Implement WPA Enterprise easy configuration

I’d like to propose easy configuration of WPA Enterprise as a $700000 goal. It shouldn’t be very hard to implement but it would be a unique feature of Omnia as I don’t know any other router which implements this out of box (RADIUS server and PKI on router).

Is there any real benefit in using WPA Enterprise instead of WPA PSK for one single router?

I’d rather see some kind of generated self-expiring PSKs for guests and per-MAC PSK support.

Well, there’s almost no point in MAC white or blacklists because it’s very easy to bypass.
WPA Enterprise should be pretty nice for home use with a bunch of yours devices because nobody could brute-force your PSK even if they want to hack into your network.

The problem with WPA Enterprise is that it is quite tricky to set it up securely on many devices (for instance Android). That exposes potential compromising of network password and/or traffic redirection by rogue access points. WPA PSK, on the other hand, provides mutual authentication of both client and the access point. A rougue access point cannot attract a client unless it knows the PSK.

I was not writing about MAC white or black lists but about per-MAC PSKs. That means you can have different PSK for each of your devices so even if some device is lost or stolen, you don’t have to reconfigure all other devices. This is already supported in hostapd/wpad, but there is no user interface to create such MAC-PSK list.

Forgot to mention, I’m talking about EAP-TLS, not EAP-MSCHAPv2 or other authentication methods.

I didn’t know about per-MAC PSK, that’s an interesting option indeed.

1 Like