安装wpad

root@OpenWrt:~# opkg update

root@OpenWrt:~# opkg install wpad wpa-cli

root@OpenWrt:~# wpa_supplicant -v
wpa_supplicant v2.11-devel
Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi> and contributors
root@OpenWrt:~#

创建 /etc/config/wpa_supplicant.802.1x.conf 配置文件：

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
ap_scan=0
network={
  key_mgmt=IEEE8021X
  eap=PEAP
  phase2="autheap=MSCHAPV2"
  identity="...username..."
  password="...password..."
  priority=2
}

注意：根据自己的 有线 wan 网口 修改下面脚本对应的网卡设备名：

# uci show network.wan.ifname
network.wan.ifname='eth0.2'

手动执行确认 802.1X 认证是否正常：

# wpa_supplicant -D wired -i eth0.2 -c /etc/config/wpa_supplicant.802.1x.conf -dd -t
1617066480.560461: Successfully initialized wpa_supplicant
1617066480.702295: eth0.2: Associated with 06:80:e2:00:00:03
1617066480.702474: eth0.2: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
1617066509.104670: eth0.2: CTRL-EVENT-EAP-STARTED EAP authentication started
1617066509.114050: eth0.2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
1617066509.118585: eth0.2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
1617066509.118804: eth0.2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
1617066509.147293: eth0.2: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='C=CN, ST=..., L=.., O=..., OU=..., '
1617066509.219356: EAP-MSCHAPV2: Authentication succeeded
1617066510.271884: eth0.2: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
1617066510.272061: eth0.2: CTRL-EVENT-CONNECTED - Connection to 06:80:e2:00:00:03 completed [id=0 id_str=]

创建开机启动脚本：

#!/bin/sh /etc/rc.common
START=99

start() {
echo start
    pgrep -f wpa_supplicant.802.1x.conf|xargs kill
    wpa_supplicant -D wired -i eth0.2 -c /etc/config/wpa_supplicant.802.1x.conf -dd -t &
}

脚本增加 可执行 权限：

# chmod +x /etc/init.d/wpa-autostart

# /etc/init.d/wpa-autostart enable

# ls -lh /etc/init.d/wpa-autostart
-rwxr-xr-x    1 root     root         199 Mar 30 10:04 /etc/init.d/wpa-autostart

crontab

发现连接不太稳定，每隔一段时间会断一次，所以写了一个脚本通过 crontab 自动检查：

#!/bin/sh

export PATH=/usr/sbin:/usr/bin:/sbin:/bin

# uci show network.wan.ifname
wan=eth0.2
time=$(date +'%F %T')
ipaddr=$(ip -o a s $wan)

if [ -n "$ipaddr" ]
then
    ip=$(ip -o a s $wan|awk '{print $4}')
    echo "__INFO: $(basename "$0") $time OK $wan IP: $ip"
else
    echo "__INFO: $(basename "$0") $time ERROR $wan IP missing"
    if pgrep -af wpa_supplicant.802.1x.conf
    then
        pgrep -f wpa_supplicant.802.1x.conf|xargs kill
    fi
    echo "$time $(basename "$0")" >> /tmp/802.1x-restart.log
    wpa_supplicant -D wired -i $wan -c /etc/config/wpa_supplicant.802.1x.conf -dd -t &
fi

添加 crontab 任务，每隔 1 分钟检查一次：

# crontab -l
* * * * * /bin/sh -x /etc/config/check.802.1x.sh &> /tmp/check.802.1x.log

启动 crontab 服务观察执行日志：

# /etc/init.d/cron enable
# /etc/init.d/cron start

# pgrep -af cron
400 /usr/sbin/crond -f -c /etc/crontabs -l 5

# logread -e cron
Tue Mar 30 10:11:08 2021 cron.info crond[400]: crond (busybox 1.30.1) started, log level 5
Tue Mar 30 10:12:00 2021 cron.info crond[400]: USER root pid 7003 cmd /bin/sh -x /etc/config/check.802.1x.sh &> /tmp/check.802.1x.log
Tue Mar 30 10:13:00 2021 cron.info crond[400]: USER root pid 10108 cmd /bin/sh -x /etc/config/check.802.1x.sh &> /tmp/check.802.1x.log
Tue Mar 30 10:14:00 2021 cron.info crond[400]: USER root pid 13235 cmd /bin/sh -x /etc/config/check.802.1x.sh &> /tmp/check.802.1x.log

reference Permalink

How to configure OpenWRT router as 802.1X wired access client 2017-12-04

OpenWrt-router as 802.1x-client 2020-12-08

Connect router (Archer C50) to a 802.1X EAP network 2019-04-04

https://wiki.archlinux.org/index.php/wpa_supplicant

openwrt wan 802.1X 认证 2012-08-10