Difference between revisions of "Static:Network/802.1X client settings"

From 34C3_Wiki
Jump to: navigation, search
m (1 revision imported)
(Network Manager)
 
(3 intermediate revisions by 2 users not shown)
Line 3: Line 3:
  
 
* From Google Playstore: [https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup]
 
* From Google Playstore: [https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup]
 +
* APK download: [https://eventinfra.org/34C3/app-release.apk]
  
== Network Manager ==
+
== Linux, etc. ==
 +
=== Network Manager ===
  
 
You can use the following config file:
 
You can use the following config file:
Line 12: Line 14:
 
If that affects you, it may be easiest to use wpa_supplicant.
 
If that affects you, it may be easiest to use wpa_supplicant.
  
'''/etc/NetworkManager/system-connections/33C3''':
+
'''/etc/NetworkManager/system-connections/{{XC3}}''':
 +
 
 +
Hint: chmod 600 this file to make the connection work.
  
 
  [connection]
 
  [connection]
Line 52: Line 56:
 
  method=auto
 
  method=auto
  
== WICD ==
+
=== WICD ===
 
You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours):
 
You need an additional crypto setting for WiCD. Put this file into '''/etc/wicd/encryption/templates/eap-ttls''' (debian systems, might be different with other *nix flavours):
  
Line 79: Line 83:
 
Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS {{XC3}}) and enter a random username/password.
 
Edit '''/etc/wicd/encryption/templates/active''' to include the '''eap-ttls''' config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS {{XC3}}) and enter a random username/password.
  
== Jolla/connman ==
+
=== Jolla/connman ===
 
/var/lib/connman/{{XC3}}wifi.config :
 
/var/lib/connman/{{XC3}}wifi.config :
  
Line 90: Line 94:
 
   Passphrase=snowden
 
   Passphrase=snowden
  
== wpa_supplicant.conf ==
+
=== wpa_supplicant.conf ===
 
/etc/wpa_supplicant/wpa_supplicant.conf :
 
/etc/wpa_supplicant/wpa_supplicant.conf :
  
Line 105: Line 109:
 
   }
 
   }
  
== interfaces ==
+
=== interfaces ===
 
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
 
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
  
Line 121: Line 125:
 
   wpa-altsubject_match DNS:radius.c3noc.net
 
   wpa-altsubject_match DNS:radius.c3noc.net
  
== netctl ==
+
=== netctl ===
 
  Description='{{XC3}} secure WPA2 802.1X config'
 
  Description='{{XC3}} secure WPA2 802.1X config'
 
  Interface=wls1
 
  Interface=wls1
Line 143: Line 147:
 
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
 
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
  
* [[https://eventinfra.org/33c3/33c3.mobileconfig {{XC3}}]] (5GHz only)
+
* [[https://eventinfra.org/{{XC3}}/{{XC3}}.mobileconfig {{XC3}}]] (5GHz only)
* [[https://eventinfra.org/33c3/33c3-legacy.mobileconfig {{XC3}}-legacy]] (2.4GHz only)
+
* [[https://eventinfra.org/{{XC3}}/{{XC3}}-legacy.mobileconfig {{XC3}}-legacy]] (2.4GHz only)
  
 
== Windows ==
 
== Windows ==
 
Import one of these profiles for the correct WiFi-settings for Windows
 
Import one of these profiles for the correct WiFi-settings for Windows
  
* [[https://eventinfra.org/33c3/{{XC3}}.xml {{XC3}}]] (5GHz only)
+
* [[https://eventinfra.org/{{XC3}}/{{XC3}}.xml {{XC3}}]] (5GHz only)
* [[https://eventinfra.org/33c3/{{XC3}}-legacy.xml {{XC3}}-legacy)]] (2.4GHz only)
+
* [[https://eventinfra.org/{{XC3}}/{{XC3}}-legacy.xml {{XC3}}-legacy)]] (2.4GHz only)
  
 
To import and connect follow these steps:
 
To import and connect follow these steps:

Latest revision as of 18:27, 26 December 2017

Android

You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:

  • From Google Playstore: [1]
  • APK download: [2]

Linux, etc.

Network Manager

You can use the following config file:

Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.

/etc/NetworkManager/system-connections/34C3:

Hint: chmod 600 this file to make the connection work.

[connection]
id=34C3
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
type=wifi
permissions=
secondaries=

[wifi]
mac-address=42:23:42:23:42:23 <- !! Please change this !!
mac-address-blacklist=
mode=infrastructure
seen-bssids=
ssid=34C3

[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=DNS:radius.c3noc.net
ca-cert=/etc/ssl/certs/DST_Root_CA_X3.pem
eap=ttls;
identity=34C3
password=34C3
phase2-altsubject-matches=
phase2-auth=pap

[ipv4]
dns-search=
method=auto

[ipv6]
dns-search=
method=auto

WICD

You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):

 name = EAP-TTLS 34C3
 author = Felicitus
 require identity *Identity password *password
 -----
 ctrl_interface=/var/run/wpa_supplicant
 network={
  ssid="34C3"
  scan_ssid=$_SCAN
  identity="edward"
  password="snowden"
  proto=WPA2
  key_mgmt=WPA-EAP
  group=CCMP
  pairwise=CCMP
  eap=TTLS
  ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
  altsubject_match="DNS:radius.c3noc.net"
  anonymous_identity="$_ANONYMOUS_IDENTITY"
  phase2="auth=PAP"
  #priority=2
 }

Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS 34C3) and enter a random username/password.

Jolla/connman

/var/lib/connman/34C3wifi.config :

 [service_34C3]
 Type=wifi
 Name=34C3-legacy
 EAP=ttls
 Phase2=PAP
 Identity=edward
 Passphrase=snowden

wpa_supplicant.conf

/etc/wpa_supplicant/wpa_supplicant.conf :

 network={
 	ssid="34C3"
 	key_mgmt=WPA-EAP
 	eap=TTLS
 	identity="edward"
 	password="snowden"
 	# ca path on debian 7.x, modify accordingly
 	ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"
 	altsubject_match="DNS:radius.c3noc.net"
 	phase2="auth=PAP"
 }

interfaces

As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:

 iface wlan0 inet dhcp
 	wpa-ssid 34C3
 	wpa-identity edward
 	wpa-password snowden
 	wpa-proto WPA2
 	wpa-key_mgmt WPA-EAP
 	wpa-group CCMP
 	wpa-pairwise CCMP
 	wpa-eap TTLS
 	wpa-phase2 "auth=PAP"
 	wpa-ca_cert "/etc/ssl/certs/DST_Root_CA_X3.pem"
 	wpa-altsubject_match DNS:radius.c3noc.net

netctl

Description='34C3 secure WPA2 802.1X config'
Interface=wls1
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=34C3
WPAConfigSection=(
    'ssid="34C3"'
    'proto=RSN WPA'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'identity="edward"'
    'password="snowden"'
    'ca_cert="/etc/ssl/certs/DST_Root_CA_X3.pem"'
    'altsubject_match="DNS:radius.c3noc.net"'
    'phase2="auth=PAP"'
)

Apple MacOS / iOS

You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:

Windows

Import one of these profiles for the correct WiFi-settings for Windows

To import and connect follow these steps:

  1. Open a command prompt and execute: netsh wlan add profile filename=34C3.xml
  2. Connect to the 34C3 or 34C3-legacy network; use "34C3/34C3" as the username/password when prompted.