ebbe / iliwi Goto Github PK

Be able to connect to ad-hoc networks.

From mail correspondence:

On Mon, Apr 26, 2010 at 07:01:03PM +0100, Ben Thompson wrote:

On Mon, Apr 26, 2010 at 07:26:48PM +0200, Esben Damgaard wrote:

Ben Thompson skrev:

Hi

Does/will it support WPA-Enterprise?
Currently it does not, but it could be added. If you can show me the
output of 'iwlist scan' (from the Neo) near a wpa-enterprise network
and tell me what information is needed to log in, maybe I can make
it.

Hi

There are a few different ways to do it because although you can get
connected with just a username and password, there are also optional
parameters for wpa_supplicant which force it not just to connect but
also verify the identity of the network. I have my own ideas about
how this should work, but probably the most basic way would be to also
have an option to select a certificate from /etc/ssl/certs. Please let
me know if you want my input and I will give you all the help I can.

eth0 Scan completed :
Cell 01 - Address: 00:1A:1E:E2:44:C0
ESSID:"eduroam"
Mode:Master
Frequency:2.422 GHz (Channel 3)
Quality=51/94 Signal level=-44 dBm Noise
level=-95 dBm
Encryption key:on
Extra:bcn_int=100
Extra:wpa_ie=dd160050f20101000050f20201000050f20201000050f201

Hi

Further to my previous email, could I make the following suugestions
on how to implement WPA-Enterprise in a simple way :-

GUI Requirements :-

1. User scans for networks and selects an SSID shown as WPA-Enterprise.
2. Setup screen is shown with three mandatory fields
   a) Username - text entry from keyboard
   b) Password - text entry from keyboard
   c) Server Certificate - drop down list which selects .pem or .der files from ~/.wifi_certs/
   and /etc/ssl/certs/ and also includes a option labelled "Send my password to anyone (insecure!)"

WPA Supplicant config :-

If the user selects "Send my password to anyone (insecure!)",
wpa_supplicant config is as follows :-

  network={
    ssid=<selected SSID>
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP
    identity=<entered username>
password=<entered password>
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
  }

If the user selects a cert from /etc/ssl/certs wpa_supplicant config
is as follows :-

  network={
    ssid=<selected SSID>
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP TTLS
ca_cert="<path to user selected cert>"
    identity=<entered username>
    password=<entered password>
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
  }

I think this would work for 99% of the networks out there. If anyone
needs to use a self signed cert they can put it in ~/wifi_certs.
Other protocols such as TTLS or TLS could be added later as could
things like CN check if they are deemed necesarry.

Ben

There should be a toggle to define if the written password is in ascii or hex.

Be able to configure static ip with certain networks.

When signals (in GLib mainloop) change the gui, it is not refreshed instantly.

1. You wrote that you added the -R flag to udhcpc in April 2010, the version that comes with the new SHR unstable in October 2010 still has the commandline "/sbin/udhcpc -i eth0 -n" (no -R)
2. Is it possible to encode the wpa-psk with wpa_passphrase instead writing it as cleartext to ~/.config/iliwi/preferred_networks?
3. (a bigger one) Can you split iliwi into a small daemon and a user interface, where the latter could be unloaded and the connection remains established?

The latest wireless tools availabe in shr-core do not include "rsn_ie" or "wpa_ie" in their scan output. Therefore the reges line_regex_wpa_enc = new Regex("""^\s+Extra:(rsn|wpa)_ie="""); does not work anymore. Changing this to catch "IE: WPA" or something similar should fix this issue.

Here is what a iwlist scan looks like on my GTA04 running shr-core:

wlan0 Scan completed :
Cell 01 - Address: 00:24:FE:F5:81:79
Channel:1
Frequency:2.412 GHz (Channel 1)
Quality=38/70 Signal level=-72 dBm
Encryption key:on
ESSID:"FRITZ!Box Fon WLAN 7112"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=00000001e0f83c8c
Extra: Last beacon: 914ms ago
IE: Unknown: 0017465249545A21426F7820466F6E20574C414E2037313132
IE: Unknown: 010482848B96
IE: Unknown: 030101
IE: Unknown: 2A0107
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: 32080C1218243048606C
IE: WPA Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
IE: Unknown: DD0A0800280101000200FF0F
IE: Unknown: DD180050F2020101800003A4000027A4000042435E0062322F00

Looks like wpa_supplicant has some trouble connecting sometimes, and it helps closing the Iliwi and restarting it to work. Instead when it hangs on "connecting" it should restart wpa_supplicant.