PEAP-MSCHAPv2

RouterOS Wireless Networking
1

Add WAP-EAP PEAP support?

  • Yes
  • No
  • Look at comment
  • Who is where?
0 voters

Dear customers.

Please support this feature request.
Exactly in Russia Rostelecom now deployed APs this PEAP authentication and MT user not able to connect to such ISPs.
(особенно для тех, кто уже столкнулся с УЦН и невозможностью подключиться на родном оборудовании).

Last answer from support was

currently we do not support WAP-EAP PEAP as wireless station in RouterO
We will look if we could add this support in future, but it might not happen so fast as we haven’t received lot of request for such feature.

I believe that it needed feature, please leave comment (vote) if You need it too.

2

I completely agree, this is the most widespread method for authenticating with username/password and sometimes we can’t change (since we’re connecting to the network we have no control over).

I bought SXT Lite 2 and much to my surprise can’t use it since I need WPA2-EAP-PEAP-MSCHAPV2 support.

MikroTik, please add this feature which is present in most other OS (OpenWRT etc).

3

Good news:

we have added this feature in our to do list but currently is is not a higher priority feature.

So, awaiting…

4

I would like to see it as well, it certainly would make our WiFi network a lot easier to manage.
No idea how much work it would involve, I think the underlying software already supports it, it is mainly a configuration issue.
(adding some fields, setting parameters for the underlying software)

5

Hi. I see some great news at http://forum.mikrotik.com/t/v6-39rc-release-candidate-is-released/104800/339

Version 6.39rc68 has been released.

Changes since previous version:
(…)
*) wireless - added PEAP authentication support for wireless station mode;

I will test it in a week. :slight_smile:

Best regards: CsXen

6

I still have lost connection, 802.1x authentication timeout, do You have another (success) result?

7

Support wrote:

we were able to improve the compatibility with the PEAP and in one of the next RC versions it will be added - just check the changelog entry and then test that version.
After than please report back if it works ok.

So, just waiting a little bit again.

8

Hi. Is there any news about PEAP-MSCHAPv2 support?

9

No

10

I need to test it but it is a bit difficult as I don’t have a MikroTik as station myself.
So I need to get remote access to someone else’s device and be able to experiment without losing the connection.
Maybe later.

11

Do You from developers team?

12

what do you mean? I don’t understand your question.

13

please upgrade to v6.40rc2 and check again.

14

Are you a developer?

15

No of course not, I am a user. But at home I have a Ubiquiti AP. There it works.
Other people in our network have MikroTik and I need to debug via one of their APs.

16

At 6.40rc2 with Rostelecom’s AP still 802.1x authentication timeout

Supout at support mail. If needed real test in production network- just tell me.

17

I have tested in our HAMNET against a MikroTik AP configured with radius and it works OK with version 6.39 !

Client side config:

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-eap eap-methods=peap mode=\
    dynamic-keys mschapv2-password=XXXXXXX mschapv2-username=XXXXXXX \
    supplicant-identity=XXXXXXXX tls-mode=dont-verify-certificate

AP side config:

/interface wireless security-profiles
add authentication-types=wpa2-eap eap-methods=eap-tls,passthrough \
    management-protection-key=XXXXXX mode=dynamic-keys name=WPA2-EAP \
    radius-eap-accounting=yes supplicant-identity=MikroTik
18

How Radius processing certs in your case? Trying to install some certs to client side?

19

Connecting to UPC WI-Free, working, thank you mikrotik.

20

No we use MSCHAPv2. That was what we were waiting for, certs was already supported I think.