Netwerk draadloos handleidinglinux

From Cncz
Revision as of 13:22, 18 November 2014 by Wim (talk | contribs) (SuSE 10.1 [en de][and the] KNetworkManager)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Wireless network settings for Linux

Notes from a student for

wpa_supplicant settings

For most linux distributions you can set up a wireless connection using wpa_supplicant. The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (sudo apt-get install wpasupplicant network-manager network-manager-gnome). I assume it also works for KDE, etc.

  1. In the task bar you will see an applet for the network on the right side.
  2. Click on the icon, then the available wireless networks will appear.
  3. Click on 'Science'. You will get a form. Fill in the following fields:

Wireless security: WPA-enterprise
EAP method: PEAP
Key-type: automatic
Identity: (Science username)
Password: (Science password)
CA certificate file: /etc/cacert.pem <- Modify this to the certificate bundle for your own system
  1. You can find the certificate bundle for your distribution here:
    • SUSE: /etc/cacert.pem
    • Ubuntu: /etc/ssl/certs/ca.pem (Also see: #Ubuntu Gutsy Gibbon)
    • Gentoo: /etc/ssl/certs/ca-certificates.crt

  1. Click "Login to network". Wait a moment and the connection will be established. If that doesn't work you can make a file wpa_supplicant.conf with the following content:

ctrl_interface=/var/run/wpa_supplicant
network={
  ssid="Science"
  proto=WPA
  key_mgmt=WPA-EAP
  eap=PEAP
  pairwise=TKIP
  identity="username"
  password="password"
  ca_cert="/etc/cacert.pem <- Modify this to the certificate bundle for your own system, see above
  phase2="auth=MSCHAPV2"
# priority=10
}

  1. Make sure to change 'username' and 'password' to your own username and password (keep the quotes). Move this file to the network script directory:

  • SUSE: /etc/sysconfig/network/wpa_supplicant.conf
  • Ubuntu: /etc/network/wpa_supplicant.conf
  • Gentoo: /etc/wpa_supplicant/wpa_supplicant.conf

Add the next line to your ifcfg file for your wireless interface. (Don't forget to modify the path for your own distribution).

WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'

Network Managersettings

If your distribution supports the new Network Manager, you can connect to the Science network with the following settings:

General settings

Connection name: RU Science
Connect Automatically: Mark/yes
System setting: Unmark/no

Wireless tab:

SSID: Science   // Note the capital S
Mode: Infrastructure
BSSID: <leave blank>
MAC adress: <leave blank>
MTU: automatic

Wireless Security tab:

Security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: <leave blank>
CA certificate: (none) // <leave blank>
PEAP version: Version 0
Inner authentication: MSCHAPv2
Username: <your-science-login>
Password: <your-science-password> // or leave blank to ask each time at connecting

IPv4 settings tab:

Method: Automatic (DHCP)
DHCP client ID: <leave blank>

Wireless@RU

Network manager also supports the Wireless@RU network. Use the same settings as for the 'Science' network, but change:

Connection name: Wireless@RU
SSID: ru-wlan // No capitals
Username: <Student/Employee number> // eg: s0123456 or u123456
Password: <RU-account password> // or leave blank to ask each time at connecting

Distributions specifics

Ubuntu 10.04 (Lucid Lynx)

This tutorial is for Ubuntu 10.04 (Lucid Lynx) but might also be applicable for other distributions using the NetworkManager. Click the networkmanager applet and select ru-wlan (or Science) to make the initial connection. Or, if you have already connected previously, right click the networkmanager applet, select Edit Connections, go to Wireless and select "Auto ru-wlan" or "Auto Science", then click Edit. In the pop-up window, go to Wireless Security and fill in the following:

Wireless Security
Security:				WPA & WPA2 Enterprise
Authentication:			Tunneled TLS
Anonymous identity:		        <leave empty>
CA certificate:			/etc/ssl/certs/AddTrust_External_Root.pem
Inner authentication:	                MSCHAPv2
Username:				Your student number or personnel number (for example: s0123456) (or your Science username)
Password:				Your RU account password (or your Science password)

After this the WLAN should connect automatically. If there are any difficulties, more information can usually be gathered using the command "tail -f /var/log/syslog"

Arch Linux

Create a netctl profile "eduroam" in "/etc/netctl", with the following content:

