Skip to content
Snippets Groups Projects
Commit 782d0746 authored by Twi's avatar Twi
Browse files

Replace HTML tags with Markdown syntax

parent 9c83714f
Branches pr-47
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
docs/network_dot1x_settings.md
+ 26
20
View file @ 782d0746
...@@ -7,15 +7,15 @@ You can use our Android App to configure the correct WiFi settings on your Andro ...@@ -7,15 +7,15 @@ You can use our Android App to configure the correct WiFi settings on your Andro
* APK download: https://eventinfra.org/Camp2023/app-release.apk * APK download: https://eventinfra.org/Camp2023/app-release.apk
### Manually ### Manually
If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's <b>Wi-Fi certificate</b> store, giving it any name you like. Then connect to the <b>Camp2023</b> network using the following information: If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's **Wi-Fi certificate** store, giving it any name you like. Then connect to the **Camp2023** network using the following information:
* EAP method: TTLS <i>(not TLS)</i> * EAP method: TTLS *(not TLS)*
* CA certificate: <i>(whatever name you gave the ISRG Root X1)</i> * CA certificate: *(whatever name you gave the ISRG Root X1)*
* Domain: radius.c3noc.net * Domain: radius.c3noc.net
* Identity: camp * Identity: camp
* Password: camp * Password: camp
It's fine to leave <b>Online Certificate status</b> as "Do not validate", and leave the <b>Anonymous identity</b> blank. It's fine to leave **Online Certificate status** as "Do not validate", and leave the **Anonymous identity** blank.
## Linux, etc. ## Linux, etc.
### Network Manager ### Network Manager
...@@ -27,7 +27,8 @@ Please note that some versions of NM are buggy and will only work with 802.1X us ...@@ -27,7 +27,8 @@ Please note that some versions of NM are buggy and will only work with 802.1X us
Hint: chmod 600 this file to make the connection work. Hint: chmod 600 this file to make the connection work.
<pre>[connection] ```
[connection]
id=Camp2023 id=Camp2023
uuid=c80101e2-7b99-4511-846b-2388eb86a5ad uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
type=wifi type=wifi
...@@ -63,12 +64,13 @@ method=auto ...@@ -63,12 +64,13 @@ method=auto
[ipv6] [ipv6]
dns-search= dns-search=
method=auto</pre> method=auto
```
### WiCD ### WiCD
You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours): You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):
<pre> ```
name = EAP-TTLS Camp2023 name = EAP-TTLS Camp2023
author = Felicitus author = Felicitus
require identity *Identity password *password require identity *Identity password *password
...@@ -90,13 +92,13 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc ...@@ -90,13 +92,13 @@ You need an additional crypto setting for WiCD. Put this file into /etc/wicd/enc
phase2="auth=PAP" phase2="auth=PAP"
#priority=2 #priority=2
} }
</pre> ```
Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password. Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password.
### Jolla/connman ### Jolla/connman
/var/lib/connman/Camp2023wifi.config : /var/lib/connman/Camp2023wifi.config :
<pre> ```
[service_Camp2023] [service_Camp2023]
Type=wifi Type=wifi
Name=Camp2023-legacy Name=Camp2023-legacy
...@@ -104,12 +106,13 @@ Edit /etc/wicd/encryption/templates/active to include the eap-ttls config templa ...@@ -104,12 +106,13 @@ Edit /etc/wicd/encryption/templates/active to include the eap-ttls config templa
Phase2=PAP Phase2=PAP
Identity=camp Identity=camp
Passphrase=camp Passphrase=camp
</pre> ```
### wpa_supplicant ### wpa_supplicant
This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network: This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network:
```
network={ network={
ssid="Camp2023" ssid="Camp2023"
key_mgmt=WPA-EAP key_mgmt=WPA-EAP
...@@ -121,12 +124,12 @@ This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_sup ...@@ -121,12 +124,12 @@ This is the default option on Raspberry Pi OS. Edit /etc/wpa_supplicant/wpa_sup
altsubject_match="DNS:radius.c3noc.net" altsubject_match="DNS:radius.c3noc.net"
phase2="auth=PAP" phase2="auth=PAP"
} }
</pre> ```
### Interfaces ### Interfaces
As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces: As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
<pre> ```
iface wlan0 inet dhcp iface wlan0 inet dhcp
wpa-ssid Camp2023 wpa-ssid Camp2023
wpa-identity camp wpa-identity camp
...@@ -139,11 +142,12 @@ As an alternative, you can specify the wpa_supplicant config options directly in ...@@ -139,11 +142,12 @@ As an alternative, you can specify the wpa_supplicant config options directly in
wpa-phase2 "auth=PAP" wpa-phase2 "auth=PAP"
wpa-ca_cert "/etc/ssl/certs/ISRG_Root_X1.pem" wpa-ca_cert "/etc/ssl/certs/ISRG_Root_X1.pem"
wpa-altsubject_match DNS:radius.c3noc.net wpa-altsubject_match DNS:radius.c3noc.net
</pre> ```
### Netctl ### Netctl
<pre>Description='Camp2023 secure WPA2 802.1X config' ```
Description='Camp2023 secure WPA2 802.1X config'
Interface=wls1 Interface=wls1
Connection=wireless Connection=wireless
Security=wpa-configsection Security=wpa-configsection
...@@ -159,10 +163,12 @@ WPAConfigSection=( ...@@ -159,10 +163,12 @@ WPAConfigSection=(
'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"' 'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
'altsubject_match="DNS:radius.c3noc.net"' 'altsubject_match="DNS:radius.c3noc.net"'
'phase2="auth=PAP"' 'phase2="auth=PAP"'
)</pre> )
```
### IWD ### IWD
<pre>[Security] ```
[Security]
EAP-Method=PEAP EAP-Method=PEAP
EAP-Identity=anonymous@Camp2023 EAP-Identity=anonymous@Camp2023
EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem
...@@ -172,11 +178,11 @@ EAP-PEAP-Phase2-Identity=camp ...@@ -172,11 +178,11 @@ EAP-PEAP-Phase2-Identity=camp
EAP-PEAP-Phase2-Password=camp EAP-PEAP-Phase2-Password=camp
[Settings] [Settings]
AutoConnect=true</pre> AutoConnect=true
```
### NixOS ### NixOS
<pre> ```
networking.wireless.networks."Camp2023".auth = '' networking.wireless.networks."Camp2023".auth = ''
key_mgmt=WPA-EAP key_mgmt=WPA-EAP
eap=TTLS eap=TTLS
...@@ -189,7 +195,7 @@ networking.wireless.networks."Camp2023".auth = '' ...@@ -189,7 +195,7 @@ networking.wireless.networks."Camp2023".auth = ''
altsubject_match="DNS:radius.c3noc.net" altsubject_match="DNS:radius.c3noc.net"
phase2="auth=PAP" phase2="auth=PAP"
''; '';
</pre> ```
## Apple MacOS/iOS ## Apple MacOS/iOS
You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS: You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung