Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
A big thank you to the gentoo OpenRC networking team
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  

What networking client do YOU use on your notebook?
wicd
29%
 29%  [ 16 ]
NetworkManager
32%
 32%  [ 18 ]
OpenRC + wpa_supplicant
38%
 38%  [ 21 ]
wifi-radar
0%
 0%  [ 0 ]
Total Votes : 55

Author Message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 4078

PostPosted: Tue Apr 23, 2013 6:55 pm    Post subject: Reply with quote

This is just to report that I finally got eduroam working with wpa_supplicant, although I would have had no idea what to fill for things like phase1=... and phase2=... if I would not have found instructions for dummies on the university's net. Moreover, to my surprise I had to start dhcpcd although I would have expected that something like dhcp is already part of the connection protocol.
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Tue Apr 23, 2013 7:31 pm    Post subject: Reply with quote

mv, wpa_supplicant is responsible for authentication, dhcpcd for acquiring the IP. If you start wpa_supplicant via net.wlan0, it will dhcpcd automatically (if you don't provide some other configuration for that interface).
Back to top
View user's profile Send private message
khayyam
Advocate
Advocate


Joined: 07 Jun 2012
Posts: 2244

PostPosted: Tue Apr 23, 2013 8:11 pm    Post subject: Reply with quote

mv wrote:
This is just to report that I finally got eduroam working with wpa_supplicant, although I would have had no idea what to fill for things like phase1=... and phase2=... if I would not have found instructions for dummies on the university's net.

mv ... sorry, I didn't actually realise you were asking how it was done ... belatedly, its something like this:

Code:
network={
    ssid="eduroam"
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="xxxxx@host.tld"
    anonymous_identity="anonymous@host.tld"
    password="xxxxxxxxxx"
    ca_cert="/path/to/cert.cer"
    phase1="peaplabel=0"
    phase2="auth=MSCHAPv2"
}

Some eduroam will not have inner/outer indentities .. but from the above it sounds as though your does (two phases).

best ... khay
Back to top
View user's profile Send private message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 4078

PostPosted: Wed Apr 24, 2013 6:41 am    Post subject: Reply with quote

khayyam wrote:
belatedly, its something like this

Yes exactly. Actually, I did not ask how to do it, because I wanted to find out myself: I thought it should be possible because you mentioned that all protocols etc are somehow reported, so I wanted to play a real-world situation during travel; obviously I failed. In contrast, with NetworkManager I really had to do nothing than to select eduroam from the automatically detected list and enter username and password - actually, even the certificate was automatically found from some general CA repository (no idea how this is organized in Ubuntu, but a rough file-length comparison showed that gentoo's ca-certificates does not contain it). For a true non-expert like me it seems that I have no way around NetworkManager during travel.
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3205

PostPosted: Wed Apr 24, 2013 8:02 am    Post subject: Reply with quote

mv wrote:
For a true non-expert like me it seems that I have no way around NetworkManager during travel.
That has been my observation too. I have found that networkmanager provides the most hassle-free network configuration in Linux.
_________________
emerge --quiet redefined | E17 vids: I, II
Back to top
View user's profile Send private message
smartass
Apprentice
Apprentice


Joined: 04 Jul 2011
Posts: 189
Location: right behind you ... (you did turn around, didn't you?)

PostPosted: Wed Apr 24, 2013 9:32 am    Post subject: Reply with quote

It is true that NM is about the best solution when you just need to connect in most places you go, but may interfere with more advanced needs.
I just wish it didn't require all that *kit stuff.

