wpa_supplicant is definately a lower-class citizen, sorry.
I increasingly wonder why this stuff matters; transit costs are so much
lower than the period when eduroam was setup, and their reliance on 802.11x
is super wierd in a world where, for the most part
- entire cities have open wifi in their downtown core
- edu vs edu+transit split horizon problems have to be solved anyways
- many universities have parallel open wifi
- rate limiting / fare-share approaches for the open-net, on unmetered
flat-rate solves the problem
- LTE hotspot off a phone isn't a rip off anymore
- other open networks exist
essentially noone else feels compelled to do use 802.11x for a so called
"semi-open access network", so I think they've lost the plot on friction
vs benefit.
(we've held hackathons at EDU campus that are locked down like that, and
in every case we've said no way, gotten a wire with open net, and built
our own wifi. we will not subject our developers to that extra complexity).
Charlie Burnett <burne...@umn.edu> wrote:
> Yep I've been using that for a while, however I don't believe it's possible
> to connect to eduroam through hostname.if config files :/
>
> On Sun, Feb 2, 2020 at 4:01 PM Edgar Pettijohn <ed...@pettijohn-web.com>
> wrote:
>
> > Try without wpa_supplicant
> >
> > /etc/hostname.iwm0
> > nwid yournwid wpakey yourwpakey
> > dhcp
> >
> > sh /etc/netstart
> >
> > On Feb 2, 2020 3:42 PM, Charlie Burnett <burne...@umn.edu> wrote:
> > >
> > > Hey @misc,
> > > I've used OpenBSD on my desktop and server for a while, however they both
> > > have an Ethernet connection. I recently got my hands on a thinkpad x1 6th
> > > gen in order to ensure compatibility with OpenBSD. I can connect fine via
> > > the /etc/hostname.if with /etc/netstart, however I need to be able to
> > > connect to eduroam for class. I was using linux on my past laptop,
> > however
> > > I connected through wpa_supplicant on it. I copied my wpa_supplicant.conf
> > > over, however whenever I try to connect to a network I get hung up in the
> > > same spot. The conf works fine on linux, so the credentials are correct.
> > > I've also ensured the interface was up with "doas ifconfig iwm0 up"
> > Here's
> > > the output from attempting to connect with "doas wpa_supplicant -i iwm0
> > -c
> > > /etc/wpa_supplicant.conf -D openbsd -dd":
> > > wpa_supplicant v2.9
> > > Successfully initialized wpa_supplicant
> > > Initializing interface 'iwm0' conf '/etc/wpa_supplicant.conf' driver
> > > 'openbsd' ctrl_interface 'N/A' bridge 'N/A'
> > > Configuration file '/etc/wpa_supplicant.conf' ->
> > '/etc/wpa_supplicant.conf'
> > > Reading configuration file '/etc/wpa_supplicant.conf'
> > > ctrl_interface='/var/run/wpa_supplicant'
> > > ctrl_interface_group='wheel'
> > > eapol_version=2
> > > ap_scan=1
> > > fast_reauth=1
> > > update_config=1
> > > Line: 11 - start of a new network block
> > > ssid - hexdump_ascii(len=): HOME
> > > key_mgmt: 0x2
> > > PSK - hexdump(len=): [REMOVED]
> > > Line: 19 - start of a new network block
> > > ssid - hexdump_ascii(len=7): eduroam
> > > scan_ssid=1 (0x1)
> > > key_mgmt: 0x1
> > > eap methods - hexdump(len=): 00 00 00 00 19 00 00 00 00 00 00 00 00 00
> > 00 00
> > > phase2 - hexdump_ascii(len=):
> > > 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
> > > auth_alg: 0x1
> > > identity - hexdump_ascii(len=):
> > > ca_cert - hexdump_ascii(len=):
> > > 2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 41 /etc/ssl/certs/A
> > > 64 64 54 72 75 73 74 5f 45 78 74 65 72 6e 61 6c ddTrust_External
> > > 5f 52 6f 6f 74 2e 70 65 6d _Root.pem
> > > password - hexdump_ascii(len=): [REMOVED]
> > > Line: 32 - start of a new network block
> > > ssid - hexdump_ascii(len=): HOME2
> > > PSK - hexdump(len=): [REMOVED]
> > > Priority group 0
> > > id=0 ssid='HOME'
> > > id=1 ssid='eduroam'
> > > id=2 ssid='HOME2'
> > > Add interface iwm0 to a new radio N/A
> > > iwm0: Failed to attach pkt_type filter
> > > iwm0: Own MAC address: 38:00:25:6c:76:6d
> > > iwm0: RSN: flushing PMKID list in the driver
> > > iwm0: Setting scan request: 0.100000 sec
> > > ENGINE: Loading builtin engines
> > > ENGINE: Loading builtin engines
> > > EAPOL: SUPP_PAE entering state DISCONNECTED
> > > EAPOL: Supplicant port status: Unauthorized
> > > EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> > > EAPOL: SUPP_BE entering state INITIALIZE
> > > EAP: EAP entering state DISABLED
> > > ctrl_interface_group=0 (from group name 'wheel')
> > > iwm0: Added interface iwm0
> > > iwm0: State: DISCONNECTED -> DISCONNECTED
> > > iwm0: Using OpenBSD - overriding ap_scan configuration
> > > EAPOL: disable timer tick
> > >
> > > Here is the output after sending a ctrl-C to the terminal:
> > > ^Ciwm0: Removing interface iwm0
> > > iwm0: Request to deauthenticate - bssid=00:00:00:00:00:00
> > > pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING)
> > state=DISCONNECTED
> > > iwm0: State: DISCONNECTED -> DISCONNECTED
> > > EAPOL: External notification - portEnabled=0
> > > EAPOL: External notification - portValid=0
> > > iwm0: WPA: Clear old PMK and PTK
> > > iwm0: Cancelling scan request
> > > iwm0: Cancelling authentication timeout
> > > Remove interface iwm0 from radio
> > > Remove radio
> > > iwm0: CTRL-EVENT-TERMINATING
> > >
> > >
> > > And here's my wpa_supplicant.conf (with ssid's and psk's removed):
> > > ctrl_interface=/var/run/wpa_supplicant
> > > ctrl_interface_group=wheel
> > > eapol_version=2
> > > ap_scan=1
> > > fast_reauth=1
> > > update_config=1
> > >
> > > network={
> > > ssid="HOME"
> > > psk=PASSWORD
> > > }
> > >
> > > # Eduroam
> > > network={
> > > ssid="eduroam"
> > > scan_ssid=1
> > > key_mgmt=WPA-EAP
> > > eap=PEAP
> > > phase2="auth=MSCHAPV2"
> > > auth_alg=OPEN
> > > identity="burne...@umn.edu"
> > > ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
> > > password="Here I am, here I remain."
> > > }
> > >
> > > network={
> > > ssid="HOME2"
> > > psk=PASSWORD
> > > }
> > >
> > > Any help would be very much appreciated!
> >
