. Tomorrow, the first thing will be making sure there's a real MAC address.
flash -r 0x10e000 -c 32
I'll try this if I can putty into the router. Otherwise I will do a reset.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309688597, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG43JSAO5FI6HABICMLWHRNUNANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
(see here https://svn.dd-wrt.com/browser/src/router/hostapd2/wpa_supplicant/.config)
From: Gagan Sidhu @.> Sent: November 9, 2022 8:02 PM To: i3roly/glibc_ddwrt @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
maybe it will be an issue, but the hostapd2 config file has MSCHAPv2 enabled, so if you're worried about the protocol not being supported, i wouldn't be.
it's all clumped into PEAP from what i can make of it (i'm no pro here).
you probably won't be able to putty until you reset the router, but you can try. i am pretty sure it's going to freeze at boot because there's no mac address.
i'm miffed as to how that would happen, but i think it's potentially due to a simple unsigned/overflow issue
From: hheinreich @.> Sent: November 9, 2022 7:36 PM To: i3roly/glibc_ddwrt @.> Cc: gagan sidhu @.>; Comment @.> Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
it seems to me the issue is you don't have a proper mac address.
That's a problem but should be easy to fix. However, I do suspect that "Phase 2 Authentication: MSCHAPv2" could be an issue. I'm not able to test any further tonight. Tomorrow, the first thing will be making sure there's a real MAC address.
flash -r 0x10e000 -c 32
I'll try this if I can putty into the router. Otherwise I will do a reset.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1309688597, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG43JSAO5FI6HABICMLWHRNUNANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
m miffed as to how that would happen, but i think it's potentially due to a simple unsigned/overflow issue
Don't be "miffed". It's probably something that I was messing around with back in March. I know that I did clone my MAC address but I never set it to all zeros.
Speculation is fun but tomorrow I'll do some testing and we'll get some real answers.
can you do me a favour? use the "flash" program via command line flash -r 0x10e000 -c 32 and share the output?
login as: root
DD-WRT v4.14-r50843M CRISPIN (c) 2022 NewMedia-NET GmbH
Release: 11/09/22
Board: Dlink DIR-882 A1
root@192.168.1.1's password:
==========================================================
___ ___ _ _____ ______ ___ __ ___
/ _ \/ _ \___| | /| / / _ \/_ __/__ __.`, /-` /.`, /
/ // / // /___/ |/ |/ / , _/ / / \ \/ /_``_// //_``_/
/____/____/ |__/|__/_/|_| /_/ \__/ /_/(_)_//_/
DD-WRT v4.14
A Bluer Kind of White
http://www.dd-wrt.com
-----
_______ _______ ___ __ ____ _ _ ___
| ___ \| __ || | |__|| \ | || | / /
| |___| || |__| || |__ __ | \| || |/ /
| _ /| _ || || || |\ || \
|__| \__\|__| |__||______||__||_| \____||_|\___\
=System Architecture Department=
"MediaTek can only swallow what they'll never be."
~Anon
======*insert graffiti expressing 'Ralf r00lz!1!1!'*======
root@DD-WRT:~# flash -r 0x10e000 -c 32
please enlarge 'MAX_NUM_INFO'
please enlarge 'MAX_NUM_INFO'
please enlarge 'MAX_NUM_INFO'
10E000: FF
10E001: FF
10E002: FF
10E003: FF
10E004: FF
10E005: FF
10E006: FF
10E007: FF
10E008: FF
10E009: FF
10E00A: FF
10E00B: FF
10E00C: FF
10E00D: FF
10E00E: FF
10E00F: FF
10E010: FF
10E011: FF
10E012: FF
10E013: FF
10E014: FF
10E015: FF
10E016: FF
10E017: FF
10E018: FF
10E019: FF
10E01A: FF
10E01B: FF
10E01C: FF
10E01D: FF
10E01E: FF
10E01F: FF
root@DD-WRT:~#
Looks like you somehow wiped your ethernet addresses.
I'd recommend you read the address off your router and use flash -w to write it back.
What was openwrt doing? It must have been generating a random address for you, or was it the same one?
I am out now so I may need a bit before responding.