As for the certificates, wpa_supplicant can sometimes figure it on its own. But I'm surprised it did figure out the MSCHAPv2 algorithm, that's usually information you must know beforehand. But maybe the eduroam AP simply used some less-secure algorithm, which was detectable.
Back to top
View user's profile Send private message
khayyam
Advocate
Advocate


Joined: 07 Jun 2012
Posts: 2244

PostPosted: Wed Apr 24, 2013 8:19 pm    Post subject: Reply with quote

mv wrote:
[...] I thought it should be possible because you mentioned that all protocols etc are somehow reported, so I wanted to play a real-world situation during travel; obviously I failed. In contrast, with NetworkManager I really had to do nothing than to select eduroam from the automatically detected list and enter username and password

mv ... yes, and NetworkManager aquired all that information via a scan of the AP, and this scan was probably done via wpa_cli.

mv wrote:
actually, even the certificate was automatically found from some general CA repository (no idea how this is organized in Ubuntu, but a rough file-length comparison showed that gentoo's ca-certificates does not contain it).

hehe ... I suspect some corners have been cut here, "[a] secure configuration is only possible if the Identity Provider deploys a private CA which issues exclusively server certificates for his own eduroam EAP servers. All other Identity Provider deployments are INSECURE." ... and why? Well, mostly to get around some mobile devices (ie, Android) not being able to verify a CN.

mv wrote:
For a true non-expert like me it seems that I have no way around NetworkManager during travel.

OK, but for the sake of the discussion what would it take for you to become a "novice", and is NetworkManager an enabler in that regard? ... and further, how did we get into a situation in which such complexity exists? I say this because the providers of "click to start internet" are the very same forces who have their fingers in all of these implementations (ie MSCHAPv2, EAP-FAST, WPS, etc), and if we consider the wider radio spectrum .... well, its a *huge* business. If you want to see a good example of this consider ZigBee, which is closed book (see the section on the "ZigBee Alliance" but also the section on licensing) and a cover for a cabal of business interests (headed by Philips). These devices are expected to sell upward of 25 billion units within the next five years (small potatoes compared to mobile phone or handhelds but none the less a money maker). So as not to sound preachy, my point is this, these interests won't make the same mistake they made with 802.11, the entire protocol will be completely opaque and no level of expertise will matter ... but part of the reason this happens is due to the attenuation of users into beings who expect that their fridge will make an order at the supermarket when milk is getting low (a la ZigBee) or they can "click to start internet" ... the two are thoroughly intertwined.

best ... khay
Back to top
View user's profile Send private message
Dr.Willy
Guru
Guru


Joined: 15 Jul 2007
Posts: 331
Location: NRW, Germany

PostPosted: Thu Apr 25, 2013 4:47 pm    Post subject: Reply with quote

I guess this is the right thread to ask this question:
Could anyone explain to me what the purpose of these OpenRC network scripts is?
I'm asking because as far as I can tell im not using any of them, but still everything is working just fine™.

The basic networking settings are provided via dhcpcd, which is started as an independent service (aka "rc-update add dhcpcd default"). If I wanted a static configuration (not sure why, tho) I could set that dhcpcd.conf.
The wireless card of my laptop is managed by wpa_supplicant (again just "rc-update add wpa_supplicant default").
Both dhcpcd and wpa_supplicant allow you to register hooks to react to network or wireless related events respectively.

So what I end up with is:
Code:
root@xps ~ # ls -l /etc/init.d/net.*
-rwxr-xr-x 1 root root 16919 Jan 20 14:17 /etc/init.d/net.lo
root@xps ~ # /etc/init.d/net.lo stop
 * WARNING: net.lo is already stopped
root@xps ~ # ping -c 1 google.com
PING google.com (74.125.132.113) 56(84) bytes of data.
64 bytes from wb-in-f113.1e100.net (74.125.132.113): icmp_seq=1 ttl=47 time=27.4 ms

--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 27.444/27.444/27.444/0.000 ms
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3205

PostPosted: Thu Apr 25, 2013 6:16 pm    Post subject: Reply with quote

check your rc-status for dhcpcd. That can get a network address by itself.
Code:
rc-status | grep dhcp



Edit: Sorry, I misread your message. Indeed you have dhcpcd running. :)
Edit 2: The network scripts of openrc allow for more complicated network setups. You can enable bonding, or bridging, or use your laptop as a router, etc.
_________________
emerge --quiet redefined | E17 vids: I, II
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum