Skip to content
Snippets Groups Projects
Commit 782d0746 authored by Twi's avatar Twi
Browse files

Replace HTML tags with Markdown syntax

parent 9c83714f
No related branches found
No related tags found
1 merge request!50Changes from !47 with fixed merge conflicts
Hide whitespace changes
Inline Side-by-side
docs/network_dot1x_settings.md
+ 26
20
View file @ 782d0746
...@@ -7,15 +7,15 @@ You can use our Android App to configure the correct WiFi settings on your Andro ...@@ -7,15 +7,15 @@ You can use our Android App to configure the correct WiFi settings on your Andro
* APK download: https://eventinfra.org/Camp2023/app-release.apk * APK download: https://eventinfra.org/Camp2023/app-release.apk
### Manually ### Manually
If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's <b>Wi-Fi certificate</b> store, giving it any name you like. Then connect to the <b>Camp2023</b> network using the following information: If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's **Wi-Fi certificate** store, giving it any name you like. Then connect to the **Camp2023** network using the following information:
* EAP method: TTLS <i>(not TLS)</i> * EAP method: TTLS *(not TLS)*
* CA certificate: <i>(whatever name you gave the ISRG Root X1)</i> * CA certificate: *(whatever name you gave the ISRG Root X1)*
* Domain: radius.c3noc.net * Domain: radius.c3noc.net
* Identity: camp * Identity: camp
* Password: camp * Password: camp
It's fine to leave <b>Online Certificate status</b> as "Do not validate", and leave the <b>Anonymous identity</b> blank. It's fine to leave **Online Certificate status** as "Do not validate", and leave the **Anonymous identity** blank.
## Linux, etc. ## Linux, etc.
### Network Manager ### Network Manager
...@@ -27,7 +27,8 @@ Please note that some versions of NM are buggy and will only work with 802.1X us ...@@ -27,7 +27,8 @@ Please note that some versions of NM are buggy and will only work with 802.1X us
Hint: chmod 600 this file to make the connection work. Hint: chmod 600 this file to make the connection work.
<pre>[connection] ```
[connection]
id=Camp2023 id=Camp2023
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
type=wifi type=wifi
...@@ -63,12 +64,13 @@ method=auto ...@@ -63,12 +64,13 @@ method=auto
[ipv6] [ipv6]
dns-search= dns-search=
method=auto</pre> method=auto
```
### WiCD ### WiCD
You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours): You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):
<pre> ```
name = EAP-TTLS Camp2023 name = EAP-TTLS Camp2023
author = Felicitus author = Felicitus
require identity *Identity password *password require identity *Identity password *password
...@@ -90,13 +92,13 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc ...@@ -90,13 +92,13 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc
phase2="auth=PAP" phase2="auth=PAP"
#priority=2 #priority=2
} }
</pre> ```
Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password. Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password.
### Jolla/connman ### Jolla/connman
/var/lib/connman/Camp2023wifi.config : /var/lib/connman/Camp2023wifi.config :
<pre> ```
[service_Camp2023] [service_Camp2023]
Type=wifi Type=wifi
Name=Camp2023-legacy Name=Camp2023-legacy
...@@ -104,12 +106,13 @@ Edit /etc/wicd/encryption/templates/active to include the eap-ttls config templa ...@@ -104,12 +106,13 @@ Edit /etc/wicd/encryption/templates/active to include the eap-ttls config templa
Phase2=PAP Phase2=PAP
Identity=camp Identity=camp
Passphrase=camp Passphrase=camp
</pre> ```
### wpa_supplicant ### wpa_supplicant
This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network: This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network:
```
network={ network={
ssid="Camp2023" ssid="Camp2023"
key_mgmt=WPA-EAP key_mgmt=WPA-EAP
...@@ -121,12 +124,12 @@ This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_sup ...@@ -121,12 +124,12 @@ This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_sup
altsubject_match="DNS:radius.c3noc.net" altsubject_match="DNS:radius.c3noc.net"
phase2="auth=PAP" phase2="auth=PAP"
} }
</pre> ```
### Interfaces ### Interfaces
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces: As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
<pre> ```
iface wlan0 inet dhcp iface wlan0 inet dhcp
wpa-ssid Camp2023 wpa-ssid Camp2023
wpa-identity camp wpa-identity camp
...@@ -139,11 +142,12 @@ As an alternative, you can specify the wpa_supplicant config options directly in ...@@ -139,11 +142,12 @@ As an alternative, you can specify the wpa_supplicant config options directly in
wpa-phase2 "auth=PAP" wpa-phase2 "auth=PAP"
wpa-ca_cert "/etc/ssl/certs/ISRG_Root_X1.pem" wpa-ca_cert "/etc/ssl/certs/ISRG_Root_X1.pem"
wpa-altsubject_match DNS:radius.c3noc.net wpa-altsubject_match DNS:radius.c3noc.net
</pre> ```
### Netctl ### Netctl
<pre>Description='Camp2023 secure WPA2 802.1X config' ```
Description='Camp2023 secure WPA2 802.1X config'
Interface=wls1 Interface=wls1
Connection=wireless Connection=wireless
Security=wpa-configsection Security=wpa-configsection
...@@ -159,10 +163,12 @@ WPAConfigSection=( ...@@ -159,10 +163,12 @@ WPAConfigSection=(
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
'altsubject_match="DNS:radius.c3noc.net"' 'altsubject_match="DNS:radius.c3noc.net"'
'phase2="auth=PAP"' 'phase2="auth=PAP"'
)</pre> )
```
### IWD ### IWD
<pre>[Security] ```
[Security]
EAP-Method=PEAP EAP-Method=PEAP
EAP-Identity=anonymous@Camp2023 EAP-Identity=anonymous@Camp2023
EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem
...@@ -172,11 +178,11 @@ EAP-PEAP-Phase2-Identity=camp ...@@ -172,11 +178,11 @@ EAP-PEAP-Phase2-Identity=camp
EAP-PEAP-Phase2-Password=camp EAP-PEAP-Phase2-Password=camp
[Settings] [Settings]
AutoConnect=true</pre> AutoConnect=true
```
### NixOS ### NixOS
<pre> ```
networking.wireless.networks."Camp2023".auth = '' networking.wireless.networks."Camp2023".auth = ''
key_mgmt=WPA-EAP key_mgmt=WPA-EAP
eap=TTLS eap=TTLS
...@@ -189,7 +195,7 @@ networking.wireless.networks."Camp2023".auth = '' ...@@ -189,7 +195,7 @@ networking.wireless.networks."Camp2023".auth = ''
altsubject_match="DNS:radius.c3noc.net" altsubject_match="DNS:radius.c3noc.net"
phase2="auth=PAP" phase2="auth=PAP"
''; '';
</pre> ```
## Apple MacOS/iOS ## Apple MacOS/iOS
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS: You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Impressum - Datenschutzerklärung