It shouldn't be FF. I don't recall that happening when I used the program but it's possible it did.
Try to write the ethernet address at 0x10e000, where you write one byte at a time from x10e000 to x10e003.
From: hheinreich Sent: Thursday, 10 November 2022 2:30 PM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
can you do me a favour? use the "flash" program via command line flash -r 0x10e000 -c 32 and share the output?
___ ___ _ _____ ______ ___ __ ___
/ _ \/ _ \___| | /| / / _ \/_ __/__ __.`, /-` /.`, /
/ // / // // |/ |/ / , / / / \ \/ /``// //``/ /__/__/ |/|_//|| // _/ //()//_/
DD-WRT v4.14
A Bluer Kind of White
http://www.dd-wrt.com
_______ _______ ___ __ ____ _ _ ___
| ___ \| __ || | |__|| \ | || | / /
| |___| || |__| || |__ __ | \| || |/ /
| _ /| _ || || || |\ || \
|__| \__\|__| |__||______||__||_| \____||_|\___\
=System Architecture Department=
"MediaTek can only swallow what they'll never be."
~Anon
======insert graffiti expressing 'Ralf r00lz!1!1!'====== @.:~# flash -r 0x10e000 -c 32 please enlarge 'MAX_NUM_INFO' please enlarge 'MAX_NUM_INFO' please enlarge 'MAX_NUM_INFO' 10E000: FF 10E001: FF 10E002: FF 10E003: FF 10E004: FF 10E005: FF 10E006: FF 10E007: FF 10E008: FF 10E009: FF 10E00A: FF 10E00B: FF 10E00C: FF 10E00D: FF 10E00E: FF 10E00F: FF 10E010: FF 10E011: FF 10E012: FF 10E013: FF 10E014: FF 10E015: FF 10E016: FF 10E017: FF 10E018: FF 10E019: FF 10E01A: FF 10E01B: FF 10E01C: FF 10E01D: FF 10E01E: FF 10E01F: FF @.:~#
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1310916972, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG7DNWZ5CG6P4QSYLGDWHVSNPANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
dug through my logs, and i messed up a little.
04-13 14:51:11.607: root@DD-WRT:~# flash -r 0x148006 -c 6
04-13 14:51:21.555: please enlarge 'MAX_NUM_INFO'
04-13 14:51:21.607: please enlarge 'MAX_NUM_INFO'
04-13 14:51:21.607: please enlarge 'MAX_NUM_INFO'
04-13 14:51:21.607: 148006: 37
04-13 14:51:21.607: 148007: 71
04-13 14:51:21.607: 148008: F1
04-13 14:51:21.607: 148009: E2
04-13 14:51:21.607: 14800A: 1E
04-13 14:51:21.607: 14800B: 2
you want to read:
flash -r 0x148006 -c 6
and
flash -r 0x148000 -c 6
these should both show up properly, and i suspect they will.
also try:
flash -r 0x14e000 -c 6 flash -r 0x14e006 -c 6
if the last two work then it's my issue. if the 148000 & 148006 work, then i have to figure out why it was fine for me but different for you. in the latter case i may need to just change the spot the driver is reading the address.
edit, also checked my logs when i tested a 3040 earlier this year (nothing has changed in terms of the code for any of these parts) and it did get the mac address no problem:
....
02-24 16:30:55.136: <==== mt_wifi_init, Status=0
02-24 16:30:55.136: TxBfModuleEnCtrl:It's not DBDC mode
02-24 16:30:55.136: MtCmdEDCCACtrl: BandIdx: 0, EDCCACtrl: 1
02-24 16:30:55.187: MtCmdEDCCACtrl: BandIdx: 1, EDCCACtrl: 1
02-24 16:30:55.187: The new WDS interface MAC = 00:00:00:00:00:00, MacTabMatchWCID = 0
02-24 16:30:55.237: The new WDS interface MAC = 00:00:00:00:00:00, MacTabMatchWCID = 0
02-24 16:30:55.287: The new WDS interface MAC = 00:00:00:00:00:00, MacTabMatchWCID = 0
02-24 16:30:55.287: The new WDS interface MAC = 00:00:00:00:00:00, MacTabMatchWCID = 0
02-24 16:30:55.288: Total allocated 4 WDS interfaces!
