Enable built-in RADIUS support for full version of hostapd package
Username: Vladislav Yarmak
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=1769
hostapd has built-in RADIUS server and capable to perform EAP authentication without external authenticator. Unfortunately OpenWRT package builds full version of hostapd with internal crypto backend. All functions related to EAP-
TLS
in internal crypto backend stubbed with empty bodies returning error immediately.
Recently I used FreeRADIUS running directly on my router, but it requires pretty remarkable amount of RAM. I ended up with
patch
for openwrt build specs in order to build fully functional hostapd. Also I made some ugly hacks in netifd scripts to compose proper hostapd.conf. Finally, I got working EAP-
TLS
auth virtually with no additional costs.
Probably support for internal RADIUS and some authentication methods should be added to LUCI/UCI configuration interface.
I guess secure WLAN is not a luxury feature and EAP auth is mandatory for modern secure networks.
My device is: TP-Link Archer C50 V1
My current OpenWRT version is: OpenWrt 18.06.0, r7188-b0b5c64c