This is an old revision of the document!
Private PSK (PPSK) feature on hostapd
File or RADIUS
- The PPSK feature in hostapd gives the user the choice of providing the PPSKs using a file or using RADIUS.
- Having the option of supplying the PPSKs in a text file allows for quick and simplified deployments.
Quick and dirty file based PPSK on OpenWrt
- We assume you are familiar with the UCI system in OpenWrt.
- Configure a SSID with WPA2 pre shared key.
config wifi-iface 'two' option ifname 'two0' option disabled '0' option encryption 'psk2' option isolate '0' option key '12345678' option mode 'ap' option network 'lan' option device 'radio0' option hidden '0' option ssid 'RADIUSdesk'
- Next we will replace the key which is a single value (12345678) with a file with multiple keys.
config wifi-iface 'two' option ifname 'two0' option disabled '0' option encryption 'psk2' option isolate '0' #option key '12345678' option wpa_psk_file /etc/psk.list option mode 'ap' option network 'lan' option device 'radio0' option hidden '0' option ssid 'RADIUSdesk'
- Here is the contents of the /etc/psk.list file
00:00:00:00:00:00 highwaystar 00:00:00:00:00:00 blacknight 00:00:00:00:00:00 smokeonthewater 00:00:00:00:00:00 picturesofhome 00:00:00:00:00:00 childintime
- Restart the WiFi network
wifi down wifi up
- hostapd will now go through the list in the PSK file and see if it can find a match when someone tries to connect to the SSID.
Advanced file based PPSK on OpenWrt
- The first section covered a very basic PPSK implementation.
- This section will look at more advanced options including MAC and VLAN association with certain keys.
- You can also visit this forum discussion which is where most of the info comes from.