02-24 16:30:55.338: RT28xx_Monitor_Init: 1300 !!!!####!!!!!!
02-24 16:30:55.338: -->Monitor_Init(): Create net_device for moni0
02-24 16:30:55.339: -->Monitor_Init(): Create net_device for moni1
02-24 16:30:55.388: WtcSetMaxStaNum: BssidNum:1, MaxStaNum:124 (WdsNum:4, ApcliNum:2, MaxNumChipRept:32), MinMcastWcid:125
02-24 16:30:55.438: RedInit: set CR4/N9 RED Enable to 1.
02-24 16:30:55.439: RedInit: RED Initiailize Done.
02-24 16:30:55.439: cp_support_is_enabled: set CR4 CP_SUPPORT to Mode 2.
02-24 16:30:55.489: RTMP_COM_IoctlHandle -> CMD_RTPRIV_IOCTL_VIRTUAL_INF_UP
02-24 16:30:55.539: wifi_sys_open(), wdev idx = 0
**02-24 16:30:55.539: wdev_attr_update(): wdevId0 = a8:63:7d:90:db:9f**
02-24 16:30:55.589: [RcGetHdevByPhyMode]-- channel 0 fix for rdev fetching
02-24 16:30:55.590: MtCmdSetDbdcCtrl:(ret = 0)
02-24 16:30:55.590: [RadarStateCheck] RD_NORMAL_MODE
02-24 16:30:55.640: phy_freq_adjust : no prim_ch value for adjust!
02-24 16:30:55.640: Caller: HcAcquireRadioForWdev+0xbc/0xe0
02-24 16:30:55.690: phy_mode=49, ch=0, wdev_type=1
02-24 16:30:55.691: ht_cap->HtCapInfo: ldpc=1,ch_width=1,gf=0,sgi20=1,sgi40=1,tx_stbc=1,rx_stbc=1,amsdu_size=1
02-24 16:30:55.741: ht_cap->HtCapParm: mdpu_density=5, ampdu_factor=3
02-24 16:30:55.791: AP inf up for ra_0(func_idx) OmacIdx=0
02-24 16:30:55.791: AsicRadioOnOffCtrl(): DbdcIdx=0 RadioOn
02-24 16:30:55.792: ApAutoChannelAtBootUp----------------->
02-24 16:30:55.842: ApAutoChannelAtBootUp: AutoChannelBootup[0] = 1
02-24 16:30:55.842: MtCmdSetMacTxRx:(ret = 0)
...
i don't want to blame you, it's possible something changed in how d-link sets things up. i will see what else i can do to determine if this is a 2640 issue or an issue that only affects you.
fam,
i have no idea what you did lol. shit's looking great fresh-out-the-box :/
lol
trust me, you're one of the few contributors/users i did not want to blame. i tried my hardest to blame myself, but it looks good out of the box. how you lost your mac addresses is byeond me, but we should try to put them back where they should be. and that's not too hard to do.
it's hard not to be proud of what i accomplished on this family of routers.
i always compare it to the DD-WRT i used on WNDR3700V1 that had the 600MHz chip allowing me to use a full 100Mbit through ethernet. it was amazing.
i hope fans of dd-wrt are fondly reminded of their favourite builds when using this family of devices. when eko was on the DD-WRT team.
later today i'm going to try and handle the situation where there is a zero mac address and generate one that hopefully persists throughout boot via wlx_hwaddr
this is a rare case because it shouldn't happen. my stuff doesn't touch these areas since they're important, but somehow your router lost them. the 'flash' program doesn't help for nand, or maybe i'm using it wrong. i couldn't find the ethernet addresses on the spots as-specified using the program, but the driver picks them up fine. i will look into this too.
lol, btw @hheinrich @brooksbuwo itotally forgot i had the ETH_MAC program, which should work!:
root@DD-WRT:~# eth_mac r lan
78:98:E8:54:81:AF
root@DD-WRT:~# eth_mac r wna
78:98:E8:54:81:AF
root@DD-WRT:~# eth_mac r wan
78:98:E8:54:81:B2
give them a try!
edit: also you never told me whether your ethernet address is zero too, if it's not then that's even more weird.
edit: also you never told me whether your ethernet address is zero too, if it's not then that's even more weird.
