UvA FNWI UvA
ICT | Guides | Wireless LAN | [DEPRECTATED] WLAN using Linux manual


 
  1 visitors in
February 2012
 
  last update
13 - 11 - 2006
 
 

 

FNWI Wireless LAN voor Linux

The configuration of Linux is composed of two parts:

  1. Installation of the 802.1x software
  2. Configuring Xsupplicant

Installation of the 802.1x software

Download and install Xsupplicant from the following pages: http://sourceforge.net/projects/open1x/. 

# cd /usr/src
# tar xzf /tmp/xsupplicant-1.0pre2.tar.gz
# cd xsupplicant
# ./configure
[...]
# make install
[...]

Configuring Xsupplicant

Download the FNWI WLAN server certificate to the /etc/1x/certs directory. This certificate is signed by the FNWI Certification Authority and you may need the public key of this as well (This is the case if you see Unknown CA messages in your log files. You then should add this public key to your OpenSSL CA-certificate store [and probably run c_rehash afterwards]).

NOTE An earlier FNWI CA certificate expired in february 2005. The above certificate is a renewed version.

You can test this using the command: 

openssl verify -verbose -CAfile ./ca.crt ./fnwi-root.pem
or equivalent (this assumes that these files are in the current working directory ofcourse). If it works without CAfile, you are fine otherwise you'll need to perform the CA step.

Next, create a configuration file for Xsupplicant. Replace the strings YOURUSERNAME and YOURPASSWORD with your FNWI username and password. Save this file to /etc/1x/1x.conf and change the permissions to 600 using 

# chmod 600 /etc/1x/1x.conf


network_list = all
default_netname = fnwi

first_auth_command = <BEGIN_COMMAND>/sbin/dhclient %i<END_COMMAND>
reauth_command = <BEGIN_COMMAND>echo authenticated user %i<END_COMMAND>

fnwi {
        type = wireless
        allow_types = eap_ttls
        identity = <BEGIN_ID>YOURUSERNAME@science.uva.nl<END_ID>
        eap_ttls {
                random_file = /dev/urandom
                root_cert = /etc/1x/certs/fnwi-root.pem
                chunk_size = 1398
                phase2_type = pap
                pap {
                        username = <BEGIN_UNAME>YOURUSERNAME@science.uva.nl<END_UNAME>
                        password = <BEGIN_PASS>YOURPASSWORD<END_PASS>
                }
        }
}

Using Xsupplicant

Before starting xsupplicant, we need to bring up the interface (in this example eth1) and configure the correct SSID and encryption settings: 

# ifconfig eth1 up
# iwconfig eth1 essid fnwi key 0x1234567890

We can now start xsupplicant. It will display some debug messages and hopefully the output of the DHCP client. 

# xsupplicant -i eth1
Setup on device eth1 complete
Done with init.
Loading profile for fnwi from /etc/1x/1x.conf.
Sending EAPOL-Start #1
Connection Established, authenticating...
Authentication Succeeded
Internet Software Consortium DHCP Client V3.0pl1
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP

the found signature: 44 62 a3 88 e 57 45 40 af 61 59 52 64 57 1d 3
the real signature: 44 62 a3 88 e 57 45 40 af 61 59 52 64 57 1d 3
the iv: 75 23 2d 97 32 34 4c b8 4f 44 40 30 5a 2 12 c7
EAPOL Key processed: broadcast [1] (5 bytes)
Successfully set WEP key  [1]

the found signature: a9 19 cd ee 1f 2b 68 19 88 a3 28 ee d1 9f 3b a8
the real signature: a9 19 cd ee 1f 2b 68 19 88 a3 28 ee d1 9f 3b a8
the iv: 39 9f 2 4 5b ce 4 8f 23 ae 41 fa 56 6b 46 d7
EAPOL Key processed: unicast [4] (5 bytes)
Successfully set WEP key  [4]
Successfully set the WEP transmit key  [4]

Listening on LPF/eth1/00:02:2d:1d:69:bd
Sending on   LPF/eth1/00:02:2d:1d:69:bd
Sending on   Socket/fallback
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPACK from 146.50.27.2
bound to 146.50.27.250 -- renewal in 3392 seconds.

You can download version 1.0.1 in a (untested) precompiled redhat9 i686 compressed tar-archive here. Untar in your root- directory, it installs itself in /etc/1x and /usr/local/xsupplicant-1.01.