Open main menu

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Virginia Tech Wifi (OLD)

935 bytes added, 07:41, 4 April 2011
Rework intro, move PEAP-MSCHAPv2 stuff to its own page, mark EAP-TLS section as archived
Since the fall of 2008, there have been two wireless networks on campus. One network, called '''VT-Wireless''', encrypts all traffic and is secured with EAP-TLS or PEAP-MSCHAPv2. The other network, [[VT_WLAN]], is an unencrypted, captive portal wireless network. While connections to VT-Wireless are secure by default, and require no user authentication once set up, the EAP-TLS setup has a number of steps. In contrast, setup for VT_WLAN network is negligible, but you will be required to manually authenticate each time you connect (although this can be scripted), and your traffic will be readable to everyone.
 
== Select a connection method ==
{| border="1"
|}
=The best option is [[EAP-TLS]], which provides strong, two-way authentication to ensure that neither you or the authentication server can be impersonated. Unfortunately, setting up EAP-TLS can be someonewhat involved because it requires a certificate to be installed on the device. If this is a problem, you should try [[PEAP-MSCHAPv2=]] as it still provides somewhat strong authentication and allows connection to the encrypted VT-Wireless network. * Set [[VT_WLAN]] is an unsecure captive portal wireless network. It requires no set up at all, but you must log in with your remote passphrase PID and password every time you connect. Since it is not secure, it is simple for any and all unencrypted traffic on the network to be sniffed by going anyone within range and is also vulnerable to [https://mydeauthentication attacks.vtIts use is strongly discourage.edu my {| width="60%" style="margin:12px auto"| style="font-size:1.vt5em;text-align:center" | [[EAP-TLS]]| style="font-size:1.edu5em;text-align:center" | [[PEAP-MSCHAPv2]]|-| valign='top' | EAP->SettingsTLS provides the strongest authentication available but is not supported on all devices and requires a somewhat involved one->Remote Passphrasetime setup.* In your wireless configuration programFor instructions, select VTplease refer to the [[EAP-WirelessTLS]] article.* Choose | valign='top' | PEAP as -MSCHAPv2 is supported by many devices and provides strong authentication. For setup instructions, please see the EAP type[[PEAP-MSCHAPv2]] article.* Choose MSCHAPv2 as the authentication method.|}* Use your PID and remote passphrase as your login credentials.
Add the following lines to /etc/wpa_supplicant.conf
network={
ssid="VT-Wireless"
proto=WPA2
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="your PID"
password="your passphrase"
priority=10
}
=Historical EAP-TLSConfiguration=''Note: This section of this article is being rewrittenhas been archived and may be out of date; please see the [[EAP-TLS|EAP-TLS page]] for updated instructions . It is preserved here at least for Network Manager and wpa_supplicanttime being for those connecting using older versions of NetworkManager or using Wicd.''
The setup for EAP-TLS involves downloading a passworded personal certificate and making sure a copy of the certificate authority's signing certificate is on your computer. Some network managers, such as NetworkManager, require an extra step of converting the personal certificate to a different format.
Anonymous user