for general infos see GPN22:NOC
Configuration examples
wpa_supplicant.conf
network={
ssid="GPN"
key_mgmt=WPA-EAP
eap=TTLS
identity="gpn"
password="gpn"
# ca path on debian 11.x, modify accordingly
ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
altsubject_match="DNS:radius.noc.gulas.ch"
phase2="auth=PAP"
}
iwd
Create a file under /var/lib/iwd/GPN.8021x with the following:
[Security] EAP-Method=TTLS EAP-Identity=open@identity.com #EAP-TTLS-CACert=/certs/ca-cert.pem EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-Phase2-Identity=gpn EAP-TTLS-Phase2-Password=gpn #EAP-TTLS-ServerDomainMask=*.domain.com [Settings] AutoConnect=true
netctl
Description='GPN secure WPA2 802.1X config'
Interface=wlp4s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=GPN
WPAConfigSection=(
'ssid="GPN"'
'proto=RSN WPA'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'identity="gpn"'
'password="gpn"'
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
'altsubject_match="DNS:radius.noc.gulas.ch"'
'phase2="auth=PAP"'
)
Network manager (text file)
Create a file /etc/NetworkManager/system-connections/GPN.nmconnection with the following:
[connection] id=GPN uuid=7aeae233-1a07-440a-aaf2-e9a4720bb4b6 type=wifi autoconnect=false [wifi] mode=infrastructure ssid=GPN [wifi-security] key-mgmt=wpa-eap [802-1x] ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem domain-suffix-match=radius.noc.gulas.ch eap=ttls; identity=gpn password=gpn phase2-auth=pap [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy]
Make sure non-root users do not have read/write permissions for this file - Network Manager will ignore configuration files with incorrect permissions set. Then, reload the connections and start the service:
sudo nmcli connection reload nmcli c up GPN
NetworkManager (GUI nm-connection-editor)
Certificate path: /etc/ssl/certs/ISRG_Root_X1.pem