LEDE/OpenWRT — Setting Up WPA Enterprise

Mar 16, 2016 · 2 min read

With WPA Enterprise, you have the ability to have your users authenticate against a RADIUS server to gain access to the WiFi, adding increased security to your network.

SSH to your LEDE/OpenWRT device

If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your LEDE/OpenWRT box into the Host Name field.

Once you’ve done this just click on Open to start up the SSH connection.


If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where is your LEDE/OpenWRT device’s IP address.

ssh root@


This guide covers the steps needed to set up WPA Enterprise on your LEDE/OpenWRT, but the overall setup requires some other steps to be completed:

Package Installation

Enterprise WPA is not supported by the wpad-mini package, which comes with LEDE/OpenWRT as default. So first we need to remove this package.

Run the following two commands:

opkg updateopkg remove wpad-mini

Once wpad-mini is removed, we can install a new package that supports Enterprise WPA. In this example we are going to use the full wpad.

Run the following command to install this:

opkg install wpad

Creating The Interface

Next we need to edit our wireless config file to enable WPA Enterprise authentication.

Run the following command to edit the file:

vi /etc/config/wireless

Now we are going to create a new interface with the following details:

config 'wifi-iface'
option device 'radio1'
option mode 'ap'
option ssid 'EnterpriseWiFi'
option network 'lan'
option encryption 'wpa2'
option server ''
option port '1812'
option key 'ClientPassword'

Where option server and option port are the details of an external RADIUS we had set up, and option key is the password we have configured for our LEDE/OpenWRT device on it.

After making these changes, you will need to either restart the process or reboot your box.

To restart the process, run the following command:

/etc/init.d/network restart

(Optional) Using the web GUI

You can also make changes to the encryption type through the LuCI interface by navigating through Network > WiFi.

If you found this post helpful please let us know by clicking the ♥ below.

This blog was brought to you by Cucumber Wi-Fi. Cucumber helps you run a more efficient Wi-Fi network. Check it out here.

Cucumber Wi-Fi — control any (Wi-Fi) device from the cloud.

LEDE/OpenWrt & IoT

Tutorials based on LEDE/OpenWrt from CT WiFi

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store