When there is only one Ethernet socket and no wireless signal in your apartment, you may resort to Wi-Fi routers…
Unfortunately, in some situations the wired internet is based on 802.1X authentication. Does it matter? Yup.. Most routers only support static IP, DHCP, PPPoE on WAN port by default . That is, we need some more steps to achieve our goal.
- A router that supports LEDE (now is merged into OpenWrt project1) firmware. You can check in this page.
- Suitable environment to run image generator. (for those devices whose flashes are not larger than 4MB)
- Proper environment to communicate with router. For example, Terminal on macOS, PuTTY and WinSCP on Windows.
- Certificate, username, and password for the 802.1X authentication.
Okey, I suggest you having these things already. So…, Let’s do it now!
In my case (TP-Link TL-WR841ND v8 international), the 4MB flash is not enough to install packages on the default LEDE firmware. I have to rebuild the image…
- Download and uncompress image generator on the 64bit Linux system. Since it uses Atheros AR71xx CPU, we download the image generator here (17.01.4 release).
tar Jxvf lede-imagebuilder-17.01.4-ar71xx-generic.Linux-x86_64.tar.xz
- Login to 192.168.1.1 to set the correct date/time. The certificate may be invalid if the date/time is wrong.
- Find the
tl-wr841-v8in my case. You can find the profile name by typing
- We have to add two more packages:
wpad, and remove
wpad-minisince it doesn’t have authentication methods we need. Thus, the command is
make image PROFILE=tl-wr841-v8 PACKAGES="luci wpad -wpad-mini"
If the flash is only 4MB, you may encounter an error. 🙁
We need to remove more packages… I think
ppp-mod-pppoe are not essential in my case, so I removed them:
(2018.3.20 update: At the time I built the image in 2017, I have to remove unused packages. If you are able to build the firmware without removing other packages like
ppp, congratulation! This may happen due to different versions of packages.)
Now, the firmware is completely built! We can find the file (lede-ar71xx-generic-tl-wr841-v8-squashfs-factory.bin) in the
- Next, upload this file to the router. If the router is not running original firmware, you may use
scp YourBinFile [email protected]:/tmp
cd /tmp && mtd -r write YourBinFile firmware
- After that, we have to setup config file for authentication. In my case, the Ethernet is running EAP-TTLS and PAP authentication protocol. We have the config file like this:
Certificate file must be in
der format. For other authentication methods and more information, you can check here.
- Now we can run for testing!
wpa_supplicant -i eth0 -D wired -c PathToYourConfigFile -dd -t
(Suppose wired interface is
eth0.) If all things work correctly, we can connect to the Internet via the router now. 🙂
- Furthermore, we can create an
initfile for running the command automatically after router powered on.
Put this file in
/etc/init.d directory, and
chmod it before executing!)
That’s it. Have fun. 😛
As the recent announcement shown in OpenWrt website, LEDE has merged under OpenWrt project. Therefore, I replaced the old links listed in this tutorial with new ones.