imported>Echarlie |
|
(2 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | As of January 2015, the preferred method of connecting to the Virginia Tech Wifi is through the Eduroam network. For more details see [[Virginia Tech Wifi]].
| + | #REDIRECT [[Virginia Tech Wifi]] |
− | | |
− | <font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.</font>
| |
− | | |
− | '''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]].
| |
− | | |
− | At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.<ref>https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/</ref> '''Use of MSCHAPv2 is strongly discouraged.'''
| |
− | | |
− | ==Set your remote access passphrase==
| |
− | Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to [https://my.vt.edu my.vt.edu]→Settings→Change Network Password.
| |
− | | |
− | ==Android==
| |
− | {{Version|2.2 (Froyo) of Android}}
| |
− | | |
− | * From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".
| |
− | * Remove any existing entries for {{{networks|the network you'd like to add or any conflicting network}}}.
| |
− | * From the "WiFi networks" listing, click on {{{network|the network you'd like to add}}}.
| |
− | * Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.
| |
− | * Enter your credentials for the identity and press "Connect".
| |
− | | |
− | ==NetworkManager==
| |
− | * In your wireless configuration program, select VT-Wireless.
| |
− | * Choose PEAP as the EAP type.
| |
− | * Choose MSCHAPv2 as the authentication method.
| |
− | * Use your {{{identity|PID}}} and remote passphrase as your login credentials.
| |
− | | |
− | ==wpa_supplicant==
| |
− | Add the following lines to /etc/wpa_supplicant.conf:
| |
− | network={
| |
− | ssid="VT-Wireless"
| |
− | proto=WPA2
| |
− | key_mgmt=WPA-EAP
| |
− | eap=PEAP
| |
− | phase2="auth=MSCHAPV2"
| |
− | identity="your {{{identity|PID}}}"
| |
− | password="your passphrase"
| |
− | ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem
| |
− | }
| |
− | | |
− | ==netctl==
| |
− | Tested on [[Arch Linux]] with netctl 0.8 (updated on 2013-04-12).
| |
− | | |
− | * Create a file, '''/etc/netctl/VT-Wireless''' and place this in it:
| |
− | Description="VT-Wireless PEAP-MSCHAPv2"
| |
− | Interface=wlan0
| |
− | Connection=wireless
| |
− | Security=wpa-configsection
| |
− |
| |
− | IP=dhcp
| |
− | IP6=stateless
| |
− |
| |
− | WPAConfigSection=(
| |
− | 'ssid="VT-Wireless"'
| |
− | 'proto=RSN'
| |
− | 'key_mgmt=WPA-EAP'
| |
− | 'eap=PEAP'
| |
− | 'phase2="auth=MSCHAPV2"'
| |
− | 'identity="YOUR IDENTITY"'
| |
− | 'password="NETWORK PASSWORD"
| |
− | 'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"'
| |
− | )
| |
− | | |
− | Make sure to change '''IDENTITY''' to your {{{identity|PID}}}, and '''NETWORK PASSWORD''' to your network password.
| |
− | | |
− | * After creating this file, make sure to change the owner to root (<code>sudo chown root:root /etc/netctl/VT-Wireless</code>) and change the permissions so that it can be read only by the owner (<code>sudo chmod 0600 /etc/netctl/VT-Wireless</code>). This will ensure that your private key password cannot be read by others easily.
| |
− | | |
− | * To connect, simply type the following in a terminal:
| |
− | sudo netctl start VT-Wireless
| |
− | | |
− | ==References==
| |
− | <references/>
| |
− | | |
− | [[Category:Howtos]]
| |