Difference between revisions of "Network/802.1X client settings"
< Network
Jump to navigation
Jump to search
(Created page with "== Android == You can use our Android App to configure the correct WiFi settings on your Android device. Download it here: * From Google Playstore: [https://play.google.com/s...") |
|||
| Line 14: | Line 14: | ||
If that affects you, it may be easiest to use wpa_supplicant. | If that affects you, it may be easiest to use wpa_supplicant. | ||
| − | '''/etc/NetworkManager/system-connections/ | + | '''/etc/NetworkManager/system-connections/emfcamp''': |
Hint: chmod 600 this file to make the connection work. | Hint: chmod 600 this file to make the connection work. | ||
[connection] | [connection] | ||
| − | id= | + | id=emfcamp |
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad | uuid=c80101e2-7b99-4511-846b-2388eb86a5ad | ||
type=wifi | type=wifi | ||
| Line 30: | Line 30: | ||
mode=infrastructure | mode=infrastructure | ||
seen-bssids= | seen-bssids= | ||
| − | ssid= | + | ssid=emfcamp |
[wifi-security] | [wifi-security] | ||
| Line 43: | Line 43: | ||
ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem | ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem | ||
eap=ttls; | eap=ttls; | ||
| − | identity= | + | identity=emfcamp |
| − | password= | + | password=emfcamp |
phase2-altsubject-matches= | phase2-altsubject-matches= | ||
phase2-auth=pap | phase2-auth=pap | ||
| Line 59: | Line 59: | ||
You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours): | You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours): | ||
| − | name = EAP-TTLS | + | name = EAP-TTLS emfcamp |
author = Felicitus | author = Felicitus | ||
require identity *Identity password *password | require identity *Identity password *password | ||
| Line 65: | Line 65: | ||
ctrl_interface=/var/run/wpa_supplicant | ctrl_interface=/var/run/wpa_supplicant | ||
network={ | network={ | ||
| − | ssid=" | + | ssid="emfcamp" |
scan_ssid=$_SCAN | scan_ssid=$_SCAN | ||
identity="edward" | identity="edward" | ||
| Line 81: | Line 81: | ||
} | } | ||
| − | Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS | + | Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS emfcamp) and enter a random username/password. |
=== Jolla/connman === | === Jolla/connman === | ||
| − | /var/lib/connman/ | + | /var/lib/connman/emfcampwifi.config : |
| − | [ | + | [service_emfcamp] |
Type=wifi | Type=wifi | ||
| − | Name= | + | Name=emfcamp |
EAP=ttls | EAP=ttls | ||
Phase2=PAP | Phase2=PAP | ||
| Line 98: | Line 98: | ||
network={ | network={ | ||
| − | ssid=" | + | ssid="emfcamp" |
key_mgmt=WPA-EAP | key_mgmt=WPA-EAP | ||
eap=TTLS | eap=TTLS | ||
| Line 113: | Line 113: | ||
iface wlan0 inet dhcp | iface wlan0 inet dhcp | ||
| − | wpa-ssid | + | wpa-ssid emfcamp |
wpa-identity edward | wpa-identity edward | ||
wpa-password snowden | wpa-password snowden | ||
| Line 126: | Line 126: | ||
=== netctl === | === netctl === | ||
| − | Description=' | + | Description='emfcamp secure WPA2 802.1X config' |
Interface=wls1 | Interface=wls1 | ||
Connection=wireless | Connection=wireless | ||
Security=wpa-configsection | Security=wpa-configsection | ||
IP=dhcp | IP=dhcp | ||
| − | ESSID= | + | ESSID=emfcamp |
WPAConfigSection=( | WPAConfigSection=( | ||
| − | 'ssid=" | + | 'ssid="emfcamp"' |
'proto=RSN WPA' | 'proto=RSN WPA' | ||
'key_mgmt=WPA-EAP' | 'key_mgmt=WPA-EAP' | ||
| Line 149: | Line 149: | ||
TODO | TODO | ||
<!-- | <!-- | ||
| − | * [[https://eventinfra.org/ | + | * [[https://eventinfra.org/emfcamp/emfcamp.mobileconfig emfcamp]] (5GHz only) |
| − | * [[https://eventinfra.org/ | + | * [[https://eventinfra.org/emfcamp/emfcamp-legacy.mobileconfig emfcamp-legacy]] (2.4GHz only)!--> |
== Windows == | == Windows == | ||
| Line 156: | Line 156: | ||
<!-- | <!-- | ||
| − | * [[https://eventinfra.org/ | + | * [[https://eventinfra.org/emfcamp/emfcamp.xml emfcamp]] (5GHz only) |
| − | * [[https://eventinfra.org/ | + | * [[https://eventinfra.org/emfcamp/emfcamp-legacy.xml emfcamp-legacy)]] (2.4GHz only) |
!--> | !--> | ||
TODO | TODO | ||
| Line 163: | Line 163: | ||
To import and connect follow these steps: | To import and connect follow these steps: | ||
| − | # Open a command prompt and execute: netsh wlan add profile filename= | + | # Open a command prompt and execute: netsh wlan add profile filename=emfcamp.xml |
| − | # Connect to the | + | # Connect to the emfcamp or emfcamp-legacy network; use "emfcamp/emfcamp" as the username/password when prompted. |
Revision as of 21:30, 10 August 2018
Android
You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:
- From Google Playstore: [1] (TODO)
- APK download: TODO
Linux, etc.