After soft reset it's not zeros anymore. However, the router does NOT connect to the WPA2 Enterprise AP.
For example, when using OpenWRT (also need to use wolf-ssl ) one way to get the router to connect to WPA2 Enterprise AP is to scan for AP's & select it, enter the EAP Method: PEAP, Identify, Password, and Phase 2 Authentication: MSCHAPv2, then it will connect. Then any device connected to the Ethernet ports will have an internet connection. All works good until I try using OpenVPN and then no matter what I have tried there's no longer internet connection available on the Ethernet ports.
So long story even longer, I think ddwrt should be able to do what I need if the router can connect to WPA2 Enterprise AP since the OpenVPN works well on it.
Well do you have any debug output?
The version I provided in this thread has debug output.
I'm not sure if scanning all SSIDs is possible in the dd-wrt firmware. I think you just have to put the name in manually where the ssid name for AP mode usually goes.
I wouldn't compare the openwrt approach and expect dd+wrt to copy it. Also: wolfssl is for small builds. The wpa supplicant is linked to openssl. So again I wouldn't worry about if the encryption method is supported, because it is. The question is if anything is missing to connect.
Can you share the wpad config file you get from openwrt so I can add any missing entries? What other phase 2 authentication does openwrt show in the menu aside from mschapv2?
The config file would help a lot
From: hheinreich Sent: Saturday, 12 November 2022 8:54 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
edit: also you never told me whether your ethernet address is zero too, if it's not then that's even more weird.
After soft reset it's not zeros anymore. However, the router does NOT connect to the WPA2 Enterprise AP.
For example, when using OpenWRT (also need to use wolf-ssl https://en.wikipedia.org/wiki/WolfSSL ) one way to get the router to connect to WPA2 Enterprise AP is to scan for AP's & select it, enter the EAP Method: PEAP, Identify, Password, and Phase 2 Authentication: MSCHAPv2, then it will connect. Then any device connected to the Ethernet ports will have an internet connection. All works good until I try using OpenVPN and then no matter what I have tried there's no longer internet connection available on the Ethernet ports.
So long story even longer, I think ddwrt should be able to do what I need if the router can connect to WPA2 Enterprise AP since the OpenVPN works well on it.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1312514220, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG7YVYMKKBLFRHKSZLLWH64UBANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
I think this may be a simple fix.
I may just need to add a dropdown/checkbox for mschapv2 and add this to the config file:
https://www.miskatonic.org/2019/04/24/networkingpi/
Btw: I assume you're putting the ssid you'd like to connect to in the basic settings box right?
Really looks like a simple addition from my end. Will add it in an hour and change and give you a new build to try.
Again since I don't think dd-wrt scans and provides a list of APs outside of site survey, that feature may not be possible. It may just have to be 'add the right ssid in the ssid field' unless ol' assfuck or the joker want to add that functionality. I'm not going to do it.
From: Gagan Sidhu Sent: Saturday, 12 November 2022 9:21 AM To: hheinreich Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
Well do you have any debug output?
The version I provided in this thread has debug output.
I'm not sure if scanning all SSIDs is possible in the dd-wrt firmware. I think you just have to put the name in manually where the ssid name for AP mode usually goes.
I wouldn't compare the openwrt approach and expect dd+wrt to copy it. Also: wolfssl is for small builds. The wpa supplicant is linked to openssl. So again I wouldn't worry about if the encryption method is supported, because it is. The question is if anything is missing to connect.
Can you share the wpad config file you get from openwrt so I can add any missing entries? What other phase 2 authentication does openwrt show in the menu aside from mschapv2?
The config file would help a lot
From: hheinreich Sent: Saturday, 12 November 2022 8:54 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
edit: also you never told me whether your ethernet address is zero too, if it's not then that's even more weird.
After soft reset it's not zeros anymore. However, the router does NOT connect to the WPA2 Enterprise AP.
