December 30, 2008

WRT54GL as an 802.1x client (aka wrt54gl@eduroam)

… after a quite long time (again), here comes a simple HOWTO describing the process of running a Linksys WRT54GL as a wifi client with 802.1x authentication+wpa encryption, in this case for the international wifi educational network initiative – eduroam.

image

The Linksys WRT54g brand of wifi routers have become quite popular in the past years as many non-Linksys, but open firmware became available for this device. If you own a WRT54g router, you might be familiar with firmware files from dd-wrt or openwrt.

Basically, after flashing and thus replacing the genuine Linksys provided firmware on the WRT54g with the dd-wrt or the openwrt firmware you can get additional functionality available on commercial $1000 routers out of the $60 router. Like, the original Linksys firmware does not contain functionality even for a basic wifi client mode. The dd-wrt firmware is a ready to use firmware available in different flavors – with vpn functionality, with voip or just “basic” functionality. Compared to openwrt firmware, openwrt is in its basic form not so powerful. Openwrt in its basic form does contain only basic stuff, no additional functionality. On the other hand, the advantage of openwrt is that it is nicely customizable and you can pretty easily install additional applications and functionality with a simple apt-get like utility. For this reason I am more used to use the openwrt firmware as it gives me more control of the box.

Well, a step into the $subject: a friend of mine has asked me to help him with connecting his WRT54GL router as a client to our university wireless network. Our university wifi network uses mandatory 802.1x authentication + wpa or wpa2 encryption. Few years ago, even standard computers and laptops had issues with connecting to a 802.1x secured wireless network so what to expect from a small wifi router? Well, a lot :-)

The basic Linksys firmware does not even support wifi client mode on the WRT54GL. Obviously, the next step is to upgrade the firmware to something better. dd-wrt or openwrt? dd-wrt supports wifi client mode, even with static wep keys (maybe even wpa-psk?) but not with 802.1x authentiocation :-/ openwrt in it’s basic form does not support 802.1x, but fortunately a wpa_supplicant package is available already precompiled for this platform. Wpa_supplicant is an EAP supplicant with 802.1x authentication + wpa/wpa2 support.

Few steps to make it work:

  1. Download the openwrt firmware from openwrt.org. Make sure to download a firmware based on 2.6 kernel, as the 2.4 version uses the proprietary “nas” Broadcom utility to manage the wireless connection and it does not support 802.1x. I used the openwrt 8.09_RC1 based openwrt-wrt54g-squashfs.bin file.
  2. Download and install the wpa_supplicant package:
    opkg install http://downloads.openwrt.org/kam...s/wpa-supplicant_0.6.3-1_mipsel.ipk
    (or opkg update && opkg install wpa-supplicant)
    (the 8+ version of openwrt will use the “opkg” package management utility, pre 8 versions of openwrt used “ipkg”)
  3. Create a configuration file for the wpa_supplicant. The file may look like:
    root@OpenWrt:~# cat /etc/wpa_supplicant.conf
    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    
    network={
           ssid="eduroam"
           scan_ssid=1
           key_mgmt=WPA-EAP
           eap=PEAP
           #ca_cert="/etc/eduroam-ca.crt"
           anonymous_identity="user@domain"
           identity="user@domain"
           password="ThisMustBeAReallyStrongPassword"
           phase1="peaplabel=0"
           phase2="auth=MSCHAPV2"
    }
  4. Try it with
    wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
    This command will start the wpa_supplicant, will scan for the “eduroam” ssid, connect to AP and try to authenticate as user@domain. If everything is OK, at the end will show some OK messages and will also activate the wifi interface – wlan0. If you start a dhcp client (udhcpc -i wlan0), you should get an IP address now, and you can start pinging the Internet.
  5. Wrap it up, create startup scripts that will at the bootup start the wpa_supplication, do the dhcp client, enable IP routing and NAT and there you go. Ready :-)

My startup scripts look like (not so cool but it works :):

root@OpenWrt:~# cat /etc/init.d/XStartEduroam
#!/bin/sh /etc/rc.common
#
# Jozef Janitor (c) 2008
#
# !!!
# make sure that this file has a +x (executable) flag
# enable this script with /etc/init.d/XStartEduroam enable
# dont't forget to disable the preinstalled openwrt firewall script
# !!!