Network Manager
You can use the following config file:
Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.
/etc/NetworkManager/system-connections/emfcamp:
Hint: chmod 600 this file to make the connection work.
[connection] id=emfcamp uuid=c80101e2-7b99-4511-846b-2388eb86a5ad type=wifi permissions= secondaries= [wifi] mac-address=42:23:42:23:42:23 <- !! Please change this !! mac-address-blacklist= mode=infrastructure seen-bssids= ssid=emfcamp [wifi-security] auth-alg=open group= key-mgmt=wpa-eap pairwise= proto= [802-1x] altsubject-matches=DNS:radius.emfcamp.org ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem eap=ttls; identity=emfcamp password=emfcamp phase2-altsubject-matches= phase2-auth=pap [ipv4] dns-search= method=auto [ipv6] dns-search= method=auto
WICD
You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):
name = EAP-TTLS emfcamp
author = Felicitus
require identity *Identity password *password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="emfcamp"
scan_ssid=$_SCAN
identity="edward"
password="snowden"
proto=WPA2
key_mgmt=WPA-EAP
group=CCMP
pairwise=CCMP
eap=TTLS
ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
altsubject_match="DNS:radius.emfcamp.org"
anonymous_identity="$_ANONYMOUS_IDENTITY"
phase2="auth=PAP"
#priority=2
}
Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS emfcamp) and enter a random username/password.
Jolla/connman
/var/lib/connman/emfcampwifi.config :
[service_emfcamp] Type=wifi Name=emfcamp EAP=ttls Phase2=PAP Identity=edward Passphrase=snowden
wpa_supplicant.conf
/etc/wpa_supplicant/wpa_supplicant.conf :
network={
ssid="emfcamp"
key_mgmt=WPA-EAP
eap=TTLS
identity="edward"
password="snowden"
# ca path on debian 7.x, modify accordingly
ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
altsubject_match="DNS:radius.emfcamp.org"
phase2="auth=PAP"
}
interfaces
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
iface wlan0 inet dhcp wpa-ssid emfcamp wpa-identity edward wpa-password snowden wpa-proto WPA2 wpa-key_mgmt WPA-EAP wpa-group CCMP wpa-pairwise CCMP wpa-eap TTLS wpa-phase2 "auth=PAP" wpa-ca_cert "/etc/ssl/certs/DST_Root_CA_X3.pem" wpa-altsubject_match DNS:radius.emfcamp.org
netctl
Description='emfcamp secure WPA2 802.1X config'
Interface=wls1
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=emfcamp
WPAConfigSection=(
'ssid="emfcamp"'
'proto=RSN WPA'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'identity="edward"'
'password="snowden"'
'ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"'
'altsubject_match="DNS:radius.emfcamp.org"'
'phase2="auth=PAP"'
)
Apple MacOS / iOS
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
TODO
Windows
Import one of these profiles for the correct WiFi-settings for Windows
TODO
To import and connect follow these steps:
- Open a command prompt and execute: netsh wlan add profile filename=emfcamp.xml
- Connect to the emfcamp or emfcamp-legacy network; use "emfcamp/emfcamp" as the username/password when prompted.