Changes
Import the Pre-Eduroam PEAP-MSCHAP page
<font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.</font>
'''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]].
At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.<ref>[https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/]</ref> '''Use of MSCHAPv2 is strongly discouraged.'''
==Set your remote access passphrase==
Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to [https://my.vt.edu my.vt.edu]→Settings→Change Network Password.
==Android==
{{Version|2.2 (Froyo) of Android}}
* From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".
* Remove any existing entries for {{{networks|the network you'd like to add or any conflicting network}}}.
* From the "WiFi networks" listing, click on {{{network|the network you'd like to add}}}.
* Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.
* Enter your credentials for the identity and press "Connect".
==NetworkManager==
* In your wireless configuration program, select VT-Wireless.
* Choose PEAP as the EAP type.
* Choose MSCHAPv2 as the authentication method.
* Use your {{{identity|PID}}} and remote passphrase as your login credentials.
==wpa_supplicant==
Add the following lines to /etc/wpa_supplicant.conf:
network={
ssid="VT-Wireless"
proto=WPA2
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="your {{{identity|PID}}}"
password="your passphrase"
ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem
}
==netctl==
Tested on [[Arch Linux]] with netctl 0.8 (updated on 2013-04-12).
* Create a file, '''/etc/netctl/VT-Wireless''' and place this in it:
Description="VT-Wireless PEAP-MSCHAPv2"
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
IP6=stateless
WPAConfigSection=(
'ssid="VT-Wireless"'
'proto=RSN'
'key_mgmt=WPA-EAP'
'eap=PEAP'
'phase2="auth=MSCHAPV2"'
'identity="YOUR IDENTITY"'
'password="NETWORK PASSWORD"
'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"'
)
Make sure to change '''IDENTITY''' to your {{{identity|PID}}}, and '''NETWORK PASSWORD''' to your network password.
* After creating this file, make sure to change the owner to root (<code>sudo chown root:root /etc/netctl/VT-Wireless</code>) and change the permissions so that it can be read only by the owner (<code>sudo chmod 0600 /etc/netctl/VT-Wireless</code>). This will ensure that your private key password cannot be read by others easily.
* To connect, simply type the following in a terminal:
sudo netctl start VT-Wireless
==References==
<references/>
[[Category:Howtos]]
'''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]].
At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.<ref>[https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/]</ref> '''Use of MSCHAPv2 is strongly discouraged.'''
==Set your remote access passphrase==
Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to [https://my.vt.edu my.vt.edu]→Settings→Change Network Password.
==Android==
{{Version|2.2 (Froyo) of Android}}
* From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".
* Remove any existing entries for {{{networks|the network you'd like to add or any conflicting network}}}.
* From the "WiFi networks" listing, click on {{{network|the network you'd like to add}}}.
* Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.
* Enter your credentials for the identity and press "Connect".
==NetworkManager==
* In your wireless configuration program, select VT-Wireless.
* Choose PEAP as the EAP type.
* Choose MSCHAPv2 as the authentication method.
* Use your {{{identity|PID}}} and remote passphrase as your login credentials.
==wpa_supplicant==
Add the following lines to /etc/wpa_supplicant.conf:
network={
ssid="VT-Wireless"
proto=WPA2
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="your {{{identity|PID}}}"
password="your passphrase"
ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem
}
==netctl==
Tested on [[Arch Linux]] with netctl 0.8 (updated on 2013-04-12).
* Create a file, '''/etc/netctl/VT-Wireless''' and place this in it:
Description="VT-Wireless PEAP-MSCHAPv2"
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
IP6=stateless
WPAConfigSection=(
'ssid="VT-Wireless"'
'proto=RSN'
'key_mgmt=WPA-EAP'
'eap=PEAP'
'phase2="auth=MSCHAPV2"'
'identity="YOUR IDENTITY"'
'password="NETWORK PASSWORD"
'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"'
)
Make sure to change '''IDENTITY''' to your {{{identity|PID}}}, and '''NETWORK PASSWORD''' to your network password.
* After creating this file, make sure to change the owner to root (<code>sudo chown root:root /etc/netctl/VT-Wireless</code>) and change the permissions so that it can be read only by the owner (<code>sudo chmod 0600 /etc/netctl/VT-Wireless</code>). This will ensure that your private key password cannot be read by others easily.
* To connect, simply type the following in a terminal:
sudo netctl start VT-Wireless
==References==
<references/>
[[Category:Howtos]]
