How to connect to the WPA2 EAP-TLS network: Unterschied zwischen den Versionen

aus Metalab, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Wechseln zu: Navigation, Suche
(cleanup & fixes)
Zeile 1: Zeile 1:
How to connect to the WPA2 accesspoint with EAP-TLS encryption.
+
== How to connect to the WPA2 accesspoint with EAP-TLS encryption. ==
 +
 
 +
 
  
 
You need to create/use a certificate to connect to the WPA2 access point.
 
You need to create/use a certificate to connect to the WPA2 access point.
 +
  ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 +
  # user@host:~# ssh -l root wpa-01.in.metalab.at
 +
  # root@wpa-01:~# cd /ca
 +
  # root@wpa-01:~# ./mkclient.sh ''yourname''
 +
  ## enter ca password
 +
  ## choose ''secretpassword'' for your key file
 +
  ## choose import/export password
 +
  # root@wpa-01:~# exit
 +
  ## copy the certificates to your host
 +
  # user@host:~# scp -r root@wpa-01.in.metalab.at:/ca/users/''yourname'' /path/to
 +
 +
You are now able to connect to the network by using the ca and your client certificate.
 +
 +
 +
=== Linux ===
 +
sample wpa_supplicant.conf:<br>
 +
  network={
 +
    ssid="metalab-wpa2"
 +
    scan_ssid=1
 +
    key_mgmt=WPA-EAP
 +
    proto=WPA2
 +
    eap=TLS
 +
    pairwise=CCMP
 +
    group=CCMP
 +
    identity="''yourname''"
 +
    ca_cert="/path/to/ca.crt"
 +
    client_cert="/path/to/''yourname''-cert.pem"
 +
    private_key="/path/to/''yourname''-key.pem"
 +
    private_key_passwd="''secretpassword''"
 +
  }
 +
  
<pre>
+
=== MacOS X ===
## To create it connect to wpa-01.in.metalab.at (10.20.30.25) as root.
+
tbd
# user@host:~# ssh -l root wpa-01.in.metalab.at
+
# root@wpa-01:~# cd /ca
+
# root@wpa-01:~# ./mkclient.sh yourname
+
## enter ca password
+
## choose secretpassword for your key file
+
# root@wpa-01:~# exit
+
# user@host:~# scp -r root@wpa-01.in.metalab.at:/ca/users/yourname /path/to
+
</pre>
+
  
you are now able to connect to the network by using the ca-certificate, your client certificate and your keyfile to the ca-certficate with the chosen password.
 
  
sample wpa_supplicant.conf:
+
=== Windows ===
<pre>
+
tbd
network={
+
        ssid="metalab-wpa2"
+
        scan_ssid=1
+
        key_mgmt=WPA-EAP
+
        proto=WPA2
+
        eap=TLS
+
        pairwise=CCMP
+
        group=CCMP
+
        identity="yourname"
+
        ca_cert="/path/to/ca.crt"
+
        client_cert="/path/to/yourname.crt"
+
        private_key="/path/to/yourname.key"
+
        private_key_passwd="secretpassword"
+
}
+
</pre>
+

Version vom 14. Februar 2009, 16:15 Uhr

How to connect to the WPA2 accesspoint with EAP-TLS encryption.

You need to create/use a certificate to connect to the WPA2 access point.

 ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 # user@host:~# ssh -l root wpa-01.in.metalab.at
 # root@wpa-01:~# cd /ca
 # root@wpa-01:~# ./mkclient.sh yourname
 ## enter ca password
 ## choose secretpassword for your key file
 ## choose import/export password
 # root@wpa-01:~# exit
 ## copy the certificates to your host
 # user@host:~# scp -r root@wpa-01.in.metalab.at:/ca/users/yourname /path/to

You are now able to connect to the network by using the ca and your client certificate.


Linux

sample wpa_supplicant.conf:

 network={
   ssid="metalab-wpa2"
   scan_ssid=1
   key_mgmt=WPA-EAP
   proto=WPA2
   eap=TLS
   pairwise=CCMP
   group=CCMP
   identity="yourname"
   ca_cert="/path/to/ca.crt"
   client_cert="/path/to/yourname-cert.pem"
   private_key="/path/to/yourname-key.pem"
   private_key_passwd="secretpassword"
 }


MacOS X

tbd


Windows

tbd