Skip to content
Snippets Groups Projects
Select Git revision
0 results
Blame Permalink
network_dot1x_settings.md 6.68 KiB

Generic settings

SSID: Camp2023

EAP-TTLS:

Phase 1: EAP-TTLS
Phase 2: PAP

PEAP:

Phase 1: PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN = radius.c3noc.net
CA = ISRG Root X1

SHA256 Fingerprint = 6C:5E:71:4F:1E:AD:3A:D5:FE:1A:F6:F3:67:17:FD:63:13:2F:CA:9C:51:36:92:5E:1B:3A:D2:DF:5F:A8:D2:D7

Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN and the CA).

Android

You can use our Android app to automatically configure the most secure WiFi settings on your Android device:

This app installs the certificate and WiFi profile which will allow your device to automatically connect. You can do it manually, as shown below, but it’s a bit more hassle.

Manual configuration

If you don’t want to use the app, download the ISRG Root X1 certificate, and install it into your device’s Wi-Fi certificate store, giving it any name you like. Then connect to the Camp2023 network using the following information:

  • EAP method: TTLS (not TLS)
  • CA certificate: (whatever name you gave the ISRG Root X1)
  • Domain: radius.c3noc.net
  • Identity: camp
  • Password: camp

It’s fine to leave Online Certificate status as “Do not validate”, and leave the Anonymous identity blank.

Linux, etc.

Network Manager

You can use the following config file:

Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.

/etc/NetworkManager/system-connections/Camp2023:

Hint: chmod 600 this file to make the connection work.

[connection]
id=Camp2023
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
type=wifi
permissions=
secondaries=

[wifi]
mac-address=42:23:42:23:42:23 <- !! Please change this !!
mac-address-blacklist=
mode=infrastructure
seen-bssids=
ssid=Camp2023

[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=DNS:radius.c3noc.net
ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
eap=ttls;
identity=camp
password=camp
phase2-altsubject-matches=
phase2-auth=pap

[ipv4]
dns-search=
method=auto

[ipv6]
dns-search=
method=auto

WiCD

You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):

Impressum - Datenschutzerklärung