This is an old revision of the document!
WAN through Hotspot 2.0/Passpoint
Introduction
- Not all WiFi devices support WPA2 Enterprise security.
- WPA2 Enterprise security involves a username and password or certificates.
- Most printers, gaming consoles or IoT equipment only support WPA Personal.
- Should the need arise for them to also join an enterprise network we developed a central managed solution that can act as a bridge.
- This page provides a more detailed explanation of our solution.
The Eduroam Travel Router
Consider the following practical example.
- Meet Tim.
- Tim is the network administrator of a big university somewhere in Europe.
- The university participates in Eduroam.
- The university has a couple of scientists working on specialized equipment that only has network access through an Ethernet port.
- Each of these scientists will travel to other universities over the next few months to give demonstrations and talks.
- These universities also participate in Eduroam.
- Tim will now configure an Eduroam Travel Router on APdesk for each of these scientists.
- This will allow them to connect their specialized equipment to the router while the router uses the Hotspot 2.0 connection as the uplink.
- Many travel routers allow you to have a WPA2 Enterprise uplink.
- We don't know of any centrally managed travel routers that supports Hotspot 2.0 uplinks besides the ones managed by APdesk and MESHdesk.
Acknowledgement
- We would like to acknowledge and express our gratitude to the individuals who contributed to and provided valuable information and projects that served as references for developing this enhancement to MESHdesk and APdesk.
WPA-ENTERPRISE/HS2.0 UPLINKS
- RADIUSdesk now have a WPA-ENTERPRISE/HS2.0 UPLINKS applet that makes the management of WPA-Enterprise and Hotspot 2.0 uplinks a breeze.
WPA-Enterprise Uplink
Passpoint / Hotspot 2.0 Uplink
Assigning the Uplink
Connected
Technical detail
- When you select a specific uplink, the detail for that uplink will be assigned to the AP or mesh node when it fetched its settings.
- The MESHdesk firmware contains a modified /lib/netifd/hostapd.sh file that allows the AP to be able to connect to Hotspot 2.0 networks.
- One very important item to remember if you are security conscious it the Domain Suffix Match. This protects you against Evil Twin attacks.
- Lets look at some sample configs ant feedback form the logread command.