Skip to main content

WPA2 Enterprise Wireless Security with Synology RADIUS Server and DD-WRT

As the growth of wireless devices is increasing and BYOD trend continues to grow in popularity, a large amount of critical information is transferred over a wireless network. Yet the majority of companies is still using WPA2 Personal security mode. WPA2 Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication.

WPA2 Enterprise offers a lot of benefits, some of which include:

  1. Prevents traffic snooping
  2. Enables enhanced security methods
  3. eliminates the security risk of shared password

While connection using WPA2 Personal is encrypted, everyone connected to the wireless network uses the same password. Thus system administrator can’t monitor who is connected to the network and more importantly, the connection between an access point and each user is encrypted using the same key. So if one user gets compromised and the password gets stolen, intruder is able to snoop all traffic across the wireless network.

Another benefit of using WPA2 Enterprise with RADIUS is that each user can connect with his login credentials on multiple locations. Eduroam is a good example of such network.

RADIUS diagram
RADIUS diagram

Setting up WPA2 Enterprise WiFi on DD-WRT is quite simple. For my setup I used Synology DS716+ and TP-LINK TL-WR1043ND with DD-WRT installed on it.

To set everything up, you need to install RADIUS Server Package on Synology. Then open RADIUS Server and head to Clients tab to add them. Clients are actually wireless access points, not end devices.

RADIUS Server on Synology
RADIUS Server on Synology

That is all you need to do for basic configuration on your Synology. Now you need to access dd-wrt router and go to Wireless -> Wireless Security. For security mode choose WPA2 Enterprise and AES Algorithm. Then enter the IP of your Synology running RADIUS Server and port which is default 1812 if you didn’t change it. And lastly Auth Shared Secret.

DD-WRT
DD-WRT

If you configured everything correctly, you should be able to connect to your Wireless network using credentials from your Synology DiskStation. You can add new users in Synology control panel.

Synology users
Synology users