1
0
Fork
You've already forked til
0
No description
2023年11月29日 21:12:08 +00:00
README.org add wpa_supplicant config for eduroam 2023年11月29日 21:12:08 +00:00

Repository of useful stuff

Inspired by jbranchaud/til.

Networking

wpa_supplicant

wpa_supplicant is a WPA supplicant for GNU/Linux, BSD, Mac OS X, and Windows with support for WPA, WPA2, and WPA3.

The program wpa_supplicant is a daemon and runs in the background and acts as a backend component. Two frontends are supplied—a text-based frontend wpa_cli, and a GUI frontend wpa_gui.

The latest documentation is available here.

The project source code is freely available. To clone the project:

git clone git://w1.fi/hostap.git

WPA-Personal: Also referred to as WPA-PSK (pre-shared key) mode, this is designed for home, small office and basic uses and does not require an authentication server. Each wireless network device encrypts the network traffic by deriving its 128-bit encryption key from a 256-bit shared key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. This pass-phrase-to-PSK mapping is nevertheless not binding, as Annex J is informative in the latest 802.11 standard. If ASCII characters are used, the 256-bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1. WPA-Personal mode is available on all three WPA versions. Source: Wikipedia.

A separate tool, wpa_passphrase, can be used to generate 256-bit keys from an ASCII passphrase, and execute the above key derivation function.

Usage: wpa_supplicant can be configured using a text file. See given example wpa_supplicant.conf.

The psk attribute may be entered either as the generated 256-bit key represented as 64 hex-digits; or an an ASCII passphrase inside double quotation marks.

network={
 ssid="MYSSID"
 #psk="passphrase"
 psk=59e0d07fa4c7741797a4e394f38a5c321e3bed51d54ad5fcbd3f84bc7415d73d
}

wpa_supplicant can be started quickly by using wpa_passphrase, as follows:

wpa_supplicant -B -i interface -c <(wpa_passphrase <MYSSID> <passphrase>)

WPA Enterprise: In this example we connect to eduroam. Use the following minimal configuration:

network={
 ssid="eduroam"
 key_mgmt=WPA-EAP
 eap=PEAP
 identity="myemail@myuni.ac.uk"
 password="passphrase"
 phase2="auth=MSCHAPV2"
}

After this run the following:

wpa_supplicant -B -i <interface> -c /etc/wpa_supplicant/wpa_supplicant.conf

References: