hostapd has built-in RADIUS server and capable to perform EAP authentication without external authenticator. Unfortunately OpenWRT package builds full version of hostapd with internal crypto backend. All functions related to EAP-TLS in internal crypto backend stubbed with empty bodies returning error immediately.
Recently I used FreeRADIUS running directly on my router, but it requires pretty remarkable amount of RAM. I ended up with [[https://github.com/openwrt/openwrt/compare/openwrt-18.06...Snawoot:hostapd_openssl?expand=1|patch]] for openwrt build specs in order to build fully functional hostapd. Also I made some ugly hacks in netifd scripts to compose proper hostapd.conf. Finally, I got working EAP-TLS auth virtually with no additional costs.
Probably support for internal RADIUS and some authentication methods should be added to LUCI/UCI configuration interface.
I guess secure WLAN is not a luxury feature and EAP auth is mandatory for modern secure networks.
My device is: TP-Link Archer C50 V1
My current OpenWRT version is: OpenWrt 18.06.0, r7188-b0b5c64c22
The text was updated successfully, but these errors were encountered: