Difference between revisions of "Virginia Tech Wifi"
imported>Mutantmonkey |
imported>Mutantmonkey (Remove netcfg instructions, add ca_cert line to wpa_supplicant instructions) |
||
Line 1: | Line 1: | ||
− | <font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that allow all traffic to be decrypted with a 100% success rate.</font> | + | <font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.</font> |
'''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]]. | '''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]]. | ||
Line 33: | Line 33: | ||
identity="your {{{identity|PID}}}" | identity="your {{{identity|PID}}}" | ||
password="your passphrase" | password="your passphrase" | ||
+ | ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem | ||
} | } | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==netctl== | ==netctl== |
Revision as of 01:07, 17 August 2014
Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.
PEAP-MSCHAPv2 is a wireless authentication scheme used by Virginia Tech as an alternative to EAP-TLS for connections to VT-Wireless.
At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.[1] Use of MSCHAPv2 is strongly discouraged.
Contents
Set your remote access passphrase
Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to my.vt.edu→Settings→Change Network Password.
Android
The following instructions were written for 2.2 (Froyo) of Android and may not work on other platforms or versions. If you would like to see additional coverage, please add it yourself or make a request on the wiki's wanted page.
- From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".
- Remove any existing entries for the network you'd like to add or any conflicting network.
- From the "WiFi networks" listing, click on the network you'd like to add.
- Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.
- Enter your credentials for the identity and press "Connect".
NetworkManager
- In your wireless configuration program, select VT-Wireless.
- Choose PEAP as the EAP type.
- Choose MSCHAPv2 as the authentication method.
- Use your PID and remote passphrase as your login credentials.
wpa_supplicant
Add the following lines to /etc/wpa_supplicant.conf:
network={ ssid="VT-Wireless" proto=WPA2 key_mgmt=WPA-EAP eap=PEAP phase2="auth=MSCHAPV2" identity="your PID" password="your passphrase" ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem }
netctl
Tested on Arch Linux with netctl 0.8 (updated on 2013-04-12).
- Create a file, /etc/netctl/VT-Wireless and place this in it:
Description="VT-Wireless PEAP-MSCHAPv2" Interface=wlan0 Connection=wireless Security=wpa-configsection IP=dhcp IP6=stateless WPAConfigSection=( 'ssid="VT-Wireless"' 'proto=RSN' 'key_mgmt=WPA-EAP' 'eap=PEAP' 'phase2="auth=MSCHAPV2"' 'identity="YOUR IDENTITY"' 'password="NETWORK PASSWORD" 'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"' )
Make sure to change IDENTITY to your PID, and NETWORK PASSWORD to your network password.
- After creating this file, make sure to change the owner to root (
sudo chown root:root /etc/netctl/VT-Wireless
) and change the permissions so that it can be read only by the owner (sudo chmod 0600 /etc/netctl/VT-Wireless
). This will ensure that your private key password cannot be read by others easily.
- To connect, simply type the following in a terminal:
sudo netctl start VT-Wireless