RTL8722DN Connecting to 802.1X Network (WPA2 Enterprise EAP-TLS)

Hi,
Is it possible to connect to wifi with wpa2 enterprise security?
I don’t find any example nor documents about this.
Regards

@harold-martin

WiFi EAP support is only enabled in the full SDK, which requires signing an NDA to access.

@wyy thanks for the answer, can you send me the NDA, or the link related to the NDA?

1 Like

@harold-martin

you can refer to this post for NDA information

1 Like

I would also be interested in this topic. Although I have almost successfully connected to my network. According to the Radius server log seemingly the module was able to connect. But the on the module side the output log shows the following.

————————————————
__eap_eapol_recvd_hdl(22,0)
94 C9 60 19 28 91 AC 84 C6 36 19 32 88 8E 02 00 00 04 03 09 00 04
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: ClientSendEAPOL[1624]: no use cache pmksa
RTL8721D[Driver]: sta recv deauth reason code(15) sta:ac:84:c6:36:19:32
wifi_indication():Disconnection indication received
————————————————

On Radius server side I get the following. This log is very similar to what I get when a windows machine is successfully connecting to my network.
————————————————
(9) eap_peap: Success
(9) eap: Sending EAP Success (code 3) ID 9 length 4
(9) eap: Freeing handler
(9) [eap] = ok
(9) } # authenticate = ok
(9) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(9) post-auth {
(9) update {
(9) No attributes updated
(9) } # update = noop
(9) [exec] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) → FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # post-auth = noop
(9) Login OK: [cflt/] (from client AP port 32 cli 94c960192891)
(9) Sent Access-Accept Id 2 from 192.168.0.126:1812 to 192.168.0.1:38542 length 0
(9) MS-MPPE-Recv-Key = 0xd74753270083f52d1fec8859cb1e57fb8b2b3262b9689464014ea9b0e996b46d
(9) MS-MPPE-Send-Key = 0xafda18dacf1663e67ddc22d07fad9800b5d196fa3ab0fbb42560277d09cefd5f
(9) EAP-Message = 0x03090004
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) User-Name = “cflt”
(9) Finished request
Waking up in 4.9 seconds.
(9) Cleaning up request packet ID 2 with timestamp +44
————————————————

If the connection depends on a special library to have, I would sign the NDA to get them.

I am also very interested in this. Does this same private SDK work for the RTL8720DN?

Yes, the NDA SDK applies to RTL 8720/8721/8722 DN/DM/DF

Has this changed at all? This post seems to suggest that WiFi EAP is now publicly available.

This has changed, the EAP feature and sample code has been added to the GitHub SDK.

1 Like

It’s really unfortunate that this important feature - which makes the BW16 applicable to many more use cases - was deliberately kept out of the public SDK for so long.

Personally, I gave up on the BW16 months ago because of this very issue. I even submitted a request to sign an NDA and access the private SDK, but I never heard anything back. While I’m glad to hear that EAP is finally public, I don’t quite get this whole public/private SDK thing :confused:

Hi,
I’m trying to connect to my AP (configured as WPA2/Enterprise) but having troubles.
My router logs shows the following errors:

[ERROR]WPAValidateRSNIE : invalid AKM !!!
APBuildAssociation : invalid status code(43) !!!

And the logs from BW16 module:

==================== tls_start ====================
RTL8721D[Driver]: set ssid [ASUS5G] 
RTL8721D[Driver]: rtw_restruct_sec_ie[4275]: no pmksa cached 
RTL8721D[Driver]: start auth to 50:eb:f8:18:88:44
RTL8721D[Driver]: auth alg = 0
RTL8721D[Driver]: 
OnAuthClient:algthm = 0, seq = 2, status = 0, sae_msg_len = 0
RTL8721D[Driver]: auth success, start assoc
RTL8721D[Driver]: assoc reject, status code: 43
dissconn reason code: 43
assoc stage, assoc reject (assoc rsp status > 0)
ERROR: connect to AP by tls failed
==================== tls_finish ====================

The module cannot connect to my router (model: ASUS RT-AX53U).
I do have fully configured WPA/WPA2 Enterprise network (with radius server and valid certificates)
which does work on my 3 computers. Now I’m trying to connect my IoT device (based on BW16) using the example code with modified fields (eap_ca_cert, eap_client_cert, eap_client_key) as suggested (https://github.com/ambiot/ambd_sdk/blob/dev/component/common/example/eap/example_eap.c) but so far without success.
I went through the steps described in the example many times to check it is all done. The code compiles without errors and runs on the device.
I’ve even tried to modify the SDK source as I noticed “suspicious” function usage:

connect_by_open_system(char *target_ssid)

where inside we have:

ret = wifi_connect(target_ssid,
RTW_SECURITY_OPEN,
NULL,
strlen(target_ssid),
0,
0,
NULL);
I have tried to change RTW_SECURITY_OPENRTW_SECURITY_WPA_WPA2_AES_ENTERPRISE
…but got another error saying this type is not supported.
I’m out of ideas what goes wrong.
Please help!

Do you have an example you could share @jrr? I’m trying to get started with the SDK as WPA2 enterprise isn’t in the arduino environment yet.
Thanks,
Josh