Skip to content
Snippets Groups Projects
Commit f33e78c7 authored by AK's avatar AK
Browse files

Update network_dot1x_settings.md

parent 94608fd3
No related branches found
No related tags found
2 merge requests!50Changes from !47 with fixed merge conflicts,!47Add network WiFi settings
Hide whitespace changes
Inline Side-by-side
docs/network_dot1x_settings.md
+ 41
49
View file @ f33e78c7
== Android ==
=== App ===
## Android
### App
You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:
* From Google Playstore: https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup
* Source-code: https://github.com/EventInfra/wifisetup
* APK download: https://eventinfra.org/Camp2023/app-release.apk
=== Manually ===
If you don't want to use the app, download the [https://letsencrypt.org/certs/isrgrootx1.pem ISRG Root X1], and [https://support.google.com/pixelphone/answer/2844832 install it] into your device's '''Wi-Fi certificate''' store, giving it any name you like. Then connect to the '''Camp2023''' network using the following information:
{|padding
| EAP method || TTLS ''(not TLS)''
|-
| style="padding-right: 1em" | Phase 2 authentication || PAP
|-
| CA certificate || ''(whatever name you gave the ISRG Root X1)''
|-
| Domain || radius.c3noc.net
|-
| Identity || mch
|-
| Password || mch
|}
### Manually
If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's <b>Wi-Fi certificate</b> store, giving it any name you like. Then connect to the <b>Camp2023</b> network using the following information:
* EAP method: TTLS <i>(not TLS)</i>
* CA certificate: <i>(whatever name you gave the ISRG Root X1)</i>
* Domain: radius.c3noc.net
* Identity: camp
* Password: camp
It's fine to leave '''Online Certificate status''' as "Do not validate", and leave the '''Anonymous identity''' blank.
== Linux, etc. ==
=== Network Manager ===
## Linux, etc.
### Network Manager
You can use the following config file:
Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.
......@@ -60,8 +52,8 @@ proto=
altsubject-matches=DNS:radius.c3noc.net
ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
eap=ttls;
identity=mch
password=mch
identity=camp
password=camp
phase2-altsubject-matches=
phase2-auth=pap
......@@ -73,7 +65,7 @@ method=auto
dns-search=
method=auto</pre>
=== WiCD ===
### WiCD
You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):
<pre>
......@@ -85,8 +77,8 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc
network={
ssid="Camp2023"
scan_ssid=$_SCAN
identity="mch"
password="mch"
identity="camp"
password="camp"
proto=WPA2
key_mgmt=WPA-EAP
group=CCMP
......@@ -101,7 +93,7 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc
</pre>
Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password.
=== Jolla/connman ===
### Jolla/connman
/var/lib/connman/Camp2023wifi.config :
<pre>
......@@ -110,20 +102,20 @@ Edit /etc/wicd/encryption/templates/active to include the eap-ttls config templa
Name=Camp2023-legacy
EAP=ttls
Phase2=PAP
Identity=mch
Passphrase=mch
Identity=camp
Passphrase=camp
</pre>
=== wpa_supplicant ===
### wpa_supplicant
This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network:
network={
ssid="Camp2023"
key_mgmt=WPA-EAP
eap=TTLS
identity="mch"
password="mch"
identity="camp"
password="camp"
# ca path on debian 7.x and raspberry pi OS, modify accordingly
ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
altsubject_match="DNS:radius.c3noc.net"
......@@ -131,14 +123,14 @@ This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_sup
}
</pre>
=== Interfaces ===
### Interfaces
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
<pre>
iface wlan0 inet dhcp
wpa-ssid Camp2023
wpa-identity mch
wpa-password mch
wpa-identity camp
wpa-password camp
wpa-proto WPA2
wpa-key_mgmt WPA-EAP
wpa-group CCMP
......@@ -149,7 +141,7 @@ As an alternative, you can specify the wpa_supplicant config options directly in
wpa-altsubject_match DNS:radius.c3noc.net
</pre>
=== Netctl ===
### Netctl
<pre>Description='Camp2023 secure WPA2 802.1X config'
Interface=wls1
......@@ -162,34 +154,34 @@ WPAConfigSection=(
'proto=RSN WPA'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'identity="mch"'
'password="mch"'
'identity="camp"'
'password="camp"'
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
'altsubject_match="DNS:radius.c3noc.net"'
'phase2="auth=PAP"'
)</pre>
=== IWD ===
### IWD
<pre>[Security]
EAP-Method=PEAP
EAP-Identity=anonymous@Camp2023
EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem
EAP-PEAP-ServerDomainMask=radius.c3noc.net
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=mch
EAP-PEAP-Phase2-Password=mch
EAP-PEAP-Phase2-Identity=camp
EAP-PEAP-Phase2-Password=camp
[Settings]
AutoConnect=true</pre>
=== NixOS ===
### NixOS
<pre>
networking.wireless.networks."Camp2023".auth = ''
key_mgmt=WPA-EAP
eap=TTLS
identity="mch"
password="mch"
identity="camp"
password="camp"
ca_cert="${builtins.fetchurl {
url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
......@@ -199,17 +191,17 @@ networking.wireless.networks."Camp2023".auth = ''
'';
</pre>
== Apple MacOS/iOS ==
## Apple MacOS/iOS
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
* [https://eventinfra.org/Camp2023/Camp2023.mobileconfig Camp2023] (2.4GHz+5GHz, mch user)
* [Camp2023](https://eventinfra.org/Camp2023/Camp2023.mobileconfig) (2.4GHz+5GHz, Camp user)
== Windows ==
## Windows
Import one of these profiles for the correct WiFi-settings for Windows:
* [https://eventinfra.org/Camp2023/Camp2023.xml Camp2023] (2.4GHz+5GHz)
* [Camp2023](https://eventinfra.org/Camp2023/Camp2023.xml) (2.4GHz+5GHz)
To import and connect follow these steps:
# Open a command prompt and execute: netsh wlan add profile filename=Camp2023.xml
# Connect to the Camp2023 network; use "mch/mch" as the username/password when prompted. Alternatively, use "outboundonly/outboundonly" as the username/password to enable inbound traffic firewalling.
* Open a command prompt and execute: netsh wlan add profile filename=Camp2023.xml
* Connect to the Camp2023 network; use "camp/camp" as the username/password when prompted. Alternatively, use "outboundonly/outboundonly" as the username/password to enable inbound traffic firewalling.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Impressum - Datenschutzerklärung