GL-iNet GL-SFT1200 openwrt 路由器中继模式 802.1X EAP/WPA2 无线认证

WHAT

GL-iNet GL-SFT1200 Opal 1200Mbps 便携式双频路由器 使用的是 矽昌通信SF19A28 国产 CPU

青岛矽昌通信技术有限公司于 2014 年创立。

于 2020 年 9 月份,成功流片国内首款一芯双频千兆 Wi-Fi 路由芯片 SF19A28。该芯片在保留 SF16A18 芯片高集成度的基础上,提升双倍带宽,最高连接速度达到 1200Mbps(兆比特/秒),支持 MIMO2 * 2 双通道通信。

GL.iNet GL-SF120 国产 CPU 路由器性能如何? GL.iNet 路由器测评 2021-09-15

设备CPU参数AES 单线程AES 多线程
小米 AC2100MT7621AT双核 880MHz6138.54k12518.54k
GL-SF120矽昌 SF19A2890双核四处理器 1GHz5338.54k10730.71k
BusyBox v1.29.3 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06, LEDE
 -----------------------------------------------------
root@GL-SFT1200:~# cat /proc/cpuinfo
system type             : MIPS sf19a28
machine                 : GL-SFT1200
processor               : 0
cpu model               : MIPS interAptiv (multi) V2.8  FPU V0.0
BogoMIPS                : 531.66
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 64
extra interrupt vector  : yes
hardware watchpoint     : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa                     : mips1 mips2 mips32r1 mips32r2
ASEs implemented        : mips16 dsp dsp2 mt eva
shadow register sets    : 1
kscratch registers      : 3
package                 : 0
core                    : 0
VPE                     : 0
VCED exceptions         : not available
VCEI exceptions         : not available

官方 2021-12-01 发布的 3.206 固件 不支持 在后台管理页面设置 802.1X 无线认证

img

官方固件默认的 wpad 软件包是支持 802.1X EAP/WPA2 无线认证的:

root@GL-SFT1200:~# ls -lh /usr/sbin/wpa_supplicant
lrwxrwxrwx    1 root     root           4 Dec  1 19:16 /usr/sbin/wpa_supplicant -> wpad

root@GL-SFT1200:~# opkg search /usr/sbin/wpad
wpad-openssl - 2019-08-08-ca8c2bd2-4

root@GL-SFT1200:~# opkg list-installed|grep wpad
wpad-openssl - 2019-08-08-ca8c2bd2-4

HOW

中继模式手动配置 802.1X EAP/WPA2 无线认证

扫描 WIFI 信号:

root@GL-SFT1200:~# iw dev wlan0 scan

BSS 36:17:c3:0e:05:12(on wlan0)                                 <-- BSSID
    TSF: 5838622566325 usec (67d, 13:50:22)
    freq: 5745
    beacon interval: 100 TUs
    capability: ESS Privacy ShortSlotTime (0x0411)
    signal: -45.00 dBm
    last seen: 270 ms ago
    Information elements from Probe Response frame:
    SSID: OFFICE-WIFI                                           <-- SSID
    Supported rates: 6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0
    DS Parameter set: channel 149                               <-- 信道
    RSN:     * Version: 1
         * Group cipher: CCMP
         * Pairwise ciphers: CCMP
         * Authentication suites: IEEE 802.1X
         * Capabilities: 4-PTKSA-RC 4-GTKSA-RC (0x0028)
    HT capabilities:
        Capabilities: 0x9ef
            RX LDPC
            HT20/HT40
            SM Power Save disabled
            RX HT20 SGI
            RX HT40 SGI
            TX STBC
            RX STBC 1-stream
            Max AMSDU length: 7935 bytes
            No DSSS/CCK HT40
        Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
        Minimum RX AMPDU time spacing: 8 usec (0x06)
        HT RX MCS rate indexes supported: 0-31
        HT TX MCS rate indexes are undefined
    HT operation:
         * primary channel: 149                                 <-- 信道
         * secondary channel offset: above
         * STA channel width: any
    Extended capabilities:
         * Extended Channel Switching
         * BSS Transition
         * Operating Mode Notification
    WMM:     * Parameter version 1
         * u-APSD
         * BE: CW 63-1023, AIFSN 3
         * BK: CW 63-1023, AIFSN 7
         * VI: CW 7-15, AIFSN 2, TXOP 3008 usec
         * VO: CW 3-7, AIFSN 2, TXOP 1504 use