START=99

start() {

# Basic filewall and SNAT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i br-lan -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 4 -j ACCEPT
iptables -A INPUT -j DROP

# Set time - otherwise the default WRT's time makes problems
# with a certificate validation in wpa_supplicant
date "`cat /etc/dateToSet`"
date "`cat /etc/dateToSet.backup`"

# Start 802.1x authentication
wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf &

# wait some time till the interface is authenticated
# and activated
sleep 5

# get the IP address from the DHCP server
udhcpc -i wlan0 &

# start the WatchDog to check if we have access
# to the Internet
/watchGW &

# sync time with the NTP server and store the local
# time into a file for reboot use
/updateDate &

}

root@OpenWrt:~# cat /watchGW
#!/bin/sh
#
# Jozef Janitor (c) 2008
#
# This is a "watchdog" script that checks the IP connectivity to a specified destination.
# When it's not available, restart the device.
#

echo "Starting GW watchdog"
echo "If host (1.1.1.1) is down, reboot"

# root@OpenWrt:/# ping -c 5 1.1.1.1
# PING 1.1.1.1 (1.1.1.1): 56 data bytes
# 64 bytes from 1.1.1.1: seq=0 ttl=59 time=3.199 ms
# 64 bytes from 1.1.1.1: seq=1 ttl=59 time=7.602 ms
# 64 bytes from 1.1.1.1: seq=2 ttl=59 time=3.212 ms
# 64 bytes from 1.1.1.1: seq=3 ttl=59 time=4.804 ms
# 64 bytes from 1.1.1.1: seq=4 ttl=59 time=2.827 ms
#
# --- 1.1.1.1 ping statistics ---
# 5 packets transmitted, 5 packets received, 0% packet loss
# round-trip min/avg/max = 2.827/4.328/7.602 ms

while true; do

   sleep 300

   out=`ping -c 5 1.1.1.1 2>&1`

   isFrom=`echo $out|grep "from"`

   if [ "x$isFrom" = "x" ]; then
      echo "!!!!!! REBOOTING !!!!!!!!!!" > /dev/tty
      sleep 5
      reboot
   fi

done

root@OpenWrt:~# cat /updateDate
#!/bin/sh
#
# Jozef Janitor (c) 2008
#
# Sync the actual time and store it in a file to be used after the reboot.
#

while true; do
        sleep 3600
        ntpclient -c 1 -h ntp.ubuntu.com -s
        date "+%F %R" > /etc/dateToSet
        sleep 1
        date "+%F %R" > /etc/dateToSet.backup
done

38 comments:

  1. Nice Post. This helped out with a config I was doing. Thanks. If I get to Slovakia, the Budvar's on me.

    ReplyDelete
  2. @Anonymous: Thanks ;-) I prefer Earl Grey :-D

    ReplyDelete
  3. Hello,

    on my wrt54gl, the wlan driver is not available. Please help me.

    ReplyDelete
  4. @Anonymous: did you follow this howto? Which version of openwrt are you using?

    ReplyDelete
  5. Yes, i follow this howto. I tested it with version 8.09.1 and 8.09.2RC (both brcm47xx). With this FW there are no wireless interfaces.

    With the brcm-2.4 FW, i get "Michael MIC failure detected".

    My Router Version is 1.1 (CL7B...)

    sorry for my english

    ReplyDelete
  6. Hi !
    Thanks a lot for this Tutorial !!!

    I Hope you can help me with this error i get
    when i try to connect.

    root@OpenWrt:/# wpa_supplicant -Dwext -iwl0 -c/etc/wpa_supplicant.conf
    CTRL-EVENT-SCAN-RESULTS
    Trying to associate with xx:xx:xx:xx:xx:xx (SSID='xxxx' freq=xxxxx MHz)
    ioctl[SIOCSIWAP]: Invalid argument
    Association request to the driver failed
    Associated with xx:xx:xx:xx:xx:xx
    Authentication with xx:xx:xx:xx:xx:xx timed out.

    ReplyDelete
  7. Nice tutorial, I configured several GLs this way and works like a charm.

    Is updating date really necessary?
    My router my be down few months, and than date is set by last date saved in /etc/datetoSet

    ReplyDelete
  8. derhase,

    I think you flashed with wrong firmware version.
    Flash directly with
    http://downloads.openwrt.org/snapshots/trunk/brcm47xx/openwrt-wrt54g-squashfs.bin

    You should always flash wrt54gl with brcm-4.7 FW, not brcm-2.4, otherwise wlan device won't be recognized. There is no need to flash first with brcm-2.4 and after that with brcm-4.7 as some tutorials on openwrt.org suggest.
    Before wpa test always try with iwconfig if you see wlan0 device.

