Difference between revisions of "Netwerk draadloos handleidinglinux"

From Cncz
Jump to: navigation, search
m (Ubuntu 10.04 (Lucid Lynx))
Line 2: Line 2:
= [Draadloze netwerkinstellingen voor Linux][Wireless network settings for Linux] =
= [Draadloze netwerkinstellingen voor Linux][Wireless network settings for Linux] =
== [Algemeen][General] ==
'''Certificaat''':Tot begin 2007 moest eerst het C&CZ root-certificaat geimporteerd worden. Dit hoeft nu niet meer, omdat C&CZ via SURFnet een GlobalSign certificaat gekocht heeft dat standaard vertrouwd wordt (met Certificate Authority "GTE CyberTrust Global Root").
'''Certificate''': Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought through SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
== [wpa_supplicant instellingen][wpa_supplicant settings] ==
== [wpa_supplicant instellingen][wpa_supplicant settings] ==
Line 181: Line 173:
  AddTrust External CA Root
De eerste twee zou je al moeten hebben, de derde kan eventueel ontbreken. Deze is te downloaden op een van de volgende plaatsen
De laatste twee zou je al moeten hebben, de eerste kan eventueel ontbreken. Deze is te downloaden op een van de volgende plaatsen
You should already have the first two, the last one can be found here
You should already have the last two, the first one can be found here
  http://secure.globalsign.net/cacert/sureserverEDU.crt of
  http://secure.globalsign.net/cacert/sureserverEDU.crt of

Revision as of 17:27, 15 September 2010

Wireless network settings for Linux

wpa_supplicant settings

For most linux distributions you can set up a wireless connection using wpa_supplicant. The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (sudo apt-get install wpasupplicant network-manager network-manager-gnome). I assume it also works for KDE, etc.

  1. In the task bar you will see an applet for the network on the right side.
  2. Click on the icon, then the available wireless networks will appear.
  3. Click on 'Science'. You will get a form. Fill in the following fields:

Wireless security: WPA-enterprise
EAP method: PEAP
Key-type: automatic
Identity: (FNWI username)
Password: (FNWI password)
CA certificate file: /etc/cacert.pem <- Modify this to the certificate bundle for your own system
  1. You can find the certificate bundle for your distribution here:
    • SUSE: /etc/cacert.pem
    • Ubuntu: /etc/ssl/certs/ca.pem (Also see: #Ubuntu Gutsy Gibbon)
    • Gentoo: /etc/ssl/certs/ca-certificates.crt

  1. Click "Login to network". Wait a moment and the connection will be established. If that doesn't work you can make a file wpa_supplicant.conf with the following content:

  ca_cert="/etc/cacert.pem <- Modify this to the certificate bundle for your own system, see above
# priority=10

  1. Make sure to change 'username' and 'password' to your own username and password (keep the quotes). Move this file to the network script directory:

  • SUSE: /etc/sysconfig/network/wpa_supplicant.conf
  • Ubuntu: /etc/network/wpa_supplicant.conf
  • Gentoo: /etc/wpa_supplicant/wpa_supplicant.conf

Add the next line to your ifcfg file for your wireless interface. (Don't forget to modify the path for your own distribution).


Network Managersettings

If your distribution supports the new Network Manager, you can connect to the Science network with the following settings:

General settings

Connection name: RU Science
Connect Automatically: Mark/yes
System setting: Unmark/no

Wireless tab:

SSID: Science   // Note the capital S
Mode: Infrastructure
BSSID: <leave blank>
MAC adress: <leave blank>
MTU: automatic

Wireless Security tab:

Security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: <leave blank>
CA certificate: (none) // <leave blank>
PEAP version: Version 0
Inner authentication: MSCHAPv2
Username: <your-fnwi-login>
Password: <your-fnwi-password> // or leave blank to ask each time at connecting

IPv4 settings tab:

Method: Automatic (DHCP)
DHCP client ID: <leave blank>


Connection name: Wireless@RU
SSID: ru-wlan // No capitals
Username: <Student/Employee number> // eg: s0123456 or u0123456
Password: <RU-account password> // or leave blank to ask each time at connecting

Distributions specifics

Ubuntu 10.04 (Lucid Lynx)

This tutorial is for Ubuntu 10.04 (Lucid Lynx) but might also be applicable for other distributions using the NetworkManager. Click the networkmanager applet and select ru-wlan (or Science) to make the initial connection. Or, if you have already connected previously, right click the networkmanager applet, select Edit Connections, go to Wireless and select "Auto ru-wlan" or "Auto Science", then click Edit. In the pop-up window, go to Wireless Security and fill in the following:

