OpenWrt: generate External R0 and R1 Key Holder - online
Create OpenWRT 802.11r External Key Holder List: r0kh and r1kh
For a simpler setup, it is usually recommended to use the "Generate PMK locally" option, as this allows OpenWRT to generate the keys itself, at least for WPA2. Alternatively, the key lists can also be entered directly in the GUI or specified via the config file. To make it easy to sum the keys, I have built a form that can be used to generate the necessary settings.
The BSSIDs of all access points can simply be entered in the following form. Using "Recalculate", a mobility domain and a 128-bit key are randomly generated and the necessary settings for each of the WLAN networks are compiled.
BSSID of all APs:
The mobility domain and the 128-bit key used are generated at random and the settings for the individual WLAN interfaces are compiled. The output corresponds to the format of the config file /etc/config/wireless:
Configuration for AP with BSSID 11:22:33:44:55:00
option ieee80211r '1' option mobility domain '????' option pmk_r1_push '1' option nasid '112233445500' option r1_key_holder '112233445500' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...'
Configuration for AP with BSSID 11:22:33:44:55:01
option ieee80211r '1' option mobility domain '????' option pmk_r1_push '1' option nasid '112233445501' option r1_key_holder '112233445501' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...'
Configuration for AP with BSSID 22:33:44:55:66:00
option ieee80211r '1' option mobility domain '????' option pmk_r1_push '1' option nasid '223344556600' option r1_key_holder '223344556600' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...'
Configuration for AP with BSSID 22:33:44:55:66:01
option ieee80211r '1' option mobility domain '????' option pmk_r1_push '1' option nasid '223344556601' option r1_key_holder '223344556601' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r0kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...' list r1kh 'Please wait a moment, the loading process is not yet complete ...'
Example
The NAS ID and r1_key_holder are suggested according to the MAC address, the R0 and R1 key holder lists are the same for all APs:
Alternatively, the settings can also be made directly in the config file using SSH: /etc/config/wireless
Inspired by
https://github.com/walidmadkour/OpenWRT-UCI-helper-802.11r
Additional Settings and Information, see also: Uninterrupted WLAN: Roaming (Fast Transition). And take also a look at our Online-Helper which generates all necessary uci- commands for an easy and fast setup via the terminal:OpenWRT WLAN FT configuration - Generate online
{{percentage}} % positive