diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-11-03 17:20:10 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-11-03 17:20:10 +0100 |
| commit | 28d9061ea913741980972b31c59d819b11bd5c8e (patch) | |
| tree | f30e7e2b6bb71c0cb50cba55d529e1c952c44d9f /data/templates/wifi/hostapd.conf.tmpl | |
| parent | f8a4314503072af90d8a4ab443898be7c73f3895 (diff) | |
| download | vyos-1x-28d9061ea913741980972b31c59d819b11bd5c8e.tar.gz vyos-1x-28d9061ea913741980972b31c59d819b11bd5c8e.zip | |
wireless: T3034: add WPA3 support
Diffstat (limited to 'data/templates/wifi/hostapd.conf.tmpl')
| -rw-r--r-- | data/templates/wifi/hostapd.conf.tmpl | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 409c9d3bc..95837da95 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -538,7 +538,7 @@ wep_key{{ loop.index -1 }}={{ security.wep.key }} {% if security.wpa.mode is defined %} {% if security.wpa.mode == 'wpa+wpa2' %} wpa=3 -{% elif security.wpa.mode == 'wpa2' %} +{% elif security.wpa.mode == 'wpa2' or security.wpa.mode == 'wpa3' %} wpa=2 {% elif security.wpa.mode == 'wpa' %} wpa=1 @@ -598,7 +598,15 @@ wpa_passphrase={{ security.wpa.passphrase }} # added to enable SHA256-based stronger algorithms. # WPA-PSK = WPA-Personal / WPA2-Personal # WPA-PSK-SHA256 = WPA2-Personal using SHA256 -wpa_key_mgmt=WPA-PSK +# WPA-EAP = WPA-Enterprise / WPA2-Enterprise +# WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 +# SAE = SAE (WPA3-Personal) +# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %} +wpa_key_mgmt=SAE +{% else %} +wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 +{% endif %} {% elif security.wpa.radius is defined %} ##### IEEE 802.1X-2004 related configuration ################################## @@ -608,9 +616,17 @@ ieee8021x=1 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. +# WPA-PSK = WPA-Personal / WPA2-Personal +# WPA-PSK-SHA256 = WPA2-Personal using SHA256 # WPA-EAP = WPA-Enterprise / WPA2-Enterprise # WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 -wpa_key_mgmt=WPA-EAP +# SAE = SAE (WPA3-Personal) +# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %} +wpa_key_mgmt=WPA-EAP-SUITE-B-192 +{% else %} +wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256 +{% endif %} {% if security.wpa.radius.server is defined %} # RADIUS client forced local IP address for the access point |