Network/802.1X client settings: Difference between revisions

From Electromagnetic Field
Jump to navigation Jump to search
(Created page with "== Android == You can use our Android App to configure the correct WiFi settings on your Android device. Download it here: * From Google Playstore: [https://play.google.com/s...")
 
m (simples wifi →‎Apple MacOS / iOS)
 
(5 intermediate revisions by one other user not shown)
Line 2: Line 2:
You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:
You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:


* From Google Playstore: [https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup] (TODO)
* From Google Playstore: [https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup]
* APK download: TODO
* APK download: [https://eventinfra.org/emfcamp/emfcamp2018.apk]


== Linux, etc. ==
== Linux, etc. ==
Line 14: Line 14:
If that affects you, it may be easiest to use wpa_supplicant.
If that affects you, it may be easiest to use wpa_supplicant.


'''/etc/NetworkManager/system-connections/emfcamp18''':
'''/etc/NetworkManager/system-connections/emfcamp''':


Hint: chmod 600 this file to make the connection work.
Hint: chmod 600 this file to make the connection work.


  [connection]
  [connection]
  id=emfcamp18
  id=emfcamp
  uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
  uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
  type=wifi
  type=wifi
Line 30: Line 30:
  mode=infrastructure
  mode=infrastructure
  seen-bssids=
  seen-bssids=
  ssid=emfcamp18
  ssid=emfcamp
   
   
  [wifi-security]
  [wifi-security]
Line 43: Line 43:
  ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem
  ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem
  eap=ttls;
  eap=ttls;
  identity=emfcamp18
  identity=emfcamp
  password=emfcamp18
  password=emfcamp
  phase2-altsubject-matches=
  phase2-altsubject-matches=
  phase2-auth=pap
  phase2-auth=pap
Line 59: Line 59:
You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours):
You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours):


   name = EAP-TTLS emfcamp18
   name = EAP-TTLS emfcamp
   author = Felicitus
   author = Felicitus
   require identity *Identity password *password
   require identity *Identity password *password
Line 65: Line 65:
   ctrl_interface=/var/run/wpa_supplicant
   ctrl_interface=/var/run/wpa_supplicant
   network={
   network={
   ssid="emfcamp18"
   ssid="emfcamp"
   scan_ssid=$_SCAN
   scan_ssid=$_SCAN
   identity="edward"
   identity="edward"
Line 81: Line 81:
   }
   }


Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS emfcamp18) and enter a random username/password.
Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS emfcamp) and enter a random username/password.


=== Jolla/connman ===
=== Jolla/connman ===
/var/lib/connman/emfcamp18wifi.config :
/var/lib/connman/emfcampwifi.config :


   [service_emfcamp18]
   [service_emfcamp]
   Type=wifi
   Type=wifi
   Name=emfcamp18
   Name=emfcamp
   EAP=ttls
   EAP=ttls
   Phase2=PAP
   Phase2=PAP
Line 98: Line 98:


   network={
   network={
   ssid="emfcamp18"
   ssid="emfcamp"
   key_mgmt=WPA-EAP
   key_mgmt=WPA-EAP
   eap=TTLS
   eap=TTLS
Line 113: Line 113:


   iface wlan0 inet dhcp
   iface wlan0 inet dhcp
   wpa-ssid emfcamp18
   wpa-ssid emfcamp
   wpa-identity edward
   wpa-identity edward
   wpa-password snowden
   wpa-password snowden
Line 126: Line 126:


=== netctl ===
=== netctl ===
  Description='emfcamp18 secure WPA2 802.1X config'
  Description='emfcamp secure WPA2 802.1X config'
  Interface=wls1
  Interface=wls1
  Connection=wireless
  Connection=wireless
  Security=wpa-configsection
  Security=wpa-configsection
  IP=dhcp
  IP=dhcp
  ESSID=emfcamp18
  ESSID=emfcamp
  WPAConfigSection=(
  WPAConfigSection=(
     'ssid="emfcamp18"'
     'ssid="emfcamp"'
     'proto=RSN WPA'
     'proto=RSN WPA'
     'key_mgmt=WPA-EAP'
     'key_mgmt=WPA-EAP'
Line 145: Line 145:


== Apple MacOS / iOS ==  
== Apple MacOS / iOS ==  
=== Simples ===
If you don't mind certificate issues, just join <code>emfcamp</code> with the username+password <code>emf</code>.
=== Profile ===
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:


TODO
* [[https://eventinfra.org/emfcamp/emfcamp.mobileconfig emfcamp]] (5GHz only)
<!--
* [[https://eventinfra.org/emfcamp/emfcamp-legacy18.mobileconfig emfcamp-legacy18]] (2.4GHz only)
* [[https://eventinfra.org/emfcamp18/emfcamp18.mobileconfig emfcamp18]] (5GHz only)
* [[https://eventinfra.org/emfcamp18/emfcamp18-legacy.mobileconfig emfcamp18-legacy]] (2.4GHz only)!-->


