GPN22:NOC/Wireless: Unterschied zwischen den Versionen
aus dem Wiki des Entropia e.V., CCC Karlsruhe
(Typo) |
(fix networkmanager config) |
||
| (Eine dazwischenliegende Version von einem anderen Benutzer wird nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
for general infos see [[GPN22:NOC]] | |||
== Configuration examples == | |||
=== wpa_supplicant.conf === | === wpa_supplicant.conf === | ||
network={ | network={ | ||
| Zeile 66: | Zeile 7: | ||
key_mgmt=WPA-EAP | key_mgmt=WPA-EAP | ||
eap=TTLS | eap=TTLS | ||
identity=" | identity="gpn" | ||
password=" | password="gpn" | ||
# ca path on debian 11.x, modify accordingly | # ca path on debian 11.x, modify accordingly | ||
ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" | ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" | ||
| Zeile 75: | Zeile 16: | ||
=== iwd === | === iwd === | ||
Create a file under <code>/var/lib/iwd/GPN.8021x</code> with the following: | Create a file under <code>/var/lib/iwd/GPN.8021x</code> with the following: | ||
[Security] | [Security] | ||
EAP-Method=TTLS | |||
EAP-Identity=open@identity.com | |||
#EAP-TTLS-CACert=/certs/ca-cert.pem | |||
EAP-TTLS-Phase2-Method=Tunneled-PAP | |||
EAP-TTLS-Phase2-Identity=gpn | |||
EAP-TTLS-Phase2-Password=gpn | |||
#EAP-TTLS-ServerDomainMask=*.domain.com | |||
[Settings] | [Settings] | ||
AutoConnect=true | |||
=== netctl === | === netctl === | ||
| Zeile 101: | Zeile 42: | ||
'key_mgmt=WPA-EAP' | 'key_mgmt=WPA-EAP' | ||
'eap=TTLS' | 'eap=TTLS' | ||
'identity=" | 'identity="gpn"' | ||
'password=" | 'password="gpn"' | ||
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' | 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' | ||
'altsubject_match="DNS:radius.noc.gulas.ch"' | 'altsubject_match="DNS:radius.noc.gulas.ch"' | ||
| Zeile 128: | Zeile 69: | ||
ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem | ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem | ||
domain-suffix-match=radius.noc.gulas.ch | domain-suffix-match=radius.noc.gulas.ch | ||
eap= | eap=peap; | ||
identity=gpn | identity=gpn | ||
password=gpn | password=gpn | ||
phase2-auth= | phase2-auth=mschapv2 | ||
[ipv4] | [ipv4] | ||
Aktuelle Version vom 30. Mai 2024, 20:55 Uhr
for general infos see GPN22:NOC
Configuration examples
wpa_supplicant.conf
network={
ssid="GPN"
key_mgmt=WPA-EAP
eap=TTLS
identity="gpn"
password="gpn"
# ca path on debian 11.x, modify accordingly
ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
altsubject_match="DNS:radius.noc.gulas.ch"
phase2="auth=PAP"
}
iwd
Create a file under /var/lib/iwd/GPN.8021x with the following:
[Security] EAP-Method=TTLS EAP-Identity=open@identity.com #EAP-TTLS-CACert=/certs/ca-cert.pem EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-Phase2-Identity=gpn EAP-TTLS-Phase2-Password=gpn #EAP-TTLS-ServerDomainMask=*.domain.com [Settings] AutoConnect=true
netctl
Description='GPN secure WPA2 802.1X config'
Interface=wlp4s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=GPN
WPAConfigSection=(
'ssid="GPN"'
'proto=RSN WPA'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'identity="gpn"'
'password="gpn"'
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
'altsubject_match="DNS:radius.noc.gulas.ch"'
'phase2="auth=PAP"'
)
Network manager (text file)
Create a file /etc/NetworkManager/system-connections/GPN.nmconnection with the following:
[connection] id=GPN uuid=7aeae233-1a07-440a-aaf2-e9a4720bb4b6 type=wifi autoconnect=false [wifi] mode=infrastructure ssid=GPN [wifi-security] key-mgmt=wpa-eap [802-1x] ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem domain-suffix-match=radius.noc.gulas.ch eap=peap; identity=gpn password=gpn phase2-auth=mschapv2 [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy]
Make sure non-root users do not have read/write permissions for this file - Network Manager will ignore configuration files with incorrect permissions set. Then, reload the connections and start the service:
sudo nmcli connection reload nmcli c up GPN
NetworkManager (GUI nm-connection-editor)
Certificate path: /etc/ssl/certs/ISRG_Root_X1.pem