An experience with TinyPEAP

Discussion in 'TinyPEAP Firmware' started by Birds, Jan 21, 2005.

  1. Birds

    Birds Network Guru Member

    First off, a thumbs up to the folks at TinyPEAP for their work and effort on this project.

    I installed this last night and was working with it a bit. Interesting. So here's a look at TinyPEAP from an average Joe's experience.

    802.11g Equipment:
    WMP54G v2
    Dell TrueMobile 1300

    PCs: Win2K Pro and XP Pro

    The installation of TinyPEAP installs Sveasoft's Satori firmware on your WRT54G or WRT54GS router. As TinyPEAP stands now, it is basically a snapshot of a firmware with a PEAP router coded into it. It is not stand alone PEAP server code that you load into, and add onto, existing firmware. It can be removed from the router by doing a factory reset and then doing an upgrade to new firmware, pointing the router to the directory where the firmware you desire is located.

    The creation of user accounts on TinyPEAP was not difficult. You enter a username and then a password and click "Create" , but... I did find that certain symbols will not work in the passphrase. These symbols are: ( ) # & : ; ' " |(which is the "pipe to" character above \) and `(below the tilde). Using these symbols in a passphrase caused the router to either freeze requiring a reboot, or it did not create the user account. # would cause a freeze, while ( wouldn't create the account. So avoid these and you should be fine.

    The other thing I noticed is that I could not enter a 63 character passphrase into the router as the key for WPA. It took 60 characters.

    Oh and in the instructions when they say to enter 'password' under Wireless --> Security, they really do mean to make the password, 'password'. TinyPEAP won't work if you use something else.

    TinyPEAP and the PCs did work with both WPA TKIP and AES. However not all my hardware listed above was stable while working with PEAP authentication.

    The Dell laptop with the TrueMobile 1300 miniPCI card connected and authenticated perfectly using Funk Software's Odyssey client. The connection was solid and showed that it was authenticating using EAP/PEAP and was using WPA AES-CCMP. I did have to enable the Wireless Zero Configuration service on Win XP to get the 802.1X configuration tab to appear with the network card. However I told Windows not to do the wireless management of the card automatically.

    The Linksys WMP54G v2 in my desktop also uses Funk Sofware's supplicant. This card re-authenticated every 5-6 seconds (loosing the connection every six second), and periodically completely lost the authentication and sat there saying, "Waiting to Authenticate". The router was located 3 feet from this card. Changing the settings on the card did not make a difference. This card is using the latest Linksys drivers. Changing from AES to TKIP did not make a difference. This was a disappointment.

    I don't know if the issue with the WMP54G v2 is an issue with how this card functions (or can't function) with PEAP, or the combination of the how the card and the router are trying to do PEAP.

    TinyPEAP came off the router, and I went back to my old firmware and the old configuration of WPA-PSK AES-CCMP with a randomly generated 63 character passphrase.

    The concept of TinyPEAP is nice and I hope they keep working on it. I would be happy to purchase a second WRT54G(GS) and hardwire it into a wireless access point if getting rid of coding for the firewall, QOS, wireless transmitting, etc. allowed for a more robust implimentation of TinyPEAP on these routers.
  2. FDM80

    FDM80 Network Guru Member

    I also used to have a WMP54Gv2. If you have a box laying around, you'll notice the front of the box says that it is "draft 802.11g" hence it is a card created before the final "g" standard and isn't totally compliant. You might have better sucess with a WMP54Gv4 which is based off the final standard. I had a machine that was always "waiting to authenticate" with a v2. I solved the problem by putting in a v4.
  3. Birds

    Birds Network Guru Member

    Thanks FDM80.
  4. Birds

    Birds Network Guru Member

    I solved the six second reauthentication with the WMP54G version 2 card and TinyPEAP. It was not the fault of the hardware, but was a user configuration error.

    I had mentioned that we are running the Odyssey Client supplicant on our machines. This supplicant can handle all WPA and 802.1x authentication without any help from Windows. What that really means didn't sink in as I was reading the instructions for TinyPEAP.

    So the answer was to turn off the Windows based 802.1x wireless services so the "Authentication" tab does not appear under Properties --> Configuration for the network card.

    On the Win2000 Pro machine this service is called "Wireless Configuration". I disabled it.

    On Windows XP this is called "Wireless Zero Configuration". I disabled it.

    Now both machines connect to TinyPEAP using WPA AES-CCMP as the encryption method.

    While TinyPEAP still needs some development, it does work.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice