OSU Navigation Bar

WRT54G: WPA2 with EAP-TLS

WRT54G: WPA2 with EAP-TLS HOWTO

This document describes how to setup EAP-TLS on the Linksys WRT54G router running the OpenWRT linux distribution. The end result will be a self-contained device that will authenticate wireless clients via freeradius installed on the device itself through WPA2 Enterprise EAP-TLS x.509 certificates.

JJM: THESE NOTES ARE INCOMPLETE. I hope to polish them as soon as I have more time to play with my WRT54GS.

Motivation

  • Decentralized Mutual Authentication1)
  • Extremely low cost
  • Reusable
    • Kismet Drones
    • Actively DoS Rogue AP’s
    • Locate interferance
    • Wireless Client Mode
  • Remote access VPN nodes
  • Large community base
  • Mature Linux Distribution

Hardware

I personally recommend versions of the WRT54GS prior to v4.0, available for around $60 on eBay. v4.0 has identical hardware when compared to previous versions, but contains half the ram and flash listed here.

The WRT54GS has the following specs:

  • 200 MHz mips processor
  • 4MBytes flash rom.
  • 16MBytes RAM
  • 10/100 Switch with hardware VLAN support to each port
  • Dual Antennas independantly controlled via software.
  • 802.11 B/G 54Mbit/Sec networking
  • 2 serial ports2)
  • JTAG diagnostics port
  • GPIO: Status LED and Reset Button
  • 12v at 1A DC power

Procedure

  1. Install OpenWRT
  2. Configure OpenWRT
  3. Install admin packages
  4. Install authentication packages
  5. Configure FreeRadius
  6. Enable WPA2 EAP-TLS Authentication

Install OpenWRT

fixme.gif

Configure OpenWRT

fixme.gif

Install admin packages

# copy me
ipkg update
ipkg install snmpd wireless-tools wl
 
# Optional, depending on available ROM
ipkg install screen
 

Install Authentication Packages

# copy me
ipkg update
ipkg install nas freeradius-mod-eap-tls
 

References