Wireless Security
Security:				WPA & WPA2 Enterprise
Authentication:			Tunneled TLS
Anonymous identity:		        <leave empty>
CA certificate:			/etc/ssl/certs/AddTrust_External_Root.pem
Inner authentication:	                MSCHAPv2
Username:				Your student number or personnel number (for example: s0123456) (or your Science username)
Password:				Your RU account password (or your Science password)

After this the WLAN should connect automatically. If there are any difficulties, more information can usually be gathered using the command "tail -f /var/log/syslog"

Ubuntu Gutsy Gibbon

Check that network-manager and wpasupplicant are installed. (If not: sudo apt-get install wpasupplicant network-manager network-manager-gnome

  1. When downloading a certificate, store it in /usr/share/ca-certificates/<subdir>/<pem-file>
  2. Then make a symlink in /etc/ssl/certs

cd /etc/ssl/certs/<subdir>
sudo ln -s /usr/share/ca-certificates/<subdir>/<pem-file>

  1. The /etc/ssl/certs directory also contains hashes of the pem files linked to (for quicker access). These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:

sudo c_rehash ./

To test if all is working correctly execute wpa_supplicant manually :

/sbin/wpa_supplicant -i<interface> -c<configfile>

for example:

/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf

This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems. When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate. First, check you have the following certificates:

AddTrust External CA Root

You should already have the last two, the first one can be found here :

http://secure.globalsign.net/cacert/sureserverEDU.crt of
http://secure.globalsign.net/cacert/sureserverEDU.pem of
  1. Making a connection:
ifup eth1


root@localhost# ifconfig eth1 up

replace eth1 with the appropriate network interface.

  1. Debugging

When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:

  • Start Network manager in debug mode.
NetworkManager -DD
  • Look at the output of wpa_supplicant
wpa_supplicant -i<iface> -c<cfgfile>
  • Check the status of the network interfaces

* When the network applet in your gnome/kde tray dies, you can restart it with the command


SuSE 10.1 and the KNetworkManager

  1. Starting the KNetworkManager

If the KNetworkManager is not present as an Applet in the Panel it can be started by clicking "System -> Desktop Applet -> knetworkmanager (Networking Tool)" or by typing the command "knetworkmanager". If the "KNetworkManager" is not available install it with "System -> YaST (Control Center) - software management".

  1. Starting the wireless network

  1. Make sure the wireless switch on the laptop is ON.
  2. Click on KNetworkManager and choose the Wireless Network "Science".
  3. The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
  4. A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
  5. Enter your FNWI username as "Identity:" and your Science/FNWI password.
  6. Click "Connect".

If something goes wrong, perhaps because of a typo in the password or the wrong selection of the encryption, one may not get the opportunity to correct it because the second time one clicks on the KNetworkManager the menu may not appear and the wrong settings are used again. There may be an elegant solution to this problem that I don't know about, but this work-around might be useful:

  1. Exit the KNetworkManager by clicking "Quit".
  2. Give the command: rm $HOME/.kde/share/config/knetworkmanagerrc
  3. Restart the KNetworkManager as described above, and try again.


Wpa Supplicant

The wpa_supplicant package:

emerge net-wireless/wpa_supplicant

Extra certificates from Debian:

emerge app-misc/ca-certificates

See also the Gentoo documentation:

Gentoo Linux Documentation -- Gentoo Network Configuration
Gentoo Linux Documentation -- Wireless Networking

RX Deauthenticated (reason=23)

When no link can be established, with "RX Deuauthenticated (reason=23)" in dmesg, without any obvious case (23 is a general error somewhere in the 802.1X authentication), it could be of an incompatibility (which is yet to be understood) with gnutls or OpenSSL. One might try to compile wpa_supplicant without the gnutls and ssl keywords.

NetworkManager, wpa_gui and wicd

For a more userfriendly experience one might use NetworkManager, wpa_gui or wicd. NetworkManager, wpa_gui and wicd are front-ends for wpa_supplicant. The Gnome NetworkManager package:

emerge net-misc/networkmanager

The wicd package:

emerge net-misc/wicd

wpa_gui is automatically installed by wpa_supplicant, and needs to be run as root to connect to wpa_supplicant.

NetworkManager homepage:

NetworkManager - Linux Networking made Easy

wicd homepage:

wicd - home

wpa_supplicant homepage:

Linux WPA/WPA2/IEEE 802.1X Supplicant