2 files changed, 61 insertions, 15 deletions

diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index b25205590..3b270a064 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -633,14 +633,24 @@ ieee8021x=1
 # WPA-EAP-SHA256 = WPA2-Enterprise using SHA256
 wpa_key_mgmt=WPA-EAP
 
+{% if sec_wpa_radius_source -%}
+# RADIUS client forced local IP address for the access point
+# Normally the local IP address is determined automatically based on configured
+# IP addresses, but this field can be used to force a specific address to be
+# used, e.g., when the device has multiple IP addresses.
+radius_client_addr={{ sec_wpa_radius_source }}
+{% endif %}
+
 {% for radius in sec_wpa_radius -%}
+# RADIUS authentication server
 auth_server_addr={{ radius.server }}
 auth_server_port={{ radius.port }}
-auth_server_shared_secret={{ radius.secret }}
-{% if radius.accounting -%}
+auth_server_shared_secret={{ radius.key }}
+{% if radius.acc_port -%}
+# RADIUS accounting server
 acct_server_addr={{ radius.server }}
 acct_server_port={{ radius.acc_port }}
-acct_server_shared_secret={{ radius.secret }}
+acct_server_shared_secret={{ radius.key }}
 {% endif %}
 {% endfor %}
 
@@ -1156,29 +1166,32 @@ def get_config():
     if conf.exists('security wpa passphrase'):
         wifi['sec_wpa_passphrase'] = conf.return_value('security wpa passphrase')
 
-    # WPA radius server goes here
-    for server in conf.list_nodes('security wpa radius-server'):
-        # set new configuration level
-        conf.set_level(cfg_base + ' security wpa radius-server ' + server)
+    # WPA RADIUS source address
+    if conf.exists('security wpa radius source-address'):
+        wifi['sec_wpa_radius_source'] = conf.return_value('security wpa radius source-address')
 
+    # WPA RADIUS server
+    for server in conf.list_nodes('security wpa radius server'):
+        # set new configuration level
+        conf.set_level(cfg_base + ' security wpa radius server ' + server)
         radius = {
             'server' : server,
             'acc_port' : '',
             'port' : 1812,
-            'secret' : ''
+            'key' : ''
         }
 
-        # receive RADIUS accounting info
-        if conf.exists('accounting'):
-            radius['acc_port'] = conf.return_value('accounting')
-
         # RADIUS server port
         if conf.exists('port'):
-            radius['port'] = conf.return_value('port')
+            radius['port'] = int(conf.return_value('port'))
+
+        # receive RADIUS accounting info
+        if conf.exists('accounting'):
+            radius['acc_port'] = radius['port'] + 1
 
         # RADIUS server shared-secret
-        if conf.exists('secret'):
-            radius['secret'] = conf.return_value('secret')
+        if conf.exists('key'):
+            radius['key'] = conf.return_value('key')
 
         # append RADIUS server to list of servers
         wifi['sec_wpa_radius'].append(radius)
diff --git a/src/migration-scripts/interfaces/3-to-4 b/src/migration-scripts/interfaces/3-to-4
index 8b9bf7f96..e3bd25a68 100755
--- a/src/migration-scripts/interfaces/3-to-4
+++ b/src/migration-scripts/interfaces/3-to-4
@@ -53,9 +53,42 @@ else:
                     # not supported in the new backend. Convert all to lower-case
                     config.set(base + [wifi, node.lower()])
 
+        # Remove debug node
         if config.exists(base + [wifi, 'debug']):
             config.delete(base + [wifi, 'debug'])
 
+        # RADIUS servers
+        if config.exists(base + [wifi, 'security', 'wpa', 'radius-server']):
+            for server in config.list_nodes(base + [wifi, 'security', 'wpa', 'radius-server']):
+                base_server = base + [wifi, 'security', 'wpa', 'radius-server', server]
+
+                # Migrate RADIUS shared secret
+                if config.exists(base_server + ['secret']):
+                    key = config.return_value(base_server + ['secret'])
+                    # write new configuration node
+                    config.set(base + [wifi, 'security', 'wpa', 'radius', 'server', server, 'key'], value=key)
+                    # format as tag node
+                    config.set_tag(base + [wifi, 'security', 'wpa', 'radius', 'server'])
+
+                # Migrate RADIUS port
+                if config.exists(base_server + ['port']):
+                    port = config.return_value(base_server + ['port'])
+                    # write new configuration node
+                    config.set(base + [wifi, 'security', 'wpa', 'radius', 'server', server, 'port'], value=port)
+                    # format as tag node
+                    config.set_tag(base + [wifi, 'security', 'wpa', 'radius', 'server'])
+
+                # Migrate RADIUS accounting
+                if config.exists(base_server + ['accounting']):
+                    port = config.return_value(base_server + ['accounting'])
+                    # write new configuration node
+                    config.set(base + [wifi, 'security', 'wpa', 'radius', 'server', server, 'accounting'])
+                    # format as tag node
+                    config.set_tag(base + [wifi, 'security', 'wpa', 'radius', 'server'])
+
+            # delete old radius-server nodes
+            config.delete(base + [wifi, 'security', 'wpa', 'radius-server'])
+
     try:
         with open(file_name, 'w') as f:
             f.write(config.to_string())