    ReplyDelete
  9. Thank You Very Much for this tutorial. Can you help to configure 2 Wlan.
    1x Client (802.1X) is done
    1x Master (Access Point)

    I see only one wlan Interface (wlan0)

    Thank You for your help

    ReplyDelete
  10. @Anonymous: I am not sure if that's possible. Even tho there are 2 aerials, there is only one wifi modul inside the WRT54GL.

    ReplyDelete
  11. Thanks for your tutorial, but I've a problem using the firmware with the 2.6 kernel. If I install the 2.6 based version, then there's no longer any wifi-device, but in 2.4 version it's working. But at the moment I have to connect via vpnc on the WRT54GL (but that's not very performant).
    My WRT54GL's HW version is 1.1, the SN is CL7B1J824465.
    Thanks if you have any suggestions for me.

    ReplyDelete
  12. @Grillprinz: which version of openwrt did you use? I have just checked that the RC1 version of 8.09 is not available any more for download. On the other hand, I believe that all the functionality of the RC1 version was moved to the final stable. Try this firmare on your WRT54GL: http://downloads.openwrt.org/kamikaze/8.09.1/brcm47xx/openwrt-wrt54g-squashfs.bin
    If it won't work, let me know and I can do some lab work on it. Though I don't know when 'cause I am kinda busy now :-/
    Anyway, good luck ;-)

    ReplyDelete
  13. ok few questions...

    why to use brcm47xx>> it's impossible to setup wireless..

    is there any way to configure wrt54l to use wired 802.1x network authenticated with ttls pap...and transmit to wireless... so wrt 54gl would be client...

    ReplyDelete
  14. Thanks for your tutorial.
    I have encountered the same problems as the others. I seems to me that there is no right version available on the offical web sit.
    Since you have the firware that works, could you please upload it to you blog so we can download it accordingly. Thank you in advance.

    ReplyDelete
  15. I've tested the version you've linked in comment (brcm47xx), but, like sYBARITe says, it's impossible to setup wireless (there's also no wireless interface or device available).
    Actual I'm using the brcm-2.4 because wireless is working on it, but with the proprietary nas-driver (which is known to be incompatible to wpa-supplicant).
    Maybe I'll check the new 8.09.2 RC2 and if it not works then, I'll look for finding a download of 8.09.1 RC 1.
    It's not a big problem if it doesn't work 'cause some days ago I got access to my house's Ethernet. But if I find a solution for it, I'll post it here.

    ReplyDelete
  16. wpa-supplicant is now working fine on brcm47xx (the old 8.09_RC1 - found it here: http://downloads.openwrt.org/kamikaze/old/8.09_RC1/brcm47xx/). But it gets no authentification. I searched on "ioctl" but that didn't helped me either. Maybe the terminal output could help:

    root@OpenWrt:/etc# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - CTRL-EVENT-SCAN-RESULTS
    Trying to associate with 00:21:56:cd:c4:60 (SSID='802.1X' freq=2462 MHz)
    Associated with 00:21:56:cd:c4:60
    Authentication with 00:21:56:cd:c4:60 timed out.
    CTRL-EVENT-SCAN-RESULTS
    Trying to associate with 00:21:56:cd:c4:60 (SSID='802.1X' freq=2462 MHz)
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    Associated with 00:21:56:cd:c4:60
    Authentication with 00:21:56:cd:c4:60 timed out.
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    Associated with 00:21:56:cd:c4:60
    CTRL-EVENT-SCAN-RESULTS
    Trying to associate with 00:21:56:cd:c4:60 (SSID='802.1X' freq=2462 MHz)
    Associated with 00:21:56:cd:c4:60
    Authentication with 00:21:56:cd:c4:60 timed out.
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    Associated with 00:21:56:cd:c4:60
    CTRL-EVENT-SCAN-RESULTS
    Trying to associate with 00:21:56:cd:c4:60 (SSID='802.1X' freq=2462 MHz)
    Associated with 00:21:56:cd:c4:60
    Authentication with 00:21:56:cd:c4:60 timed out.
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    ioctl[SIOCSIWENCODEEXT]: No such file or directory
    Associated with 00:21:56:cd:c4:60
    CTRL-EVENT-SCAN-RESULTS
    Trying to associate with 00:21:56:cd:c4:60 (SSID='802.1X' freq=2462 MHz)
    Associated with 00:21:56:cd:c4:60
    ^CCTRL-EVENT-TERMINATING - signal 2 received
    ioctl[SIOCSIWAUTH]: Operation not supported

    My WPA authentification is a bit different from yours. Could the problem be there? (http://tu-ilmenau.de/unirz/X-WPA_Supplicant.2311.0.html)

    Thanks for your help ;)

    ReplyDelete
  17. Mmh... I don't know what I've changed but it's working now ;) (just for testing... didn't set it up with startup-scripts)
    Thanks a lot for the tutorial and your help!