Description='Eduroam (RU, Nijmegen)'
Interface=wls3                                # check your interface name with `ip link`
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'pairwise=CCMP TKIP'
    'anonymous_identity=""'
    'identity=""'   # change this
    'password="YOUR_SECRET"'                  # change this
    'ca_path="/etc/ssl/certs/"'
    'ca_path2="/etc/ssl/certs/"'
    'phase2="auth=MSCHAPV2"'
)

You can start the profile with "netctl start eduroam". If you want, you can create a systemd service for it. See the archwiki: https://wiki.archlinux.org/index.php/Netctl#Automatic_operation

Ubuntu Gutsy Gibbon

Check that network-manager and wpasupplicant are installed. (If not: sudo apt-get install wpasupplicant network-manager network-manager-gnome

  1. When downloading a certificate, store it in /usr/share/ca-certificates/<subdir>/<pem-file>
  2. Then make a symlink in /etc/ssl/certs

cd /etc/ssl/certs/<subdir>
sudo ln -s /usr/share/ca-certificates/<subdir>/<pem-file>

  1. The /etc/ssl/certs directory also contains hashes of the pem files linked to (for quicker access). These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:

sudo c_rehash ./


To test if all is working correctly execute wpa_supplicant manually :

/sbin/wpa_supplicant -i<interface> -c<configfile>

for example:

/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf

This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems. When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate. First, check you have the following certificates:

AddTrust External CA Root
UTN-USERFirst-Hardware
TERENA SSL CA

You should already have the last two, the first one can be found here :

http://secure.globalsign.net/cacert/sureserverEDU.crt of
http://secure.globalsign.net/cacert/sureserverEDU.pem of
https://secure.globalsign.net/cacert/educational.crt
  1. Making a connection:
ifup eth1

or

root@localhost# ifconfig eth1 up

replace eth1 with the appropriate network interface.

  1. Debugging

When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:

  • Start Network manager in debug mode.
NetworkManager -DD
  • Look at the output of wpa_supplicant
wpa_supplicant -i<iface> -c<cfgfile>
  • Check the status of the network interfaces
nm-tool

* When the network applet in your gnome/kde tray dies, you can restart it with the command

nm-applet

SuSE 10.1 and the KNetworkManager

  1. Starting the KNetworkManager

If the KNetworkManager is not present as an Applet in the Panel it can be started by clicking "System -> Desktop Applet -> knetworkmanager (Networking Tool)" or by typing the command "knetworkmanager". If the "KNetworkManager" is not available install it with "System -> YaST (Control Center) - software management".

  1. Starting the wireless network

  1. Make sure the wireless switch on the laptop is ON.
  2. Click on KNetworkManager and choose the Wireless Network "Science".
  3. The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
  4. A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
  5. Enter your Science username as "Identity:" and your Science password.
  6. Click "Connect".

If something goes wrong, perhaps because of a typo in the password or the wrong selection of the encryption, one may not get the opportunity to correct it because the second time one clicks on the KNetworkManager the menu may not appear and the wrong settings are used again. There may be an elegant solution to this problem that I don't know about, but this work-around might be useful:


  1. Exit the KNetworkManager by clicking "Quit".
  2. Give the command: rm $HOME/.kde/share/config/knetworkmanagerrc
  3. Restart the KNetworkManager as described above, and try again.

Gentoo

Wpa Supplicant

The wpa_supplicant package:

emerge net-wireless/wpa_supplicant

Extra certificates from Debian:

emerge app-misc/ca-certificates

See also the Gentoo documentation:

Gentoo Linux Documentation -- Gentoo Network Configuration
Gentoo Linux Documentation -- Wireless Networking

RX Deauthenticated (reason=23)

When no link can be established, with "RX Deuauthenticated (reason=23)" in dmesg, without any obvious case (23 is a general error somewhere in the 802.1X authentication), it could be of an incompatibility (which is yet to be understood) with gnutls or OpenSSL. One might try to compile wpa_supplicant without the gnutls and ssl keywords.

NetworkManager, wpa_gui and wicd

For a more userfriendly experience one might use NetworkManager, wpa_gui or wicd. NetworkManager, wpa_gui and wicd are front-ends for wpa_supplicant. The Gnome NetworkManager package:

emerge net-misc/networkmanager

The wicd package:

emerge net-misc/wicd

wpa_gui is automatically installed by wpa_supplicant, and needs to be run as root to connect to wpa_supplicant.

NetworkManager homepage:

NetworkManager - Linux Networking made Easy

wicd homepage:

wicd - home

wpa_supplicant homepage:

Linux WPA/WPA2/IEEE 802.1X Supplicant