GL.iNet GL-MT300N-V2, also known as Mango, is a tiny travel router featuring VPN. I've figured out how to configure it as a repeater connecting WPA2 Personal devices to WPA2 Enterprise Wi-Fi. It means you can connect your gadgets to eduroam network even if only Personal (PSK) is supported on the devices. (Note that you can do the same using the AP feature on your smartphone.)
The information here is provided "AS IS" and there's no warranty at all. If you try the same, please do it at your own risk.
It is assumed that you are famililar with UNIX and have ever used vi editor. If you haven't touched any, please STOP here and gives up.
You'll have to give up the GL.iNet easy menu, and use LuCI GUI + CLI instead. An Ethernet cable with RJ45 is needed because the Wi-Fi becomes temporarily unavailable during the configuration.
Mango is a cheap device and supports only 2.4GHz band.
Preparing for reverting the system
You probably need to know how to revert the box to the factory default. Please refer to the user manual. For a shortcut, press the reset button for more than 10 sec and reboot.
TIPS: If you want to take back the GL.iNet user interface after the factory reset but the browser is forced to use LuCI, accessing http://192.168.8.1/index or clearing the browser's cache would solve the problem.
Burning the latest OpenWrt firmware
Mango is based on OpenWrt. I tried the current official firmware relase openwrt-mt300n-v2-3.102.bin but could not see how to configure it for WPA2 Enterprise. The official firmware can be found at:
You can find newer OpenWrt firmware for Mango (GL-MT300N-V2) here:
I grabbed the version 19.07.4 (openwrt-19.07.4-ramips-mt76x8-gl-mt300n-v2-squashfs-sysupgrade.bin) and burnt it in the box. The firmware can be installed easily by dropping the firmware file in the system update menu of Mango.
It's strongly recommended "NOT" to keep the configuration.
It seems the firmware from the OpenWrt site uses IP address 192.168.1.1 instead of the Mango's default 192.168.8.1.
The first step is to configure Mango so that it acts as a repeater as usual. The LuCI of the current version doesn't have WPA2 Enterprise option in the Network>Wireless menu. So, the device should be configured using a WPA2 Personal network with a Pre-Shared Key (PSK). You can use any dummy network, e.g. home Wi-Fi. The connection is simple; click "Scan" and type in the PSK in the Network>Wireless menu.
The downlink Wi-Fi on the LAN side also needs to be configured. This can be easily done by clicking "Add" in the radio0 line and choose "Access Point" mode. (You may skip this part if you want to connect your device by Ethernet cable instead of Wi-Fi.)
The firmware is using wpad-basic, a simplified version of wpad. This needs to be replaced with the wpad package that supports WPA2 Enterprise. In the package menu, opkg list needs to be updated first. Then, wpad package can be easily installed after wpad-basic has been removed.
WPA2 Enterprise configuration for WWAN interface
The CLI can be accessed by using an SSH client. For example,
# ssh-keygen -R 192.168.1.1 (if another known key is already installed)
# ssh email@example.com
Typing in "ifconfig" will show two IP addresses; one for the LAN on Mango, another obtained from the upper network by DHCP.
WWAN interface can be disabled in the Network>Interfaces menu of LuCI.
At the bottom of the configuration file /etc/config/wireless , two wireless interface configurations exist. The first one is for the LAN, and the next one is for the WAN which is currently configured as WPA2 Personal mode. The WAN configuration needs to be modified. For example, the LAN and WAN configurations would look like:
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option wpa_disable_eapol_key_retries '1'
option key '<PSK>'
option encryption 'psk2+ccmp'
option network 'lan'
config wifi-iface 'wifinet2' option ssid 'eduroam'
option device 'radio0'
option mode 'sta'
option network 'wwan'
option encryption 'wpa2'
option eap_type 'peap'
option auth 'EAP-MSCHAPV2'
option identity '<userID@realm>'
option anonymous_identity '<anonymous@realm>'
option password '<password>'
Of course, the <PSK> is the PSK already configured. The fields in < > need to be fixed accordingly. This example assumes using PEAP and won't work for EAP-TLS or EAP-TTLS.
In this example, the server authentication is omitted. It should be configured afterwards in order to keep enough security.
See also: OpenWrt Project: Wi-Fi /etc/config/wireless
Mango will be connected to the WPA2 Enterprise network sometime after restarting the WWAN in the Network>Wireless menu.
It is recommended to reboot Mango to see if the configuration is persistent.
Simply feed 5V via USB and you are connected.
My test shows >20Mbps using an eduroam network fast enough.
I haven't tried it yet but GL.iNet GL-AR750 (Creta) and some other models support 5GHz band as well and would work.