GPN22:NOC/Wireless: Unterschied zwischen den Versionen

aus dem Wiki des Entropia e.V., CCC Karlsruhe
(remove duplicate sections)
(fix networkmanager config)
 
Zeile 69: Zeile 69:
  ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
  ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
  domain-suffix-match=radius.noc.gulas.ch
  domain-suffix-match=radius.noc.gulas.ch
  eap=ttls;
  eap=peap;
  identity=gpn
  identity=gpn
  password=gpn
  password=gpn
  phase2-auth=pap
  phase2-auth=mschapv2
   
   
  [ipv4]
  [ipv4]

Aktuelle Version vom 30. Mai 2024, 19:55 Uhr

for general infos see GPN22:NOC

Configuration examples

wpa_supplicant.conf

network={
    ssid="GPN"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="gpn"
    password="gpn"
    # ca path on debian 11.x, modify accordingly
    ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
    altsubject_match="DNS:radius.noc.gulas.ch"
    phase2="auth=PAP"
}

iwd

Create a file under /var/lib/iwd/GPN.8021x with the following:

[Security]
  EAP-Method=TTLS
  EAP-Identity=open@identity.com
  #EAP-TTLS-CACert=/certs/ca-cert.pem
  EAP-TTLS-Phase2-Method=Tunneled-PAP
  EAP-TTLS-Phase2-Identity=gpn
  EAP-TTLS-Phase2-Password=gpn
  #EAP-TTLS-ServerDomainMask=*.domain.com

[Settings]
  AutoConnect=true
 

netctl

Description='GPN secure WPA2 802.1X config'
Interface=wlp4s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=GPN
WPAConfigSection=(
    'ssid="GPN"'
    'proto=RSN WPA'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'identity="gpn"'
    'password="gpn"'
    'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
    'altsubject_match="DNS:radius.noc.gulas.ch"'
    'phase2="auth=PAP"'
)

Network manager (text file)

Create a file /etc/NetworkManager/system-connections/GPN.nmconnection with the following:

[connection]
id=GPN
uuid=7aeae233-1a07-440a-aaf2-e9a4720bb4b6
type=wifi
autoconnect=false

[wifi]
mode=infrastructure
ssid=GPN

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
domain-suffix-match=radius.noc.gulas.ch
eap=peap;
identity=gpn
password=gpn
phase2-auth=mschapv2

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

Make sure non-root users do not have read/write permissions for this file - Network Manager will ignore configuration files with incorrect permissions set. Then, reload the connections and start the service:

sudo nmcli connection reload
nmcli c up GPN

NetworkManager (GUI nm-connection-editor)

Certificate path: /etc/ssl/certs/ISRG_Root_X1.pem