GPN22:NOC/Wireless: Unterschied zwischen den Versionen
aus dem Wiki des Entropia e.V., CCC Karlsruhe
(GPN22-WiFi) |
(fix networkmanager config) |
||
(2 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
for general infos see [[GPN22:NOC]] | |||
== Configuration examples == | |||
=== wpa_supplicant.conf === | === wpa_supplicant.conf === | ||
network={ | network={ | ||
Zeile 66: | Zeile 7: | ||
key_mgmt=WPA-EAP | key_mgmt=WPA-EAP | ||
eap=TTLS | eap=TTLS | ||
identity=" | identity="gpn" | ||
password=" | password="gpn" | ||
# ca path on debian 11.x, modify accordingly | # ca path on debian 11.x, modify accordingly | ||
ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" | ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" | ||
Zeile 75: | Zeile 16: | ||
=== iwd === | === iwd === | ||
Create a file under <code>/var/lib/iwd/GPN.8021x</code> with the following: | Create a file under <code>/var/lib/iwd/GPN.8021x</code> with the following: | ||
[Security] | [Security] | ||
EAP-Method=TTLS | |||
EAP-Identity=open@identity.com | |||
#EAP-TTLS-CACert=/certs/ca-cert.pem | |||
EAP-TTLS-Phase2-Method=Tunneled-PAP | |||
EAP-TTLS-Phase2-Identity=gpn | |||
EAP-TTLS-Phase2-Password=gpn | |||
#EAP-TTLS-ServerDomainMask=*.domain.com | |||
[Settings] | [Settings] | ||
AutoConnect=true | |||
=== netctl === | === netctl === | ||
Zeile 101: | Zeile 42: | ||
'key_mgmt=WPA-EAP' | 'key_mgmt=WPA-EAP' | ||
'eap=TTLS' | 'eap=TTLS' | ||
'identity=" | 'identity="gpn"' | ||
'password=" | 'password="gpn"' | ||
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' | 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' | ||
'altsubject_match="DNS:radius.noc.gulas.ch"' | 'altsubject_match="DNS:radius.noc.gulas.ch"' | ||
Zeile 110: | Zeile 51: | ||
=== Network manager (text file) === | === Network manager (text file) === | ||
Create a file <code>/etc/NetworkManager/system-connections/ | Create a file <code>/etc/NetworkManager/system-connections/GPN.nmconnection</code> with the following: | ||
[connection] | [connection] | ||
Zeile 128: | Zeile 69: | ||
ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem | ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem | ||
domain-suffix-match=radius.noc.gulas.ch | domain-suffix-match=radius.noc.gulas.ch | ||
eap= | eap=peap; | ||
identity=gpn | identity=gpn | ||
password=gpn | password=gpn | ||
phase2-auth= | phase2-auth=mschapv2 | ||
[ipv4] | [ipv4] |
Aktuelle Version vom 30. Mai 2024, 19:55 Uhr
for general infos see GPN22:NOC
Configuration examples
wpa_supplicant.conf
network={ ssid="GPN" key_mgmt=WPA-EAP eap=TTLS identity="gpn" password="gpn" # ca path on debian 11.x, modify accordingly ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" altsubject_match="DNS:radius.noc.gulas.ch" phase2="auth=PAP" }
iwd
Create a file under /var/lib/iwd/GPN.8021x
with the following:
[Security] EAP-Method=TTLS EAP-Identity=open@identity.com #EAP-TTLS-CACert=/certs/ca-cert.pem EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-Phase2-Identity=gpn EAP-TTLS-Phase2-Password=gpn #EAP-TTLS-ServerDomainMask=*.domain.com [Settings] AutoConnect=true
netctl
Description='GPN secure WPA2 802.1X config' Interface=wlp4s0 Connection=wireless Security=wpa-configsection IP=dhcp ESSID=GPN WPAConfigSection=( 'ssid="GPN"' 'proto=RSN WPA' 'key_mgmt=WPA-EAP' 'eap=TTLS' 'identity="gpn"' 'password="gpn"' 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' 'altsubject_match="DNS:radius.noc.gulas.ch"' 'phase2="auth=PAP"' )
Network manager (text file)
Create a file /etc/NetworkManager/system-connections/GPN.nmconnection
with the following:
[connection] id=GPN uuid=7aeae233-1a07-440a-aaf2-e9a4720bb4b6 type=wifi autoconnect=false [wifi] mode=infrastructure ssid=GPN [wifi-security] key-mgmt=wpa-eap [802-1x] ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem domain-suffix-match=radius.noc.gulas.ch eap=peap; identity=gpn password=gpn phase2-auth=mschapv2 [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy]
Make sure non-root users do not have read/write permissions for this file - Network Manager will ignore configuration files with incorrect permissions set. Then, reload the connections and start the service:
sudo nmcli connection reload nmcli c up GPN
NetworkManager (GUI nm-connection-editor)
Certificate path: /etc/ssl/certs/ISRG_Root_X1.pem