Open main menu

Linux and Unix Users Group at Virginia Teck Wiki β

Changes

Virginia Tech Wifi (OLD)

2,264 bytes removed, 21:41, 16 November 2009
VT_WLAN
administrative spaces across the Blacksburg campus. This wireless
network is composed of unencrypted IEEE 802.11g access nodes. To limit
access to faculty and staff, VT Communications Network Services uses anauthentication technology a Cisco captive portal. They switched from Bluesocketduring the summer of 2009. You have to register for [http://www.cns.vt.edu/html/wireless/wlan/registration.html Customer OnLine Access (COLA)] or in person at the Student Telecommunications Office to enable your account.
==Authentication==
The Bluesocket authentication technology captive portal system will automatically redirectyou to the login page (or hijack the URL you are trying first try to visit insome cases . Due to the nature of [[cache related?w:SSL|SSL]], leading https connections cannot be directed to SSL certificate problems)the login page and will time out.Simply type Type in your PID and password to be granted access.
==Logging in from the Command Line==
You can use CURL to log in from the command line or automate the process.  <pre>curl -d which_form=reg -d _FORM_SUBMIT=1 -d bs_name=YOUR_PID -d bs_password=YOUR_PASSWORD \-d source=`/sbin/ifconfig eth1 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` \https://`/sbin/route | grep -Eo '(bur|cas|hil|isb|owe|sha)-agw-[123]'`.cns.vt.edu/login.pl</pre>Here is a modified version of the above script so you do not have tostore your user name and password. Save it to a file.. 'chmod +xthe_file' then run it like so './the_file USER PASS' Note: By doingthis the command you use (with your username and pass) will be storedin ~/.bash_history. You might wish to delete that file (or edit itany). <pre>#!/bin/bashcurl web-d which_form=reg -d _FORM_SUBMIT=1 -d bs_name=$1 -d bs_password=$2 \-d source=`/sbin/ifconfig eth1 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` \https://`/sbin/route | grep -Eo '(bur|cas|hil|isb|owe|sha)-agw-[123]'`based process.cns.vt.edu/login.pl</pre><br />Depending on the characters in your password, you may need toquote it to prevent expansion, i.e. bs_password='MY!$?*PASSWORD'.ifconfig and route are located in /sbin and therefore generally not inVTLUUG members previously provided scripts for the $PATH of a normal user. You should be able to run them as such,however. ==VT_WLAN Auto Login==Although now antiquatedBluesocket authentication, the following entry put in/etc/conf.d/wireless on a Gentoo machine using Wireless Tools wouldinsecurely but automatically sign in due to VT_WLAN. <pre>postup() { if [[ ${IFACE} = "wlan0" ]]; then ROUTER="$(/sbin/route | grep -Eo '(bur|cas|hil|isb|owe|sha)-agw-[123]')"  if [[&nbsp;! "x${ROUTER}" = "x" ]]&nbsp;; then IP="$(/sbin/ifconfig eth1 | grep 'inet addr:' | cut -d: -f2 \ | awk '{ print $1}')"  curl -k -f -s -d which_form=reg -d _FORM_SUBMIT=1 \ -d bs_name=PID \ -d bs_password=PASSWORD \ -d source=${IP} \ https://${ROUTER}.cns.vt.edu/login.pl return $? fi fi return 0}</pre>PID and PASSWORD should of course be your PID and password. Thissetup is only really suitable for a single user machine like a laptop.To very slightly improve security you should <tt>chmod a-r /etc/conf.d/wireless</tt>. This script does not authenticate the access point and would send your password to rogue access points. Using [#improvements that VT-Wireless VT-Wireless]rather than this brings, noone has bothered to write a new script to automate login is highly recommended. If youinsist on ugly hacks then you could perhaps look into using for the [http://www.vtluug.org/wiki/index.php?title=VT_VPN VPN] on top of VT_WLANCisco captive portal.
==Some Technical Details==
The access points force SSL and are all signed by the Thawte Premium Server CA. The routers are named:
* bur-agw-2.cns.vt.edu
* bur-agw-3.cns.vt.edu
* cas-agw-?.cns.vt.edu
* hil-agw-?.cns.vt.edu
* isb-agw-?.cns.vt.edu
* owe-agw-1.cns.vt.edu
* sha-agw-1.cns.vt.edu
<ul><li> bur-agw-2.cns.vt.edu</li><li> bur-agw-3.cns.vt.edu</li><li> cas-agw-?.cns.vt.edu</li><li> hil-agw-?.cns.vt.edu</li><li> isb-agw-?.cns.vt.edu</li><li> owe-agw-1.cns.vt.edu</li><li> sha-agw-1.cns.vt.edu</li></ul>Some other details:* Generally, in order to minimize congestion, connectivity is spread across multiple channels. Channel 11 seems to be the busiest.* No MAC-based authentication is performed.* DHCP is independent of of the Bluesocket captive portal authentication and occurs first.* You can ping without logging in. [Is this really/always true?]* All wireless networks (including the .1x networks) on campus nowuse [[rfc:1918|RFC-1918 ]] addresses from the 172.31.0.0/16 network. These aretranslated with NAT into 198.82.x.x addresses for access outside thewireless network.* All of the .1x wireless networks support IPv6. Some of the VT_WLAN networks support IPv6.[Is IPv6 now deployed everywhere?]* You can access certain [all?] VT sites like [http://www.cns.vt.edu/ CNS] without having to authenticate.
=Network Information Sources=
Anonymous user