== Windows ==
== Windows ==
Import one of these profiles for the correct WiFi-settings for Windows
Import one of these profiles for the correct WiFi-settings for Windows


<!--
* [[https://eventinfra.org/emfcamp/emfcamp.xml emfcamp]] (5GHz only)
* [[https://eventinfra.org/emfcamp18/emfcamp18.xml emfcamp18]] (5GHz only)
* [[https://eventinfra.org/emfcamp/emfcamp-legacy18.xml emfcamp-legacy18)]] (2.4GHz only)
* [[https://eventinfra.org/emfcamp18/emfcamp18-legacy.xml emfcamp18-legacy)]] (2.4GHz only)
!-->
TODO


To import and connect follow these steps:
To import and connect follow these steps:


# Open a command prompt and execute: netsh wlan add profile filename=emfcamp18.xml
# Open a command prompt and execute: netsh wlan add profile filename=emfcamp.xml
# Connect to the emfcamp18 or emfcamp18-legacy network; use "emfcamp18/emfcamp18" as the username/password when prompted.
# Connect to the emfcamp or emfcamp-legacy18 network; use "emfcamp/emfcamp" as the username/password when prompted.

Latest revision as of 10:45, 31 August 2018

Android

You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:

  • From Google Playstore: [1]
  • APK download: [2]

Linux, etc.

Network Manager

You can use the following config file:

Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.

/etc/NetworkManager/system-connections/emfcamp:

Hint: chmod 600 this file to make the connection work. 

[connection]
id=emfcamp
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
type=wifi
permissions=
secondaries=

[wifi]
mac-address=42:23:42:23:42:23 <- !! Please change this !!
mac-address-blacklist=
mode=infrastructure
seen-bssids=
ssid=emfcamp

[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=DNS:radius.emfcamp.org
ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem
eap=ttls;
identity=emfcamp
password=emfcamp
phase2-altsubject-matches=
phase2-auth=pap

[ipv4]
dns-search=
method=auto

[ipv6]
dns-search=
method=auto

WICD

You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours): 

 name = EAP-TTLS emfcamp
 author = Felicitus
 require identity *Identity password *password
 -----
 ctrl_interface=/var/run/wpa_supplicant
 network={
  ssid="emfcamp"
  scan_ssid=$_SCAN
  identity="edward"
  password="snowden"
  proto=WPA2
  key_mgmt=WPA-EAP
  group=CCMP
  pairwise=CCMP
  eap=TTLS
  ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
  altsubject_match="DNS:radius.emfcamp.org"
  anonymous_identity="$_ANONYMOUS_IDENTITY"
  phase2="auth=PAP"
  #priority=2
 }

Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS emfcamp) and enter a random username/password.

Jolla/connman

/var/lib/connman/emfcampwifi.config : 

 [service_emfcamp]
 Type=wifi
 Name=emfcamp
 EAP=ttls
 Phase2=PAP
 Identity=edward
 Passphrase=snowden

wpa_supplicant.conf

/etc/wpa_supplicant/wpa_supplicant.conf : 

 network={
 	ssid="emfcamp"
 	key_mgmt=WPA-EAP
 	eap=TTLS
 	identity="edward"
 	password="snowden"
 	# ca path on debian 7.x, modify accordingly
 	ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
 	altsubject_match="DNS:radius.emfcamp.org"
 	phase2="auth=PAP"
 }

interfaces

As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces: 

 iface wlan0 inet dhcp
 	wpa-ssid emfcamp
 	wpa-identity edward
 	wpa-password snowden
 	wpa-proto WPA2
 	wpa-key_mgmt WPA-EAP
 	wpa-group CCMP
 	wpa-pairwise CCMP
 	wpa-eap TTLS
 	wpa-phase2 "auth=PAP"
 	wpa-ca_cert "/etc/ssl/certs/DST_Root_CA_X3.pem"
 	wpa-altsubject_match DNS:radius.emfcamp.org

netctl

Description='emfcamp secure WPA2 802.1X config'
Interface=wls1
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=emfcamp
WPAConfigSection=(
    'ssid="emfcamp"'
    'proto=RSN WPA'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'identity="edward"'
    'password="snowden"'
    'ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"'
    'altsubject_match="DNS:radius.emfcamp.org"'
    'phase2="auth=PAP"'
)

Apple MacOS / iOS

Simples

If you don't mind certificate issues, just join emfcamp with the username+password emf.

Profile

You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:

Windows

Import one of these profiles for the correct WiFi-settings for Windows

To import and connect follow these steps:

  1. Open a command prompt and execute: netsh wlan add profile filename=emfcamp.xml
  2. Connect to the emfcamp or emfcamp-legacy18 network; use "emfcamp/emfcamp" as the username/password when prompted.
Retrieved from ‘https://wiki.emfcamp.org/2018/w/index.php?title=Network/802.1X_client_settings&oldid=4084