Private PSK (PPSK) feature on hostapd

• The PPSK feature in hostapd gives the user the choice of providing the PPSKs using a file or using RADIUS.
• Having the option of supplying the PPSKs in a text file allows for quick and simplified deployments.

• We assume you are familiar with the UCI system in OpenWrt.
• Configure a SSID with WPA2 pre shared key.

config wifi-iface 'two'
   option ifname 'two0'
   option disabled '0'
   option encryption 'psk2'
   option isolate '0'
   option key '12345678'
   option mode 'ap'
   option network 'lan'
   option device 'radio0'
   option hidden '0'
   option ssid 'RADIUSdesk'

• Next we will replace the key which is a single value (12345678) with a file with multiple keys.

config wifi-iface 'two'
   option ifname 'two0'
   option disabled '0'
   option encryption 'psk2'
   option isolate '0'
   #option key '12345678'
   option wpa_psk_file /etc/psk.list
   option mode 'ap'
   option network 'lan'
   option device 'radio0'
   option hidden '0'
   option ssid 'RADIUSdesk'

• Here is the contents of the /etc/psk.list file

00:00:00:00:00:00 highwaystar
00:00:00:00:00:00 blacknight
00:00:00:00:00:00 smokeonthewater
00:00:00:00:00:00 picturesofhome
00:00:00:00:00:00 childintime

• Restart the WiFi network

wifi down
wifi up

• hostapd will now go through the list in the PSK file and see if it can find a match when someone tries to connect to the SSID.

• The first section covered a very basic PPSK implementation.
• This section will look at more advanced options including MAC and VLAN association with certain keys.
• You can also visit this forum discussion which is where most of the info comes from.