[fluxored]

Just read this thread. Was not aware that enabling JFFS was a per-req for this service. Not like it says it in the help text or anything, but that might be a good thing to mention there. After enabling JFFS the certificate generated in a matter of seconds (I didn't have to have any additional media; i.e.-USB flash drive). Slayer, thanks for the info, the rest of you DD-WRTer's thanks for the additional comments, and Sash thanks for the lack of information, the updates on what will not be supported and what works in your environments.

All contributed to getting my issue resolved. This is a good software platform and I will to continue to support it.

-John

[FCC-PT]

Routerstation Pro
DD-WRT v24-sp2 build 14896.

I've enabled NTP service (TIME OK!)
I've enabled USB support
mounted the drive formated with ext3 support
enbaled jffs support

added the fowlling line to startup script under Administration/Commands :
- mount /dev/discs/disc0/part1 /jffs

Enabled Freeradius
Generated certificate correclty

added client:
ip/net = 192.168.1.5/24
shared key = "secret"

added user:
Username = "user"
Password = "password"
Downstream = "1024"
Upstream = "512"
Expiration (Days) = "365"

Generated USER certificate

At the wireless physical interface security interface:

Security Mode = WPA Enterprise
WPA Algorithms = TKIP
Radius Auth Server Address = 192.168.1.1
Radius Auth Server Port = 1812
Radius Auth Shared Secret = "secret"

Radius Auth Backup Server Address = 192.168.1.1
Radius Auth Backup Server Port = 1812
Radius Auth Backup Shared Secret = "secret"

Radius Acct Server Address = 192.168.1.1
Radius Acct Server Port = 1813
Radius Acct Shared Secret = "secret"
Key Renewal Interval (in seconds) = 3600

At the UBUNTU:

SSID = "SSID" (SSID used at the physical interface)
Security = WPA & WPA2 Enterprise
Authentication = EAP protected (PEAP)
Identity (NONE)
Certificate (user-cert.pem)
PEAP Version = Auto
Intern Authentication = MSCHAPv2
username = "user"
password = "password"

Tryed other authetication types but nothing seems to work, what am I doing wrong?

thanks

[FCC-PT]

I found that every time I change the shared key everything works as expected BUT if I reboot nothing will work till I change the shared key once again. Is this possible to be corrected in command line?

lsmod

root@RSPRO:~# lsmod
Module Size Used by
cifs 253952 0
etherip 8192 0
bonding 86016 0
jffs2 77824 1
ext3 118784 0
jbd 53248 1 ext3
ext2 57344 2
mbcache 8192 2 ext3,ext2
scsi_wait_scan 832 0
ath_mimo_pci 438272 0
ath_mimo_hal 311296 1 ath_mimo_pci
ath_pci 335872 0
ath_hal 229376 2 ath_pci

[idfg]

I had similar issues on an ASUS RT-AC66U. In several cases, even after performing resets, the certificate would not get generated and I would see the "generating 0 this may take a long time" forever (waited overnight at one point).

I was able to finally get the certificate to generate after I did a firmware upgrade to the same firmware already on the router. I kept my settings for the upgrade. When my router came back it had the message "certificate generation done"

In some cases, on reboot, the RADIUS server does not start. Go to the GUI->Services->FreeRadius and Apply Settings. This seems to starts the service.
Additionally, if you want to debug the RADIUS server ssh into the router and go to /jffs/etc/freeradius. You can run radiusd -d /jffs/etc/freeradius -X to validate that the service can actually start.

Lastly, in some cases if you type in new cert information in the GUI I noticed it did not get placed in the server.pem file. I hit gen cert again. You can validate that your cert info is in the server.pem by doing cat /jffs/etc/freeradius/certs/server.pem. The first time I found I only had the default cert info that dd-wrt ships with that I no longer wanted to use. Thats when I hit gen cert again with my new ceritificate info and validated that the server.pem file was updated.

Hope this helps...