imported>Ram |
|
| (4 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| − | <font color="red">Warning: Use of PEAP-MSCHAPv2 to connect to the Virginia Tech network is strongly discouraged by the Linux and Unix Users Group due to attacks that can allow all traffic to be decrypted with a 100% success rate.</font>
| + | #REDIRECT [[Virginia Tech Wifi]] |
| − | | |
| − | '''PEAP-MSCHAPv2''' is a wireless authentication scheme used by Virginia Tech as an alternative to [[EAP-TLS]] for connections to [[VT-Wireless]].
| |
| − | | |
| − | At DefCon 20 in July 2012, an attack was announced for MSCHAPv2 that allows the protocol to be cracked quickly with a 100% success rate.<ref>[https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/]</ref> '''Use of MSCHAPv2 is strongly discouraged.'''
| |
| − | | |
| − | ==Set your remote access passphrase==
| |
| − | Regardless of what software you use to establish your connection, you must first set your remote passphrase by going to [https://my.vt.edu my.vt.edu]→Settings→Change Network Password.
| |
| − | | |
| − | ==Android==
| |
| − | {{Version|2.2 (Froyo) of Android}}
| |
| − | | |
| − | * From the home screen, press the menu button and choose "Settings"→"Wireless & networks"→"Wi-Fi settings".
| |
| − | * Remove any existing entries for {{{networks|the network you'd like to add or any conflicting network}}}.
| |
| − | * From the "WiFi networks" listing, click on {{{network|the network you'd like to add}}}.
| |
| − | * Choose PEAP as the EAP method and MSCHAPv2 as the phase two authentication mechanism.
| |
| − | * Enter your credentials for the identity and press "Connect".
| |
| − | | |
| − | ==NetworkManager==
| |
| − | * In your wireless configuration program, select VT-Wireless.
| |
| − | * Choose PEAP as the EAP type.
| |
| − | * Choose MSCHAPv2 as the authentication method.
| |
| − | * Use your {{{identity|PID}}} and remote passphrase as your login credentials.
| |
| − | | |
| − | ==wpa_supplicant==
| |
| − | Add the following lines to /etc/wpa_supplicant.conf:
| |
| − | network={
| |
| − | ssid="VT-Wireless"
| |
| − | proto=WPA2
| |
| − | key_mgmt=WPA-EAP
| |
| − | eap=PEAP
| |
| − | phase2="auth=MSCHAPV2"
| |
| − | identity="your {{{identity|PID}}}"
| |
| − | password="your passphrase"
| |
| − | ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem
| |
| − | }
| |
| − | | |
| − | ==netctl==
| |
| − | Tested on [[Arch Linux]] with netctl 0.8 (updated on 2013-04-12).
| |
| − | | |
| − | * Create a file, '''/etc/netctl/VT-Wireless''' and place this in it:
| |
| − | Description="VT-Wireless PEAP-MSCHAPv2"
| |
| − | Interface=wlan0
| |
| − | Connection=wireless
| |
| − | Security=wpa-configsection
| |
| − |
| |
| − | IP=dhcp
| |
| − | IP6=stateless
| |
| − |
| |
| − | WPAConfigSection=(
| |
| − | 'ssid="VT-Wireless"'
| |
| − | 'proto=RSN'
| |
| − | 'key_mgmt=WPA-EAP'
| |
| − | 'eap=PEAP'
| |
| − | 'phase2="auth=MSCHAPV2"'
| |
| − | 'identity="YOUR IDENTITY"'
| |
| − | 'password="NETWORK PASSWORD"
| |
| − | 'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"'
| |
| − | )
| |
| − | | |
| − | Make sure to change '''IDENTITY''' to your {{{identity|PID}}}, and '''NETWORK PASSWORD''' to your network password.
| |
| − | | |
| − | * After creating this file, make sure to change the owner to root (<code>sudo chown root:root /etc/netctl/VT-Wireless</code>) and change the permissions so that it can be read only by the owner (<code>sudo chmod 0600 /etc/netctl/VT-Wireless</code>). This will ensure that your private key password cannot be read by others easily.
| |
| − | | |
| − | * To connect, simply type the following in a terminal:
| |
| − | sudo netctl start VT-Wireless
| |
| − | | |
| − | ==References==
| |
| − | <references/>
| |
| − | | |
| − | [[Category:Howtos]]
| |
