FreeRadius is a free open source Radius server. It supports all common authentication protocols and comes pre-intergarated to all the latest versions of DD-WRT. FreeRadius on Linksys WRT1900ACS v2 with DD-WRT is quite straight forward to setup.

Deploying FreeRadius on Linksys WRT1900ACS v2 with DD-WRT

There are two different things we need to configure. One is the Radius server itself and then the WLAN interface which will connect through Radius.

FreeRadius Setup

Before proceeding make sure you have jffs enabled as per this post

Navigate to Services–>FreeRadius

FreeRadius
FreeRadius: Enable

Server Certificate
Country Code: country code (i.e CA, US, GB etc)
State or Province province
Locality: “none”
Organisation / Company: name
Email Address: email
Common Certificate Name: provide a name for the certificate
Expires (Days): 7300
Passphrase: Use a long strong passphrase (i.e jHy6oUlql0rT7GQHn7)

Click Gen Cert.

Note: Generating the certificate consumes a lot of CPU and takes quite a few minutes. There might be a case that DD-WRT GUI is completely unresponsive during this time. In that case you have to connect to your router with ssh and watch the openssl process when it’s finished.

Establish an SSH connection to your router and monitor the process

root@DD-WRT:~# ps |grep openssl
30623 30621 root     R     2972  0.5   1 49.9 openssl dhparam -out dh -2 -rand /dev/urandom 2048
root@DD-WRT:~#

After it’s finished you should have access to the GUI again.You can then continue with the rest of the configuration.

Settings
RadiusPort: 1812

Clients
IP/NET: 192.168.1.1 (this is your routers IP)
Shared Key: This is the same as the Passphrase you used above (i.e jHy6oUlql0rT7GQHn7)

Click Add

Click Apply Changes

Users
Username: Username that will be used for connection
Password: Password for the user

Check Enabled checkbox and click Add

Repeat the same procedure for all the users you want to create

Wireless Setup

Assuming that you have followed this post by now you should have 4 WLAN interfaces. We will create a new bridged WLAN interface just for the radius.

Navigate to Wireless–>Basic Settings

Click Add virtual interface under either ath0 or ath1 (depending on the band you want to use). Here we will use a 5G interface.

Virtual Interfaces ath0.2 (ath0, ath1, ath0.1 and ath1.1 already exists cause we created them in previous post)
Wireless Mode: AP
Wireless Network Name (SSID): DD-WRT-5G-RADIUS (name it at your own wish)
Wireless SSID Broadcast: Enable

Check ‘Advanced Settings’
Network Configuration: Bridged

Click Apply Changes.

Wireless Security

Configure your wireless security for the newly crated SSiD.

Note: You should use AES for maximum wireless speeds.

Navigate to Wireless–>Wireless Security

Wireless Security ath0.2
Security Mode: WPA2 Enterprice
WPA Algorithms: AES
Radius Auth Server Address: 192.168.1.1 (this is your routers IP)
Radius Auth Server Port: 1812
Radius Auth Shared Secret:This is the same as the Passphrase you used above (i.e jHy6oUlql0rT7GQHn7)

Click Apply Changes.

Create separate Subnet for Radius SSID

Networking Setup

Navigate to Setup–>Networking

We need to create a new bridge for the newly created Wireless interface. You will already have the default br0 and STP (Spanning Tree Protocol) is off. Also br1, br2, br3 and br4 already exists cause we created them in previous post)

Bridging
Click Add to add a new bridge and name it br5.
Turn off STP.

Click Apply Changes.

Assign to Bridge
Click Add, choose br5 and select ath0.2 wireless interface form the drop-down.

Click Apply Changes.

Port Setup
Under “Network Configuration br5” enter the following.

Label: 5G-RADIUS (Choose anything you like here)
IP Address: 192.168.6.1 (gateway for new subnet)
Subnet Mask: 255.255.255.0

Click Apply Settings.

DHCPD
1. Click Add, choose “br5–5G–RADIUS” and set the start range at 128 (depends on how many clients you want to serve).

Click Apply Settings.

Note: You should now have wireless and internet connectivity from the new SSID and receive an IP address in the 192.168.6.128/28 range.

Client Connection

Not all devices support Radius connectivity. For the ones they do you can use the user and password you created above to connect to the WLAN interface of Radius.