Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Big thanks to Mark Kettenis. I tested it and it works.
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
From: Mark Kettenis kette...@openbsd.org Subject: Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2? Date: Mon, 28 Jan 2013 21:27:23 + (UTC) Erling Westenvik erling.westenvik at gmail.com writes: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? As of today it is actually possible to do this with OpenBSD: http://www.undeadly.org/cgi?action=articlesid=20130128142215 Wow, thank you! -- posted from my school wireless
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Erling Westenvik erling.westenvik at gmail.com writes: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? As of today it is actually possible to do this with OpenBSD: http://www.undeadly.org/cgi?action=articlesid=20130128142215
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. You can even find examples, the following is from a university in Germany (http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de): network={ ssid=eduroam key_mgmt=WPA-EAP eap=TTLS identity=tim-acco...@rwth-aachen.de anonymous_identity=tim-acco...@rwth-aachen.de password=PASSWORT-FÜR-TIM-ACCOUNT ca_cert=/etc/certs/eduroam-chain.pem phase2=auth=PAP } But, again, I haven't tested it myself. Reyk
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On 24 January 2013 10:45, Reyk Floeter r...@openbsd.org wrote: On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. You can even find examples, the following is from a university in Germany (http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de): network={ ssid=eduroam key_mgmt=WPA-EAP eap=TTLS identity=tim-acco...@rwth-aachen.de anonymous_identity=tim-acco...@rwth-aachen.de password=PASSWORT-FÜR-TIM-ACCOUNT ca_cert=/etc/certs/eduroam-chain.pem phase2=auth=PAP } But, again, I haven't tested it myself. Reyk Interesting. Didn't know that works with wlan too. Thanks for the info, although I am not able to test it in the near future. -- Sincerely, Ville Valkonen
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, 24 Jan 2013, Reyk Floeter wrote: From: Reyk Floeter r...@openbsd.org To: Erling Westenvik erling.westen...@gmail.com Cc: Misc misc@openbsd.org Date: Thu, 24 Jan 2013 08:45:46 Subject: Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2? On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. ... Comments in the DESCR file for your port of wpa_supplicant state: wpa_supplicant is the implementation of an IEEE 802.1X supplicant. This port is for wired authentication only (Ethernet PAE) and does not support the wireless WPA/WPA2 functionality. I tried using the example from Aachen to try to get wireless WPA/WPA2 to work. This was some time ago, but I never got it to work here. Of course that could well be a reflection on my lack of skills. The setup here is similar to that described by the original requestor. If I plug in a USB wireless device into my desktop and run a scan I see: anquetil.bath.ac.uk ?// ./wifiprobe rum0 wifiprobe: Wireless access selection for device: rum0 Available public networks . . . . . . . . . . score --- 1 BUCS-WiFi111 2 BTOpenzone 111 3 BTOpenzone 111 4 BUCS-WiFi111 Available secured networks --- 5 eduroam 111 6 eduroam 111 Select network 0 anquetil.bath.ac.uk ?// The BUCS-WiFi network is our unsecured network. You have to authenticate to use it. The BTOpenzone network is there for visitors to use if they can't access via eduroam. I believe you need an account to use BTOpenzone. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Reyk Floeter r...@openbsd.org writes: On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. You can even find examples, the following is from a university in Germany (http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de): This webpage shows something that looks like a FreeBSD configuration, only with s/Free/Open/. network={ ssid=eduroam key_mgmt=WPA-EAP eap=TTLS identity=tim-acco...@rwth-aachen.de anonymous_identity=tim-acco...@rwth-aachen.de password=PASSWORT-FÜR-TIM-ACCOUNT ca_cert=/etc/certs/eduroam-chain.pem phase2=auth=PAP } But, again, I haven't tested it myself. I don't think they have either. :) Reyk -- Jérémie Courrèges-Anglas GPG Key Fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 08:37:29PM +0100, Gregor Best wrote: Web interfaces can be automated... I use the following to log into the unsecured WIFI at UPB: curl -k -F buttonClicked=4 -F username=FOO -F password=PASS https://webauth/login.html; Great! Thanks! : ) Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Erling Westenvik wrote: On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? Last time I tried, it was like... - plug the usb cable - dhclient urndis0
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
wpa_supplicant is the implementation of an IEEE 802.1X supplicant. This port is for wired authentication only (Ethernet PAE) and does not support the wireless WPA/WPA2 functionality. Well, might be true for openbsd, but I assume it is not. On frebsd laptop I use it as prefered way to make connec- tion. network={ ssid=insert scan_ssid=1 proto=RSN pairwise=CCMP key_mgmt=WPA-PSK psk=insert } This differs from example I've seen on the thread, but works flawlessly. To use it I just run it with: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -B Best regards Zoran
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 10:47 AM, Dennis Davis d.h.da...@bath.ac.uk wrote: I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. ... Comments in the DESCR file for your port of wpa_supplicant state: wpa_supplicant is the implementation of an IEEE 802.1X supplicant. This port is for wired authentication only (Ethernet PAE) and does not support the wireless WPA/WPA2 functionality. Yes, I know, I once made the port based on Jussi's work. The problem was that OpenBSD didn't support WPA at this point, only WEP, so wpa_supplicant was only useful for Ethernet PAE. But we have WPA now and the wpa_supplicant port was also updated. If the current version doesn't support OpenBSD's WPA ioctls yet, it should be possible to add them to get WPA Enterprise to work. Reyk
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 04:12:09PM +0100, Jérémie Courrèges-Anglas wrote: Last time I tried, it was like... - plug the usb cable - dhclient urndis0 That worked too. Thanks! ; ) Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Erling Westenvik erling.westen...@gmail.com wrote: On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? IIRC: 1. Enable tethering on the phone 2. Connect phone 3. sudo dhclient urndis0 Done. :-) /Alexander
OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? Cheers, Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On 23 January 2013 18:41, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? Cheers, Erling Hi, Unfortunately there's no support for PEAP/MSCHAPv2 at the moment. -- Ville Valkonen
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Most universities offer an unencrypted wireless lan with forced VPN connections though. That's what I use here at UPB until maybe sometime in the future my beloved OpenBSD supports WPA2 enterprise. -- Gregor Best
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 06:55:45PM +0200, Ville Valkonen wrote: On 23 January 2013 18:41, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? Unfortunately there's no support for PEAP/MSCHAPv2 at the moment. Thanks. Then I'll just have to wait. In the meanwhile I can connect using the unsecured wifi network here. Just a hazzle having to log on through a web interface every time..
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 06:18:09PM +0100, Erling Westenvik wrote: [...] Thanks. Then I'll just have to wait. In the meanwhile I can connect using the unsecured wifi network here. Just a hazzle having to log on through a web interface every time.. [...] Web interfaces can be automated... I use the following to log into the unsecured WIFI at UPB: curl -k -F buttonClicked=4 -F username=FOO -F password=PASS https://webauth/login.html; -- Gregor Best
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On 01/23/13 18:18, Erling Westenvik wrote: On Wed, Jan 23, 2013 at 06:55:45PM +0200, Ville Valkonen wrote: On 23 January 2013 18:41, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? Unfortunately there's no support for PEAP/MSCHAPv2 at the moment. Thanks. Then I'll just have to wait. In the meanwhile I can connect using the unsecured wifi network here. Just a hazzle having to log on through a web interface every time.. When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. /Alexander