WPA2 Enterprise

[leobalter]

After asking on slack's support channel, it seems openwrt is ready to connect to a WPA2 Enterprise network, t2-cli is not ready yet.

I found myself in a place where I was under a WPA2 Enterprise network, coworking in a friend's company. It requires a username along the password to it would need to be something like: t2 wifi -n netid -p passid --uid username.

I gave my Tessel 2 to my friend @ridjohansen so we can help testing a new patch using the same network.

[rwaldron]

@HipsterBrown can provide guidance/mentorship on this

[HipsterBrown]

@leobalter Thanks for making this issue.

Here are some links and documentation for how I would get started on adding this support:

You can access the Tessel operating system using the screen UNIX command line tool over a USB connection by typing screen /dev/tty.usb in a terminal and tab complete to get the correct device address, i.e. screen /dev/tty.usbmodem1412.

Once connected, you can view the wireless configuration file from the Tessel file system at the path /etc/config/wireless.

Configuring the wireless settings for OpenWRT using the ubus command line tool (Reference). You can view some of the sample configuration commands here:

lib/tessel/commands.js - module.exports.setNetworkSSID (https://github.com/tessel/t2-cli/blob/master/lib/tessel/commands.js#L68-L85)

---

The wireless configuration options for WPA Enterprise can be found here: OpenWRT Wireless Configuration - WPA Enterprise Client (https://wiki.openwrt.org/doc/uci/wireless#wpa_enterprise_client)

I believe the identity option would match the username for that network and password matching the password for that username. I'm not sure if eap_type or auth matter for most enterprise connections.

---

Once you confirm the right configuration settings for connecting to a WPA/WPA2 Enterprise network, you can create the cli commands to match.

You can add the wifi configuration options in bin/tessel-2.js, we can probably reuse the existing password option and should only need to add a username option.

---

You can validate the configuration, i.e. if the security is wpa or wpa2 then make sure a username and password option have been passed in as well: lib/controller.js - controller.connectToNetwork (https://github.com/tessel/t2-cli/blob/master/lib/controller.js#L662-L687)

---

You can call the configuration commands, don't forget to add them to lib/tessel/commands, in this function: lib/tessel/wifi.js - Tessel.prototype.connectToNetwork (https://github.com/tessel/t2-cli/blob/master/lib/controller.js#L662-L687)

---

Finally, don't forget to add tests around this new functionality here: test/unit/wifi.js - module.exports['Tessel.prototype.connectToNetwork'] (https://github.com/tessel/t2-cli/blob/master/test/unit/wifi.js#L220-L514)

---

If you are able to create this patch, that would brilliant since you have an available test environment with an enterprise network. I will be available to answer any questions or review code if you comment in this issue or message me in the Tessel Slack.

[kaefer3000]

I set the options for enterprise wpa using uci like in the links you provided, which gives wpa_supplicant.confs that cannot get parsed on tessel. This is because wpa enterprise requires package wpad (see the wireless encryption article in the openwrt wiki) instead of wpad-mini, which comes with the tessel. Therefore, I uninstalled wpad-mini and installed wpad instead. Now the generated wpa_supplicant.conf can get parsed, and I get authenticated and associated to the network. Now I am facing the next problem: the next second, I get de-authenticated, which seems to be a common issue. The common fix of the common issue is to find the two programs that fight over the network configuration and deactivate one, but here my skills come to an end.

[julesmoretti]

Would love this resolved too. Working in a company on new products automatically puts you behind these kind of standards. Working in isolation only takes you so far.

[leobalter]

@ridjohansen you have the enterprise network and the tessel, have you got any other feedback on this?