Skip to main contentSkip to search
Skip to main content

OpenWrt - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on OpenWrt-based routers and access points to enable automatic WiFi authentication through IronWiFi's cloud RADIUS service. This open-source solution provides WPA2/WPA3-Enterprise security without manual network selection or splash pages.

Overview

OpenWrt is an open-source Linux-based firmware for embedded devices, commonly used on wireless routers and access points. Passpoint support requires hostapd compiled with Hotspot 2.0 support.

Prerequisites

In OpenWrt:

  • OpenWrt 21.02 or later (recommended)
  • Access point with 802.11u/Hotspot 2.0 capable wireless chipset
  • hostapd with HS2.0 support (
    wpad-openssl
    or 
    wpad-wolfssl
    )

In IronWiFi Console (complete these first):

  1. Log in to IronWiFi Management Console
  2. Navigate to Networks > select your network
  3. Enable Passpoint
  4. Note the following:
    • RADIUS Server IPs (primary and secondary)
    • RADIUS Secret
    • NAI Realm (e.g., 
      ironwifi.com
      )
    • Roaming Consortium OIs

Package Requirements

Install Required Packages

First, ensure you have the correct hostapd variant:

Verify Hotspot 2.0 Support

UCI Configuration

Step 1: Configure RADIUS Server

Step 2: Configure WPA2-Enterprise

Step 3: Enable 802.11u (Interworking)

Step 4: Enable Hotspot 2.0

Step 5: Configure Domain Name

Step 6: Configure Roaming Consortium

Step 7: Configure NAI Realm

Step 8: Apply Configuration

Direct hostapd Configuration

For advanced configuration, edit 

/etc/hostapd.conf
directly:

Advanced Configuration

3GPP Cellular Information

For carrier WiFi offload:

Or via UCI:

Operating Class

Define supported frequency bands:

Proxy ARP

Enable proxy ARP for better isolation:

OpenRoaming Configuration

Full OpenRoaming Setup

Verification

Check Hostapd Status

View ANQP Information

Check Connected Clients

Test RADIUS Connectivity

Troubleshooting

Passpoint Network Not Visible

  1. Verify HS2.0 is enabled

  2. Check hostapd supports HS2.0

  3. Verify wireless driver supports 802.11u

Authentication Failures

  1. Check RADIUS connectivity

  2. Review hostapd logs

  3. Verify NAI realm format

    • Ensure encoding is correct (0 for UTF-8)
    • Check EAP method matches server config

Common Errors

ErrorSolution
"HS2.0 not supported"Install wpad-openssl package
"RADIUS timeout"Check network connectivity and firewall
"Invalid NAI realm"Verify realm format and encoding
"GAS query failed"Check 802.11u configuration

Debug Mode

Enable debug logging:

Best Practices

  1. Use wpad-openssl: Required for full HS2.0 support
  2. Keep firmware updated: Latest OpenWrt for best compatibility
  3. Test with multiple devices: Verify Passpoint works across platforms
  4. Monitor logs: Watch for authentication issues
  5. Backup configuration: Save working config before changes
  6. Use PMF: Enable 802.11w for better security

Same vendor

Standards & reference

Was this page helpful?