en:verejne:sit:wi-fi:linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
en:verejne:sit:wi-fi:linux [07.09.2019 21:26] – removed Pavel Valachen:verejne:sit:wi-fi:linux [25.09.2021 16:33] – [Ubuntu, NetworkManager] Pavel Valach
Line 1: Line 1:
 +====== Set up Wi-Fi on Linux – Ubuntu, NetworkManager, wpa_supplicant ======
  
 +===== Ubuntu, NetworkManager =====
 +
 +When using a GUI, it is likely that you use NetworkManager for network configuration.
 +
 +<note important>
 +**It is important to set up RADIUS server identity verification, as it will give you protection against rogue Wi-Fi access points and protect your password as well.** That is why you should take the time to set your Wi-Fi connection properly. You will find verified walkthrough below.
 +</note>
 +
 +  - Run command ''nm-connection-editor'' (Advanced Network Configuration).
 +  - Expand the **Wi-Fi** category and look if you already have an existing Sincoolka profile - it might be a good idea to remove it with a **-** button (minus sign) if it does not work. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step1.png?nolink|}}
 +  - Then, click the **+** button (plus sign) in the bottom toolbar.
 +  - In the **Choose a Connection Type** window, pick **Wi-Fi** from the list. Then click the **Create...** button \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step2.png?nolink|}}
 +  - A window for describing network configuration will open.
 +     * Fill out the name of the profile (can be anything, e.g. Sincoolka).
 +     * Switch to the **Wi-Fi** tab and fill out these - **SSID**: ''Sincoolka'' or ''Sincoolka 5G''. From the **Devices** list, choose your Wi-Fi adapter. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-wifi.png?nolink|}}
 +     * Switch to the **Wi-Fi Security** tab and set up the following:
 +       * **Security**: WPA2-Enterprise
 +       * **Authentication**: Tunneled TLS
 +       * **Anonymous identity**: ''anonymous@sin.cvut.cz''
 +       * **Domain**: ''radius.sin.cvut.cz''
 +       * **CA certificate**: either browse to ''/etc/ssl/certs/Comodo_AAA_Services_root.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
 +       * **Inner authentication**: PAP
 +       * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]])
 +       * **Password**: the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}
 +     * Confirm your settings by pushing the **Save** button.
 +
 +<note important>The picture has the certificate wrong! It's for illustration purposes only.</note>
 +
 +Now, your connection should be all set for secure Wi-Fi browsing.
 +
 +===== wpa_supplicant =====
 +
 +WPA Supplicant is an utility which enables WPA security support for Wi-Fi in Linux. NetworkManager uses wpa_supplicant internally.
 +
 +In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below. 
 +
 +Please [[en:verejne:sit:cert|download the proper **CA certificate** first]] and save it. You will enter the path to this file in the wpa_supplicant configuration profile.
 +
 +<file wpa_supplicant wpa_supplicant.conf>
 +network={
 +    ssid="Sincoolka"  # or Sincoolka 5G
 +    scan_ssid=1
 +    key_mgmt=WPA-EAP
 +    eap=TTLS
 +    # path to the downloaded CA certificate
 +    ca_cert="/etc/cert/sin-wifi-ca.pem"
 +    domain_match="radius.sin.cvut.cz"
 +    phase2="auth=PAP"
 +    pairwise=CCMP
 +    group=CCMP
 +    
 +    # Your credentials
 +    identity="jiri.novak@sin.cvut.cz"
 +    anonymous_identity="anonymous@sin.cvut.cz"
 +    password="YourStr0ngPa$$word"
 +}
 +</file>
 +
 +===== iwd =====
 +
 +//Contributed by our member Artem Poliakov (poliaart <at> fit.cvut.cz)! Thanks!//
 +
 +[[https://iwd.wiki.kernel.org/|iwd]] is a wireless daemon for Linux which aims to utilize features provided by the Linux Kernel to the maximum extent
 +possible. It can work in standalone mode or in combination with comprehensive network managers.
 +
 +If you want to connect to Wi-Fi using iwd, you need to place file called ''Sincoolka.8021x'' or ''Sincoolka 5G.8021x''
 +(depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
 +
 +Please [[en:verejne:sit:cert|download the proper CA certificate first]] and save it. You will enter the path to this file in the iwd configuration profile.
 +
 +<file iwd Sincoolka 5G.8021x>
 +[Security]
 +EAP-Method=TTLS
 +EAP-Identity=anonymous@sin.cvut.cz
 +EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
 +EAP-TTLS-CACert=/etc/cert/downloaded-ca-certificate.pem
 +EAP-TTLS-Phase2-Method=Tunneled-PAP
 +EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
 +EAP-TTLS-Phase2-Password=YourStr0ngPa$$word
 +
 +[Settings]
 +AutoConnect=true
 +</file>
  • en/verejne/sit/wi-fi/linux.txt
  • Last modified: 30.09.2023 11:39
  • by Pavel Valach