    ReplyDelete
  18. This comment has been removed by the author.

    ReplyDelete
  19. We use a logon certificate for the user instead of a username and password? Any thoughts?

    ReplyDelete
  20. @Anonymous: I guess that the wpa_supplicant supports also TLS certificate based auth. Check the docs.

    ReplyDelete
  21. Grillprinz, What did you do to solve your problem? I mean that:

    root@OpenWrt:/etc# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - CTRL-EVENT-SCAN-RESULTS


    I've got the same and I don't know how to solve it. I'd be gratful if you could give me some advice.

    ReplyDelete
  22. I'm sorry...
    like I wrote: "Mmh... I don't know what I've changed but it's working now ;)"
    I powered it off and then powered in on about a half week later and it worked. I'm sorry that I can't help you.

    ReplyDelete
  23. Hello,
    I tried to use my WRT54GL v1.1 (inside Broadcom53xx) with wpa_supplicant v0.6.3 and this config:

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    network={
    ssid="WLAN-WPA"
    proto=WPA
    key_mgmt=WPA-EAP
    eap=TLS
    identity="uid"
    ca_cert="/etc/cert/ca.cer"
    private_key="/etc/cert/uid-cert.p12
    private_key_passwd="abcde" priority=1
    }
    Does anybody know if it´s possible with the how to I did of this blog? I´m a newbie in this stuff.

    Thanks Robert

    ReplyDelete
  24. It should. The way it's described here works for all wpa-supplicant configs. Feel free to check it out yourself ;)

    ReplyDelete
  25. Dear Jozjan,

    Would you think, it would be possible to set up the device, such that is is part of the eduroam?
    Meaning that the router should be integrated in the university RADIUS servers, and offer eduroam in your private area? I was thinking of applying the german eduroam for a project, where students can set up a eduroam router at home, and connect to the project RADIUS server, which is then connected to university RADIUS server. In this way, the whole eduroam network could be extended all out over the city. Shops could be asked to join in as well. I am looking for a stand-alone system, that does not require an external server, but is integrated into the router for "all-in-a-box". One could apply for a funding, to pay for the first 50-100 routers to be spread out over the city...
    Let me hear your thougts. :-)

    ReplyDelete
  26. @Troels Linnet, if there is a market for such a device then yes. It is fairly easy to setup an eduroam client either on the Linksys WRT54GL or anything else that supports 802.1x wifi authentication.
    The only issue that I can see there is the legality of a mass distribution of such devices - when connected to eduroam, your username is identifying you as a person. If anyone will, let's say, break into some bank network using your eduroam username, then the police guys will knock on your door first.
    The setup that I wrote about is good for static home use - like to university employees and perhaps some students.
    What I can think about is that you can create a custom firmware file for WRT54GL that will have everything that is needed for 802.1x wifi auth/eduroam auth preinstalled with a nice web gui where the end user will just enter his/her eduroam credentials and it will just work. If such a firmware would exist on some public web, anyone could download it and setup his/her own WRT54GL as an eduroam client with a simple firmware update - it's much easier than distributing all-in-one ready preinstalled routers and then supporting both HW and SW.

    ReplyDelete
  27. Im trying to do this, but as this is going to be routed trough some nets I can't have DHCP running from the AP it connects to. How would I do this with a static IP address instead of doing udhcpc -i wlan0

    I tried setting it directly with ifconfig but that didn't seem to work very good.

    ReplyDelete
  28. Hi,
    first of all thank you for this tutorial. It gave me the first look into the topic regarding eduroam connections with a WRT54G. I got the authentication working (at least it seems so) with a slightly modified version of your config-file but when I now start the udhcpc command on interface wlan0 I only see three lines of "Sending discover" and that's all... :( Any ideas ?

    This is, what I get after the wpa_supplicant launch:
    ioctl[SIOCSIWENCODEEXT]: Invalid argument
    ioctl[SIOCSIWENCODEEXT]: Invalid argument
    Trying to associate with... (SSID='eduroam' freq=2412MHz)
    Associated with...
    CTRL-EVENT-EAP-STARTED EAP Authentication started
    ...
    CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx completed (auth) [id=0 id_str=]

    Greetings,
    Daniel

    ReplyDelete
  29. @Jozef Janitor: Are you sure this works with the WRT54GL? That router has a Broadcom BCM5352. I thought that the wpa supplicants are incompatible with Broadcom chipsets and only work with Atheros based routers. The OpenWRT firmware links you provide at the very beginning of your post show that you are using the kamikaze version for Atheros based routers.

