Author
Message
habeIchVergessen DD-WRT User Joined: 04 May 2010 Posts: 431
Posted: Sun Jan 01, 2012 21:56 Post subject: eap-tls ticket #1654
in addition to ticket #1654
1. client certificates should be signed with ca (change server.pem/key to ca.pem/key in client.cnf)
2. the signing command in doclientcert (openssl ca) needs ca.cnf
3. additionally startdate regarding timezone (refer ticket #1845 ), regenerating request regarding clients-subdir, ca-cert included in clients-p12 (required for symbian!)
see attached files
certificates generated with that fixes works with
iOS, Android, Symbian, Windows 7
Back to top
Sponsor
habeIchVergessen DD-WRT User Joined: 04 May 2010 Posts: 431
Posted: Tue Jan 24, 2012 21:31 Post subject:
previously posted doclientcert contains a cropped line that should calc the startdate. also timezone for startdate is required (added).
while testing client-bridge with 802.x wireless encryption i noticed more issues with eap-tls.
setup:
router WZR-HP-AG300H (sw 18024), ath0 wpa2 personal, ath0.1 wpa2 enterprise
client WZR-HP-G300NH (sw 18024), ath0 802.1x
test:
peap works, leap and ttls not tested
tls works after applying follwing changes
- key_mgmt=WPA-EAP
- pairwise=CCMP (added)
- group=CCMP (added)
used parameters:
identity, server-cert (ca.pem!!!; label doesn't match), client-cert, client-key
finally 'killall -HUP wpa_supplicant' activates the changes.
i'm not sure about the replaced key_mgmt-value IEEE8021X. this is for RADIUS?
@dev: how to discuss the situation?
Back to top
Sash DD-WRT Guru Joined: 20 Sep 2006 Posts: 17619 Location: Hesse/Germany
Back to top
habeIchVergessen DD-WRT User Joined: 04 May 2010 Posts: 431
Posted: Wed Jul 25, 2012 20:50 Post subject:
i added src.2.zip to ticket 2517 with all required changes.
compile is ok and runtime too.
an additional option on the eap-tls config page enables users to switch between web, wpa and wpa2 key-management.
in the end dd-wrt can connect in client bridge mode to wpa2-/wpa-enterprise wireless networks.
Back to top
Sash DD-WRT Guru Joined: 20 Sep 2006 Posts: 17619 Location: Hesse/Germany
Back to top