PEAP mschapv2 auth in station mode?

Shaldy · February 16, 2012, 6:29am

Still can’t do it?
I’ve tried to google it, but all i get is feature request threads on this forum.

I need to connect my Mikrotik devices to wireless network that uses PEAP MSCHAPv2 auth, is it possible after all this years of RouterOS development?

Freqman · November 12, 2012, 4:24pm

I just ran into the same issue. I’d like to use Mikrotik in client mode on a network that is using EAP type PEAP but I’m hitting a wall. Any updates on this?

CsXen · November 29, 2014, 10:57pm

Still waiting…
I need EAP-PEAP-MSCHAPv2 in station mode.
It is essentially to connect to the new UPC Wi-Free network with a MT Routerboard.

Regards: Xen

vokchaks · December 3, 2014, 2:45am

howto you make it?

vokchaks · December 3, 2014, 2:47am

howto you make it?

CsXen · December 13, 2014, 11:14am

Hi.

howto you make it?

I can’t. MikroTik still has NO option to choose PEAP authentication in station mode. Not in winbox, neither in CLI.
So still waiting…
(And using Ubiquiti, because it can make EAP-PEAP-MSCHAPv2 out of box!)
But any idea or hack appreciated.

Regards: Xen

oreggin · July 11, 2015, 9:50am

Hi!

I faced the same problem. I can’t use my RB433AH to connect UPC Wi-Free as a station, to share it for my PC and Laptop. UPC Wi-Free is getting more widespread, so it will be appreciated to implement PEAP-MSCHAPv2 in RoS.

Cheers,
oreggin

fractalbrain · February 16, 2016, 4:45am

Anyone have any luck getting this working over in this thread? (I’m going forum digging and visiting from http://forum.mikrotik.com/t/feature-request-eap-peap-for-wireless-client/34166/11)

fractalbrain · February 18, 2016, 5:04pm

Hey everyone! I heard back from support today.

They said “note that we support eap-ttls-mschapv2 and we don’t have PEAP support.”

Note that I am using RouterOS release candidate 6.35rc11 and the “current” RouterOS is 6.34.1.

fractalbrain · February 19, 2016, 5:20pm

Update:

I got another reply from Mikrotik.

The person I’m corresponding with successfully tested eap-ttls-mschapv2 using the following set-up:

“…a test EAP radius server and got connected with an android phone and then
repeated the connection with the RouterOS as a client and it was working fine
when specifying the supplicant-identity and the mschapv2-user/password and and
setting tls-mode=dont-verify-certificate”

I personally don’t have access to a eap-ttls-mschapv2 setup at the moment, but testing it with a cert would probably be good. I know this thread is regarding PEAP, but can anyone verify they have eap-ttls-mschapv2 working with a cert? (or let me know if there is something I don’t understand )

Now, about PEAP, the person I’m corresponding with reasserted and noted the following:
“Since we don’t have PEAP support eap-peap method will not work.
Currently we don’t have any plans to add support the PEAP for the RouterOS
wireless client.”

I’ve asked if a formal feature request can be put in and if the eap-ttls-mschapv2 stuff can be put into the GUIs. I’ll update when I hear more.

-e

dominet · April 2, 2016, 8:58pm

Hi,

Today I have tried to connect my MT routerOS to a UPC Wi-Free service without success.

As I read the posts I have found that some of us has the time and knowledge to work on this issue, but does not have a UPC Wi-Free service in the area, so I have installed a router to a place where I am able to receive 30 (!) UPC Wi-Free APs. For details see attachment.
upc_wifree.jpg
If someone is interested an willing to play a bit with the MikroTik and UPC Wi-Free connection then please PM me for credentials. (I will send both login information)

Pery.

juliobrito · May 24, 2016, 2:08pm

Regards,

Please, remember that all Mikrotik users need the implementation of PEAP-MSCHAPv2 Wireless Station Mode. We have more that 7 years waiting for it option.

torius · October 14, 2016, 9:22am

BUMP

Just another customer that would like to use this feature.

Would be nice if someone from the MikroTik could comment whether this feature will be added in the future or not. So that we could make informed decision whether to wait for it or switch to another OS.

HighVoltage · December 31, 2016, 12:58pm

I don’t get it… This thread is nearly five years old and the feature’s still not available. Though, in these areas PEAP MSChapV2 is very commonly used. How about the rest of the world?

pe1chl · December 31, 2016, 3:00pm

I would like to see it as well so we can convert our AP’s from WPA2-PSK to WPA2-EAP and give every user a unique password.
It works fine in AP mode but not in station mode. It does work on Ubiquiti clients connected to a MikroTik as AP.
Unfortunately all requests are ignored or denied “because it is seldomly requested”…

onlineuser · January 31, 2017, 2:32pm

Any news concerning WPA2-Enterprise (EAP)?

pe1chl · April 29, 2017, 4:28pm

It is now working! Release 6.39

onlineuser · January 4, 2018, 9:44pm

Good news!

Did you try it within the UPC Wi-Free network?

Is it possible to use a RB2011 or any other wireless RB as wireless client with WPA2-Enterprise client (WAN) and as accesspoint (LAN) for the home network? In fact I only want to tunnel all internal traffic over the Wi-Free network through an OVPN connection.

pe1chl · January 5, 2018, 9:04am

I tested it against MikroTik and Ubiquiti APs running WPA2-EAP with a RADIUS server (freeradius) and it works OK.
I can’t tell what happens with other services that are not available locally or I have no account on.

HighVoltage · November 4, 2019, 7:30pm

Sorry for kicking this thread up. Just wanted to confirm it finally works

Tried it on the Belgian Telenet WiFree network. Can confirm it works.

Is it possible to use a RB2011 or any other wireless RB as wireless client with WPA2-Enterprise client (WAN) and as accesspoint (LAN) for the home network?

Yes, that’s possible (wireless client = station mode)