dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
v19.07.3_mercusys_ac12_duma
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10557694bb'
${ noResults }
openwrt/package/network/services
History
Felix Fietkau e4cf25cfab wpa_supplicant: improve generating phase2 config line for WPA-EAP 
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...

The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.

Examples:
  eap_type   auth
  'ttls'     'EAP-MSCHAPV2'     -> phase2="autheap=MSCHAPV2"
  'ttls'     'MSCHAPV2'         -> phase2="auth=MSCHAPV2"
  'peap'     'EAP-GTC'          -> phase2="auth=GTC"

Deprecated syntax supported for compatibility:
  'ttls'     'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"

I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48309
 		9 years ago
..
authsae authsae: Use kbit/s as mcast_rate unit like wpad 9 years ago
dnsmasq dnsmasq: Add option --min-port 9 years ago
dropbear dropbear: update version to 2015.71 9 years ago
ead cosmetic: remove trailing whitespaces 9 years ago
hostapd wpa_supplicant: improve generating phase2 config line for WPA-EAP 9 years ago
igmpproxy igmpproxy: fix spurious restarts on interface events, pass used netdevs to procd instead 9 years ago
ipset-dns Add a few SPDX tags 10 years ago
lldpd package/lldpd: Remove extraneous select 9 years ago
mdns packages: use OPENWRT_GIT to point at the main openwrt git repo 9 years ago
odhcpd odhcpd: correctly handle netlink congestion case 9 years ago
omcproxy omcproxy: fix PKG_LICENSE string 9 years ago
openvpn openvpn: update to version 2.3.10 9 years ago
openvpn-easy-rsa packages: remove uneeded PKG_BUILD_DIR overrides 9 years ago
ppp ppp: use more reliable way to set script environment 9 years ago
relayd relayd: move to git.openwrt.org 9 years ago
samba36 samba36: add three CVE patches from 2015-12-16 9 years ago
uhttpd uhttpd: move to git.openwrt.org 9 years ago