Hey I know that debugging is a very long process and that the pile of tickets is a heavy one, but pardon my bitterness. I posted an issue on this forum and I immediately got answers saying that you had missing info on my hardware and software. Now that I believe I've cleared things out, there is suddenly nobody who can give me hints on why a virtual AP would not correctly authenticate clients.
... I'm stuck with WPA2 Enterprise not working for my VAP.
It's perfectly working for my main AP.
Debugging on the RADIUS server shows that the (V)AP never sends the password, only the username.
I'm thinking of creating a ticket for that issue, but maybe there's something I'm missing elsewhere?
Hoggins wrote:
... r46836 std (06/01/21) on TP-Link TL-WR841ND v11.
The AP does not send the password to the RADIUS server through the virtual AP, although it does normally for the "main" AP.
I realize that you're using an external Radius server (which I haven't tested). But FYI, VAP authentication has been working well for the last year or so with the built-in FreeRadius service (which I use on Broadcom and Marvell based devices, and soon to try on Atheros). Here on a Linksys WRT1900ACSv2 (Marvell) running the current r46885 build, I've got WPA3-EAP on wlan0 and wlan1, WPA2-EAP on wlan0.1 and wlan1.1, and WPA3-SAE on wlan1.2.
I also have Netgear R7000 (Broadcom) devices with Enterprise VAPs working fine. I guess your WR841ND has an Atheros chip. Hopefully that's not the issue. As soon as I get my Netgear R9000 (Atheros) going, I'll test on that too. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Joined: 08 May 2018 Posts: 14217 Location: Texas, USA
Posted: Tue Jun 08, 2021 16:40 Post subject:
Reply from the developer:
BrainSlayer wrote:
unrelated to dd-wrt. he has a own freeradius installation with a wrong configuration. his client (which is not dd-wrt) authenticated against a freeradius server (which is not dd-wrt too)
Indeed it was unrelated to DD-WRT: it was a strange case when only this VAP (with this specific SSID) was failing during REST authentication, preventing EAP-TTLS from going into phase 2 (inner-tunnel).