This guide describes steps required to configure 802.1x wired authentication using wpa_supplicant on Cavium-based Ubiquiti Edgerouter devices running EdgeOS 2.0. Mediatek (Edgerouter-X) procedure is similar, however I do not have such device and could not recompile wpa_supplicant for it.
Copy EAP-TLS certificates and private key in PEM format to /config/auth/
Run sudo chmod -R 0600 /config/auth to secure the credentials.
Copy wpa_supplicant.conf to /config/
If you are using wpa_supplicant.conf generated by a tool in the previous post, modify certificate and key paths to point to /config/auth/
Copy EAP-TLS certificates and private key in PEM format to /config/auth/
Run sudo chmod -R 0600 /config/auth to secure the credentials.
Copy wpa_supplicant.conf to /config/
If you are using wpa_supplicant.conf generated by a tool in the previous post, modify certificate and key paths to point to /config/auth/
Assuming wpa_supplicant.conf resides in /config/, the router has Internet connectivity and Internet interface that requires wpa_supplicant is eth0, run the following commands in console:
#Remove 1.x repository, add 2.0 Debian repository and install prerequisites configure delete system package repository wheezy set system package repository stretch components 'main contrib' set system package repository stretch distribution stretch set system package repository stretch password '' set system package repository stretch url 'http://http.us.debian.org/debian' set system package repository stretch username '' commit save exit sudo apt-get update && sudo apt-get install libpcsclite1 #Download backported Debian Buster wpa_supplicant and install it curl https://community.ubnt.com/ubnt/attachments/ubnt/EdgeMAX/235525/1/wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz -o /tmp/wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz cd /tmp/ tar -xvf ./wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz sudo dpkg -i /tmp/wpasupplicant_2.6-21~bpo9+1_mips.deb #Create symbolic link to wpa_supplicant.conf for eth0 sudo ln -s /config/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant-wired-eth0.conf #Disable dbus service and enable wired wpa_supplicant for eth0 sudo systemctl disable wpa_supplicant.service sudo systemctl enable wpa_supplicant-wired@eth0.service #Save DEB packages for future use, allow /etc/ubnt/ubnt-rcS/ubnt-rcS.sh to install them sudo mkdir -p /config/data/firstboot/install-packages && cd /config/data/firstboot/install-packages sudo apt-get download libpcsclite1sudo curl https://community.ubnt.com/ubnt/attachments/ubnt/EdgeMAX/235525/1/wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz -o /config/data/firstboot/install-packages/wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz sudo tar -xvf ./wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz sudo rm /config/data/firstboot/install-packages/wpasupplicant_2.6-21~bpo9+1_mips.deb.tar.gz #Recover configuration on EdgeOS upgrade sudo mkdir -p /config/scripts/firstboot.d/ echo '#!/usr/bin/env bash' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh echo 'ln -s /config/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant-wired-eth0.conf' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh echo 'systemctl stop wpa_supplicant.service' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh echo 'systemctl disable wpa_supplicant.service' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh echo 'systemctl enable wpa_supplicant-wired@eth0.service' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh echo 'systemctl start wpa_supplicant-wired@eth0.service' | sudo tee -a /config/scripts/firstboot.d/8021x-eth0.sh sudo chmod 0744 /config/scripts/firstboot.d/8021x-eth0.sh reboot