for general infos see GPN22:NOC
Configuration examples
wpa_supplicant.conf
network={ ssid="GPN" key_mgmt=WPA-EAP eap=TTLS identity="gpn" password="gpn" # ca path on debian 11.x, modify accordingly ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem" altsubject_match="DNS:radius.noc.gulas.ch" phase2="auth=PAP" }
iwd
Create a file under /var/lib/iwd/GPN.8021x
with the following:
[Security] EAP-Method=TTLS EAP-Identity=open@identity.com #EAP-TTLS-CACert=/certs/ca-cert.pem EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-Phase2-Identity=gpn EAP-TTLS-Phase2-Password=gpn #EAP-TTLS-ServerDomainMask=*.domain.com [Settings] AutoConnect=true
netctl
Description='GPN secure WPA2 802.1X config' Interface=wlp4s0 Connection=wireless Security=wpa-configsection IP=dhcp ESSID=GPN WPAConfigSection=( 'ssid="GPN"' 'proto=RSN WPA' 'key_mgmt=WPA-EAP' 'eap=TTLS' 'identity="gpn"' 'password="gpn"' 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' 'altsubject_match="DNS:radius.noc.gulas.ch"' 'phase2="auth=PAP"' )
Network manager (text file)
Create a file /etc/NetworkManager/system-connections/GPN.nmconnection
with the following:
[connection] id=GPN uuid=7aeae233-1a07-440a-aaf2-e9a4720bb4b6 type=wifi autoconnect=false [wifi] mode=infrastructure ssid=GPN [wifi-security] key-mgmt=wpa-eap [802-1x] ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem domain-suffix-match=radius.noc.gulas.ch eap=peap; identity=gpn password=gpn phase2-auth=mschapv2 [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy]
Make sure non-root users do not have read/write permissions for this file - Network Manager will ignore configuration files with incorrect permissions set. Then, reload the connections and start the service:
sudo nmcli connection reload nmcli c up GPN
NetworkManager (GUI nm-connection-editor)
Certificate path: /etc/ssl/certs/ISRG_Root_X1.pem