I had the reason to set up the wireless network in my office recently. Since this is an office network, I decided to put it on the right path, even if I was the only one using the wireless at the moment.

I started with setting up a public WEP network. This was for the use of guests to the office and is considered as part of the RED zone in my firewall settings. Then, I wanted to set up a GREEN wireless zone and felt that WPA-EAP was the best way to go for an enterprise class installation.

Since all my back-end infrastructure is Debian based, I decided to go with whatever was in the box – Freeradius and OpenLDAP. OpenLDAP was easy to setup as I have configured many LDAP servers in the past. It was fairly straight-forward. Then, came the Freeradius settings.

The default installation of Freeradius has actually got almost everything done. All I had to do was to configure the LDAP module and voila. It works! (with some minor caveats). With the default PEAP-MSCHAPv2 setup, all LDAP passwords must be stored in clear-text, which kind of sucked. So, I decided to go with TTLS-PAP instead, which allowed the passwords to be stored in any form, including the Salted-SHA1 encoding I had chosen for my LDAP.

ldap {
server = "localhost"
identity = ""
password =
basedn = ""
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
password_attribute = userPassword
set_auth_type = no
}

For the DD-WRT settings, I had to configure Freeradius to accept connections from a new client with a shared secret. Then, I configured DD-WRT with the shared secret to connect to the radius server. Done.

#replace with DD-WRT IP
client 10.X.X.X {
secret =
shortname =
}

I have been using it for several days and I have to say that it has been pretty decent so far. I have no complaints.