For example, when using OpenWRT (also need to use wolf-ssl https://en.wikipedia.org/wiki/WolfSSL ) one way to get the router to connect to WPA2 Enterprise AP is to scan for AP's & select it, enter the EAP Method: PEAP, Identify, Password, and Phase 2 Authentication: MSCHAPv2, then it will connect. Then any device connected to the Ethernet ports will have an internet connection. All works good until I try using OpenVPN and then no matter what I have tried there's no longer internet connection available on the Ethernet ports.
So long story even longer, I think ddwrt should be able to do what I need if the router can connect to WPA2 Enterprise AP since the OpenVPN works well on it.
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1312514220, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG7YVYMKKBLFRHKSZLLWH64UBANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
The wpa supplicant is linked to openssl.
I only mentioned wolf-ssl because there was a time when openssl didn't work correctly for WPA2 Enterprise. I know this is/was the case because it didn't work on OpenWRT. There was 3 specific libraries that were needed, but I don't remember them off the top of my head.
think you just have to put the name in manually
I did enter the ssid name manually. I wasn't aware of the debug, but I was hoping there would be a way to troubleshoot. Does the debug output ping a site to show a connection? Where is the debug located, meaning command line or what menu selection in the GUI?
Can you share the wpad config file you get from openwrt so I can add any missing entries? What other phase 2 authentication does openwrt show in the menu aside from mschapv2?
Of course I can share the config file! Or anything else that would be helpful. I have numerous of the D-Link Dir-2640 routers. The test routers there is one with ddwrt and another with openwrt. I also have another setup in a traditional way for general home usage.
If I had more time to figure out what is needed, then I could be creating my own builds. Eventually, I will and there's probably an example tutorial somewhere. Any suggestions on a good place to start?
Anyway I won't be able to get the information until Tuesday (maybe Monday night would be the earliest).
Not saying it's impossible to make your own dd-wrt, but good luck.
I'm the only person outside of brainslayer that has a fully functional tree. Kong did, but BS gave that to him.
Not trying to discourage you, but certainly there is no image builder like openwrt. It's a very different type of operating system.
Debug output should be in the system log:
cat /var/log/messages
It's possible that supplicant may need other libraries but to me it sounds like just some config settings are missing.
The file is located at /tmp/wl0_wpa_supplicant.conf (or something like that).
Really this just sounds like a missing line in the config file that didn't specify mschapv2.
From: hheinreich Sent: Saturday, 12 November 2022 9:59 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; Comment Subject: Re: [i3roly/glibc_ddwrt] WPA2 Enterprise (Issue #13)
The wpa supplicant is linked to openssl.
I only mentioned wolf-ssl because there was a time when openssl didn't work correctly for WPA2 Enterprise. I know this is/was the case because it didn't work on OpenWRT. There was 3 specific libraries that were needed, but I don't remember them off the top of my head.
think you just have to put the name in manually
I did enter the ssid name manually. I wasn't aware of the debug, but I was hoping there would be a way to troubleshoot. Does the debug output ping a site to show a connection? Where is the debug located, meaning command line or what menu selection in the GUI?
Can you share the wpad config file you get from openwrt so I can add any missing entries? What other phase 2 authentication does openwrt show in the menu aside from mschapv2?
Of course I can share the config file! Or anything else that would be helpful. I have numerous of the D-Link Dir-2640 routers. The test routers there is one with ddwrt and another with openwrt. I also have another setup in a traditional way for general home usage.
If I had more time to figure out what is needed, then I could be creating my own builds. Eventually, I will and there's probably an example tutorial somewhere. Any suggestions on a good place to start?
Anyway I won't be able to get the information until Tuesday (maybe Monday night would be the earliest).
— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/13#issuecomment-1312527191, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEGYKU4XGGL3E2FTNPU3WH7EGBANCNFSM5RIZECEQ. You are receiving this because you commented.Message ID: @.***>
I am wondering if you could offer me suggestions on how to make WPA2-EAP (aka Enterprise, 802.1x, Eduroam) function correctly. In OpenWrt it does work if a person installs wpad-wolfssl and attached is a screenshot of the additional fields needed for login.
The specific information that needs to be specified is: EAP-Method: PEAP, Authentication: EAP-MSCHAPv2, Identity: Username, and Password: Password. None of these options are available for any of the WPAx-EAP choices on ddwrt.