Quantcast

WPA enterprise / 802.1x ?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

WPA enterprise / 802.1x ?

Robert-318
Hi,

according to several sources [1,2,3] 802.1x (WPA enterprise) is not
supported with native tools.
The wpa_supplicant package doesn't help either, since it doesn't
support WPA.

Is there *any* other solution how I could get this to work on a laptop?
I'm even considering a qemu session with Linux inside and direct
access to a USB WLAN adapter, or a small portable access point that
supports 802.1x.

Other suggestions?

kind regards,
Robert


[1]
 http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
[2] http://marc.info/?l=openbsd-misc&m=122419346331428
[3] http://marc.info/?l=openbsd-tech&m=127857238812230

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WPA enterprise / 802.1x ?

Stuart Henderson
On 2010-08-29, Robert <[hidden email]> wrote:
> according to several sources [1,2,3] 802.1x (WPA enterprise) is not
> supported with native tools.
> The wpa_supplicant package doesn't help either, since it doesn't
> support WPA.
>
> Is there *any* other solution how I could get this to work on a laptop?
> I'm even considering a qemu session with Linux inside and direct
> access to a USB WLAN adapter, or a small portable access point that
> supports 802.1x.

this last option seems the most straightforward, but you would
specifically need something that can act as a client bridge (sometimes
also called STA mode) and can authenticate with 802.1x in that mode
(that's not a given, even if the device supports 802.1x in AP mode),
so check fairly carefully.

ubiquiti nanostation is about the smallest of the ones I know that
have this option (I haven't tested it in this mode myself though),
it's very small but is really meant as an outdoor CPE/AP and only
has power-over-ethernet so may be a bit messy with cables...

(don't look too closely at the trick needed to build a non-WDS
client bridge, it's pretty disgusting ;)

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WPA enterprise / 802.1x ?

Robert-318
On Sun, 29 Aug 2010 10:02:33 +0000 (UTC)
Stuart Henderson <[hidden email]> wrote:
> this last option seems the most straightforward, but you would
> specifically need something that can act as a client bridge (sometimes
> also called STA mode) and can authenticate with 802.1x in that mode
> (that's not a given, even if the device supports 802.1x in AP mode),
> so check fairly carefully.

Thanks for that hint.
I was already looking at the Asus WL-330gE, but when I went through
their support forum I found out that it has exactly that problem.

kind regards,
Robert

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WPA enterprise / 802.1x ?

Kevin Chadwick-2
In reply to this post by Robert-318
On Sun, 29 Aug 2010 11:12:34 +0200
Robert <[hidden email]> wrote:

> Hi,
>
> according to several sources [1,2,3] 802.1x (WPA enterprise) is not
> supported with native tools.
> The wpa_supplicant package doesn't help either, since it doesn't
> support WPA.

> Other suggestions?

One of the mags on bsdmag.org has an interview with Damien Bergamini
(shown on it's contents page) who did the/some of the wpa for OpenBSD.
I believe he describes why WPA enterprise is problematic and not so
desirable or worth the effort and outlines some alternatives. I'm not
sure if your setup would be able to take advantage of those
alternatives, or how current it is, but it might be worth a read.

The particular one isn't on this machine but I noticed Junes has an
article on using ipsec for protecting wireless. The interview isn't in
march-July 2010 issues.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WPA enterprise / 802.1x ?

Robert-318
On Sun, 29 Aug 2010 14:07:15 +0100
Kevin Chadwick <[hidden email]> wrote:

> One of the mags on bsdmag.org has an interview with Damien Bergamini
> (shown on it's contents page) who did the/some of the wpa for OpenBSD.
> I believe he describes why WPA enterprise is problematic and not so
> desirable or worth the effort and outlines some alternatives. I'm not
> sure if your setup would be able to take advantage of those
> alternatives, or how current it is, but it might be worth a read.
>
> The particular one isn't on this machine but I noticed Junes has an
> article on using ipsec for protecting wireless. The interview isn't in
> march-July 2010 issues.


I've read this interview.
The problem is that you don't always have influence over the
environment. Often you have to work on sites with a given
infrastructure (e.g. when you are a consultant), and they won't change
their whole IT just for you ;)
E.g. WPA enterprise, access to Windows shares, Flash "interfaces" on
their web site etc.; the list is long and depressing...

Loading...