修改配置文件:

root@GL-SFT1200:~# tail -15 /etc/config/wireless

config wifi-iface 'sta'
    option device 'radio0'
    option network 'wwan'
    option mode 'sta'
    option ifname 'wlan-sta'
    option ssid 'OFFICE-WIFI'                                   <-- SSID
    option bssid '36:17:C3:0E:05:12'                            <-- BSSID
    option channel '149'                                        <-- 信道
    option encryption 'wpa2'
    option eap_type 'peap'
    option auth 'MSCHAPV2'
    option identity 'USERNAME'                                  <-- 用户名
    option password 'PASSWORD'                                  <-- 密码

并修改 GL iNet 自定义的 ssids 配置:

root@GL-SFT1200:~# cat /etc/config/ssids

config network
    option ssid 'OFFICE-WIFI'
    option disabled '0'
    option encryption 'wpa2'
    option identity 'USERNAME'
    option password 'PASSWORD'
    option ignore '0'
    option trycount '0'
    option device 'radio0'
    option channel '40'

root@GL-SFT1200:~# uci show wireless.sta
wireless.sta=wifi-iface
wireless.sta.device='radio0'
wireless.sta.network='wwan'
wireless.sta.mode='sta'
wireless.sta.ifname='wlan-sta'
wireless.sta.ssid='OFFICE-WIFI'
wireless.sta.bssid='36:17:C3:0E:05:12'
wireless.sta.channel='149'
wireless.sta.encryption='wpa2'
wireless.sta.eap_type='peap'
wireless.sta.auth='MSCHAPV2'
wireless.sta.identity='USERNAME'
wireless.sta.password='PASSWORD'

root@GL-SFT1200:~# uci show ssids
ssids.@network[0]=network
ssids.@network[0].ssid='OFFICE-WIFI'
ssids.@network[0].disabled='0'
ssids.@network[0].encryption='wpa2'
ssids.@network[0].identity='USERNAME'
ssids.@network[0].password='PASSWORD'
ssids.@network[0].ignore='0'
ssids.@network[0].trycount='0'
ssids.@network[0].device='radio0'
ssids.@network[0].channel='149'

修改完配置,重启路由器后,可以看到成功连接:

root@GL-SFT1200:~# ip a
...
12: wlan-sta: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 6e:83:c4:... brd ff:ff:ff:ff:ff:ff
    inet 10.20.3.57/22 brd 10.20.3.255 scope global wlan-sta
       valid_lft forever preferred_lft forever

root@GL-SFT1200:~# iw dev
phy#1
    Interface wlan0
        ifindex 14
        wdev 0x100000003
        addr 94:83:c4:...
        ssid OPENWRT
        type AP
        channel 149 (5745 MHz), width: 40 MHz, center1: 5755 MHz
        txpower 25.00 dBm
    Interface wlan-sta
        ifindex 12
        wdev 0x100000002
        addr 6e:83:c4:...
        ssid OFFICE-WIFI
        type managed
        channel 149 (5745 MHz), width: 40 MHz, center1: 5755 MHz
        txpower 0.00 dBm
phy#0
    Interface wlan1
        ifindex 13
        wdev 0x2
        addr 94:83:c4:...
        ssid openwrt
        type AP
        channel 11 (2462 MHz), width: 40 MHz, center1: 2452 MHz
        txpower 20.00 dBm

root@GL-SFT1200:~# pgrep -af wpa
2403 /usr/sbin/wpa_supplicant -B -s -P /var/run/wpa_supplicant-wlan-sta.pid -D nl80211 -i wlan-sta -c /var/run/wpa_supplicant-wlan-sta.conf -C /var/run/wpa_supplicant
2429 /usr/sbin/wpa_cli -a /usr/bin/wpa_cli_event.sh -i wlan-sta

root@GL-SFT1200:~# cat /var/run/wpa_supplicant-wlan-sta.conf
ctrl_interface=/var/run/wpa_supplicant
update_config=1
country=US
network={
    scan_ssid=1
    ssid="OFFICE-WIFI"
    key_mgmt=WPA-EAP
    identity="USERNAME"
    password="PASSWORD"
    phase2="auth=MSCHAPV2"
    eap=PEAP
    proto=WPA2
    bssid=36:17:C3:0E:05:12
}

reference

Introduction to 802.1X

Connect to client Wi-Fi network

Add new network to Known WiFi Networks in advance 2020-10-16