DD WRT WPA2 Enterprise
Transcript of DD WRT WPA2 Enterprise
7/23/2019 DD WRT WPA2 Enterprise
http://slidepdf.com/reader/full/dd-wrt-wpa2-enterprise 1/3
DD-WRT with WPA2-EnterpriseAuthentication
22. MAY 2014 [email protected]
WPA2 currently supports two different authentication approaches - WPA2-PSK and WPA2-Enterprise. Normally, home-users will use WPA2-PSK because it’s simply to set-up and almost nodevice suitable for home use supports WPA2-Enterprise.
With DD-WRT things have changed, WPA2-Enterprise is now in reach for everyone. In this smalltutorial i will outline the steps necessary to set it up.
Please not that it does not automatically increase the level of security in your network. If you use along enough WPA2 Pre-Shared Key and if you can make sure that nobody has access to this keythey are equal in terms of security. WPA2-Enterprise has it’s advantages in other areas like theability to revoke network access for single clients. It also increases complexity of the system setupas you will soon see.
Page of #1 3
7/23/2019 DD WRT WPA2 Enterprise
http://slidepdf.com/reader/full/dd-wrt-wpa2-enterprise 2/3
Step 1: Enable JFFS2
You need to enable JFFS2 to make your Filesystem writable (without it, everything is stored inNVRAM):
Step 2: Enable FreeRadius and generate a Root-Certificate
The passphrase used in this step is used to protect the private portion of the certificate
Page of #2 3
7/23/2019 DD WRT WPA2 Enterprise
http://slidepdf.com/reader/full/dd-wrt-wpa2-enterprise 3/3
Step 3: Configure the RADIUS Authenticator
Under “Clients” enter the IP Address of your Access Point. If you have only one AP, this is probablythe IP Address of the device you are currently working on. The Shared Key entered here is used toencrypt the communication between the Authenticator and the RADIUS Server.
Step 4: Add Users
Insert the credentials of your users here - these are used to authenticate to RADIUS. You can alsogenerate a certificate if you don’t want your users to manually have to enter a username/passwordbut instead use certificate based authentication.
Step 5: Enable WPA2-Enterprise
The Shared secret entered here is the one entered on Step 3.
Step 6: Connect to the Network
The first time you connect to the Wireless Network you will be presented a warning because theCertificate is not trusted. To prevent this from happening, install the Root Certificate which is storedin “/jffs/etc/freeradius/certs/server.crt” on the DD-WRT box. Enable SSH and use SCP to downloadit.
Page of #3 3