You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, thanks for your hard work. I've been using this tutorial to authenticate my router onto 801x network to function as a wireless AP. It was working OK till the time I upgraded from 19 to 21. It looks like an issue with the wpa_supplicant, authenticating with the freeradius server. Let me provide you with the logs below.
RADIUS before (v19)
(31) eap: Peer sent EAP Response (code 2) ID 3 length 6
(31) eap: Continuing tunnel setup
(31) [eap] = ok
(31) } # else = ok
(31) } # authorize = updated
(31) Found Auth-Type = eap
(31) # Executing group from file /etc/raddb/sites-enabled/default
(31) authenticate {
(31) eap: Expiring EAP session with state 0xeaefc6dfe8ecdf1b
(31) eap: Finished EAP session with state 0xeaefc6dfe8ecdf1b
(31) eap: Previous EAP request found for state 0xeaefc6dfe8ecdf1b, released from the list
(31) eap: Peer sent packet with method EAP PEAP (25)
(31) eap: Calling submodule eap_peap to process data
(31) eap_peap: Continuing EAP-TLS
(31) eap_peap: Peer ACKed our handshake fragment
(31) eap_peap: [eaptls verify] = request
(31) eap_peap: [eaptls process] = handled
(31) eap: Sending EAP Request (code 1) ID 4 length 707
(31) eap: EAP session adding &reply:State = 0xeaefc6dfe9ebdf1b
(31) [eap] = handled
(31) } # authenticate = handled
(31) Using Post-Auth-Type Challenge
RADIUS after (v21)
(9) eap: Peer sent EAP Response (code 2) ID 1 length 6
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) } # else = updated
(9) } # authorize = updated
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x5d84d1095d85c842
(9) eap: Finished EAP session with state 0x5d84d1095d85c842
(9) eap: Previous EAP request found for state 0x5d84d1095d85c842, released from the list
(9) eap: Peer sent packet with method EAP NAK (3)
(9) eap: Peer NAK'd indicating it is not willing to continue
(9) eap: Sending EAP Failure (code 4) ID 1 length 4
(9) eap: Failed in EAP select
(9) [eap] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
Openwrt after
root@openwrt:~# wpa_supplicant -D wired -i eth0.1 -c /etc/config/wpa.conf
Successfully initialized wpa_supplicant
eth0.1: Associated with xx:xx:xx:xx:xx:xx
eth0.1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
eth0.1: CTRL-EVENT-EAP-STARTED EAP authentication started
eth0.1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
TLS: suffix_match not supported
TLS: Failed to set TLS connection parameters
EAP-PEAP: Failed to initialize SSL.
eth0.1: EAP: Failed to initialize EAP method: vendor 0 method 25 (PEAP)
The device is
Model TP-Link Archer C20 v1
Architecture MediaTek MT7620A ver:2 eco:6
Target Platform ramips/mt7620
Firmware Version OpenWrt 21.02.3 r16554-1d4dea6d4f / LuCI openwrt-21.02 branch git-22.083.69138-0a0ce2a
Kernel Version 5.4.188
wpa_supplicant in 19 wpa_supplicant v2.9
wpa_supplicant in 21 wpa_supplicant v2.10-devel
The text was updated successfully, but these errors were encountered:
Hello, thanks for your hard work. I've been using this tutorial to authenticate my router onto 801x network to function as a wireless AP. It was working OK till the time I upgraded from 19 to 21. It looks like an issue with the wpa_supplicant, authenticating with the freeradius server. Let me provide you with the logs below.
RADIUS before (v19)
RADIUS after (v21)
Openwrt after
The device is
wpa_supplicant in 19
wpa_supplicant v2.9
wpa_supplicant in 21
wpa_supplicant v2.10-devel
The text was updated successfully, but these errors were encountered: