Tp-link EAP Controller on Nethserver


(EnzoC) #1

Hello everybody,
in my company adopt TP-link EAP access point (model: EAP225 - EAP110 - EAP120) for distribuite tagged network wifi (Principal, Guest, Admin, PLC, Voip).

a few simple steps to follow

wget https://static.tp-link.com/resources/software/EAP_Controller_v2.5.3_linux_x64.tar.gz
tar -zxvf EAP_Controller_v2.5.3_linux_x64.tar.gz
cd EAP_Controller_v2.5.3_linux_x64
./install.sh

[root@proxy EAP_Controller_v2.5.3_linux_x64]# ./install.sh 
EAP Controller will be installed in [/opt/tplink/EAPController] (y/n): y
========================
Installation start ...
Install succeeded!
========================
EAP Controller will start up with system boot. You can also control it by [/usr/bin/tpeap]. 
Starting EAP Controller .........................
Start successfully.
You can browse URL http://127.0.0.1:8088 for more.
========================
[root@proxy EAP_Controller_v2.5.3_linux_x64]# 

mkdir -p /etc/e-smith/db/configuration/defaults/tpeap
echo "service" > /etc/e-smith/db/configuration/defaults/tpeap/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/tpeap/status
config set tpeap service status enabled
signal-event runlevel-adjust

The server listen on https://0.0.0.0:8043.

I have try to proxy request via https server Letsencrypt certificate, like @mrmarkuz on Howto install guacamole, but without subfolder there are problem with redirect.


We Are NethServer - Community Overview - Sep 18
(Markus Neuberger) #2

I couldn’t make it work with reverse proxy so only way I see is to open port 8043 (changeable in /opt/tplink/EAPController/properties/jetty.properties) and import the Nethserver/Letsencrypt cert.

# open port 8043
config setprop tpeap TCPPort 8043
config setprop tpeap access green
signal-event firewall-adjust

# stop eap controller
tpeap stop

# backup eap keystore
cp /opt/tplink/EAPController/keystore/eap.keystore ~

# create pkcs12 out of crt and key
openssl pkcs12 -export -in /etc/pki/tls/certs/localhost.crt -inkey /etc/pki/tls/private/localhost.key -name eap -out mycert.p12

# import cert to keystore
keytool -importkeystore -deststorepass tplink -destkeystore /opt/tplink/EAPController/keystore/eap.keystore -srckeystore mycert.p12 -srcstoretype PKCS12

Enter tplink as password and confirm overwrite with yes:

Enter source keystore password: tplink
Existing entry alias eap exists, overwrite? [no]:  yes`

Start the EAP Controller, the new cert should be imported:

tpeap start

Source:

http://forum.tp-link.com/showthread.php?96192-Hacking-a-valid-cert-into-the-EAP-controller-software


(Ralf Jeckel) #3

I tried to install EAP-Controller and the howto works.
But it doesn’t find the EAPs. When I install the software on a
Windowsmachine, it finds the EAPs.
NS and EAP are in the same green network (192.168.0.0/24).
Also the Win-machine.
On the NS is also a red interface with shorewall.
Any hints which ports to open or something else??

TIA Ralf


(EnzoC) #4

My fault…Open this port on firewall
UDP 29810
TCP 29811
TCP 29812


(Ralf Jeckel) #5

Yes, man. No it works! :star_struck:
Thanks a lot! :+1:


(Ralf Jeckel) #6

maybe FYI:

@sharpec I found, that if you want to batch upgrade EAPs, you have to open port 27001 and 27002.


(Alessio Fattorini) #7

Good job Enzo!