[habeIchVergessen]

in addition to ticket #1654

1. client certificates should be signed with ca (change server.pem/key to ca.pem/key in client.cnf)
2. the signing command in doclientcert (openssl ca) needs ca.cnf
3. additionally startdate regarding timezone (refer ticket #1845), regenerating request regarding clients-subdir, ca-cert included in clients-p12 (required for symbian!)

see attached files


certificates generated with that fixes works with
iOS, Android, Symbian, Windows 7

[habeIchVergessen]

previously posted doclientcert contains a cropped line that should calc the startdate. also timezone for startdate is required (added).

while testing client-bridge with 802.x wireless encryption i noticed more issues with eap-tls.

setup:
router WZR-HP-AG300H (sw 18024), ath0 wpa2 personal, ath0.1 wpa2 enterprise

client WZR-HP-G300NH (sw 18024), ath0 802.1x

test:
peap works, leap and ttls not tested

tls works after applying follwing changes

- key_mgmt=WPA-EAP
- pairwise=CCMP (added)
- group=CCMP (added)

used parameters:
identity, server-cert (ca.pem!!!; label doesn't match), client-cert, client-key

finally 'killall -HUP wpa_supplicant' activates the changes.

i'm not sure about the replaced key_mgmt-value IEEE8021X. this is for RADIUS?

@dev: how to discuss the situation?

[Sash]

regarding http://svn.dd-wrt.com/ticket/2516

why should the code be changed?
and the tickets contains bugs...[/url]

and what about
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=151181&highlight=radius
?

[habeIchVergessen]

i added src.2.zip to ticket 2517 with all required changes.
compile is ok and runtime too.

an additional option on the eap-tls config page enables users to switch between web, wpa and wpa2 key-management.

in the end dd-wrt can connect in client bridge mode to wpa2-/wpa-enterprise wireless networks.

[Sash]

hier gehts weiter...
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=151181&highlight=eaptls