    Can you confirm that this works on the WRT54GL?

    ReplyDelete
  30. @Bogdan: Yes, it worked. I am not sure about the current versions of the openwrt tho', because I haven't been playing with it since I did it for the first time.

    ReplyDelete
  31. Ignore the message above ... I posted on the wrong blog!

    I'm struggling to implement your tutorial but I get an unexpected error:

    root@OpenWrt:~# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
    Could not read interface wlan0 flags: No such device
    Failed to initialize driver interface

    Any thoughts? Does the wlan interface need to be enabled from the gui first?

    ReplyDelete
  32. @Bogdan: I have not even installed any GUI to openwrt ;-)
    Check whether the WLAN interface name is really wlan0. It might have been changed in the current releases of openwrt.
    Unfortunately, as I said above, I have done this only once and I don't have access to that router anymore (I configured it for someone else). But it still works well!

    ReplyDelete
  33. Thanks, I got it working in the end. Believe it or not, i had to first connect to a free or wep network and *while* being connected to that, start wpa_supplicant for the eduroam 802.1x enabled network ... then it worked.

    What's even more strange is that, after successfully connecting once, everything worked normally (without needing to connect to a free/wep network). I tested this approach 3 times ... I still can't explain it, but I have no time to investigate why; i'm happy it works.

    ReplyDelete
  34. p.s. I got it working with pretty much all OpenWRT distributions for brcm47xx (so 2.6 kernel):

    - kamikaze 9.02 final
    - backfire 10.03 final
    - backfire 10.03.1-rc3

    tested and working on both Linksys WRT54GS and Buffalo WHR-HP-G54

    ReplyDelete
  35. hi jozjan thanks for the tutorial
    i have a wrt54g v3.1 and i try to do your stuff on it ut i get an error saying it can't find the interface? tomorrow i'll have a better description but what is the interfeace for the Wan on this router do you now?
    thanks bern

    ReplyDelete
  36. wpa_supplicant -Dwext -ieth0 -c/etc/wpa_supplicant.conf
    ioctl[SIOCSIWMODE]: Operation not supported
    Could not configure driver to use managed mode
    ioctl[SIOCGIWRANGE]: Operation not supported
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 7 value 0x1 - ioctl[SIOCSIWENCODEEXT]: Operation not supported
    ioctl[SIOCSIWENCODE]: Operation not supported
    ioctl[SIOCSIWENCODEEXT]: Operation not supported
    ioctl[SIOCSIWENCODE]: Operation not supported
    ioctl[SIOCSIWENCODEEXT]: Operation not supported
    ioctl[SIOCSIWENCODE]: Operation not supported
    ioctl[SIOCSIWENCODEEXT]: Operation not supported
    ioctl[SIOCSIWENCODE]: Operation not supported
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 5 value 0x1 - ioctl[SIOCGIWSCAN]: Operation not supported
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ^CCTRL-EVENT-TERMINATING - signal 2 received
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 7 value 0x0 - Failed to disable WPA in the driver.
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 5 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAP]: Operation not supported
    Read from remote host 192.168.1.1: Operation timed out

    my error LOL thanks

    ReplyDelete
  37. Jozef,

    your tutorial has been very very helpful in my case! How can I buy you a beer?

    ReplyDelete
  38. Hi, Jozef,

    I set up my Linksys WRT54GL (v1.1) following your instructions, but router won't connect to Eduroam. If I try to connect entering

    wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf

    this is the output I get:

    ioctl[SIOCSIWENCODEEXT]: Invalid argument
    ioctl[SIOCSIWENCODEEXT]: Invalid argument
    ioctl[SIOCSIWSCAN]: Device or resource busy
    wlan0: Failed to initiate AP scan
    ioctl[SIOCSIWSCAN]: Device or resource busy
    wlan0: Failed to initiate AP scan
    wlan0: Trying to associate with xx:xx:xx:xx:73:a0 (SSID='eduroam' freq=2437 MHz)
    wlan0: Associated with xx:xx:xx:xx:73:a0
    wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
    wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
    wlan0: CTRL-EVENT-DISCONNECTED bssid=xx:xx:xx:xx:73:a0 reason=0

    I think my /etc/wpa_supplicant.conf
    is correct, so I wonder if I'm doing something obviously wrong? I'm not using certficate for authentication. I don't know anything about routers or openwrt, so I would be very grateful if you could help me with this - I'm struggling to set up eduraom for days now. :)


    Best regards,

    Albert

    ReplyDelete