Well, I’m a dumbass. I just needed to swap out “psk” for “password” in my file. All working now.
On Tue, Feb 4, 2020 at 4:59 PM Charlie Burnett <[email protected]> wrote: > Well, I at least have a tangible error now. Observing through wpa_cli, I > get the following: > <3>CTRL-EVENT-EAP-STATUS status=‘eap parameter needed’ parameter=‘PASSWORD’ > <3>CTRL-REQ-PASSWORD-0: Password needed for SSID eduroam > <3>CTRL-EVENT-EAP-FAILURE EAP authentication failed > Authentication with $BSSID timed out. > > Out of curiosity I switched it to WPA2-PSK and it says it successfully > associated, however I can’t ping anything and trying to use dhclient just > results in it timing out/sleeping. > > I know my password is correct as well > > On Mon, Feb 3, 2020 at 4:42 AM Raf Czlonka <[email protected]> wrote: > >> On Sun, Feb 02, 2020 at 09:42:52PM GMT, Charlie Burnett wrote: >> > Hey @misc, >> > I've used OpenBSD on my desktop and server for a while, however they >> both >> > have an Ethernet connection. I recently got my hands on a thinkpad x1 >> 6th >> > gen in order to ensure compatibility with OpenBSD. I can connect fine >> via >> > the /etc/hostname.if with /etc/netstart, however I need to be able to >> > connect to eduroam for class. I was using linux on my past laptop, >> however >> > I connected through wpa_supplicant on it. I copied my >> wpa_supplicant.conf >> > over, however whenever I try to connect to a network I get hung up in >> the >> > same spot. The conf works fine on linux, so the credentials are correct. >> > I've also ensured the interface was up with "doas ifconfig iwm0 up" >> Here's >> > the output from attempting to connect with "doas wpa_supplicant -i iwm0 >> -c >> > /etc/wpa_supplicant.conf -D openbsd -dd": >> > wpa_supplicant v2.9 >> > Successfully initialized wpa_supplicant >> > Initializing interface 'iwm0' conf '/etc/wpa_supplicant.conf' driver >> > 'openbsd' ctrl_interface 'N/A' bridge 'N/A' >> > Configuration file '/etc/wpa_supplicant.conf' -> >> '/etc/wpa_supplicant.conf' >> > Reading configuration file '/etc/wpa_supplicant.conf' >> > ctrl_interface='/var/run/wpa_supplicant' >> > ctrl_interface_group='wheel' >> > eapol_version=2 >> > ap_scan=1 >> > fast_reauth=1 >> > update_config=1 >> > Line: 11 - start of a new network block >> > ssid - hexdump_ascii(len=): HOME >> > key_mgmt: 0x2 >> > PSK - hexdump(len=): [REMOVED] >> > Line: 19 - start of a new network block >> > ssid - hexdump_ascii(len=7): eduroam >> > scan_ssid=1 (0x1) >> > key_mgmt: 0x1 >> > eap methods - hexdump(len=): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 >> 00 00 >> > phase2 - hexdump_ascii(len=): >> > 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 >> > auth_alg: 0x1 >> > identity - hexdump_ascii(len=): >> > ca_cert - hexdump_ascii(len=): >> > 2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 41 /etc/ssl/certs/A >> > 64 64 54 72 75 73 74 5f 45 78 74 65 72 6e 61 6c ddTrust_External >> > 5f 52 6f 6f 74 2e 70 65 6d _Root.pem >> > password - hexdump_ascii(len=): [REMOVED] >> > Line: 32 - start of a new network block >> > ssid - hexdump_ascii(len=): HOME2 >> > PSK - hexdump(len=): [REMOVED] >> > Priority group 0 >> > id=0 ssid='HOME' >> > id=1 ssid='eduroam' >> > id=2 ssid='HOME2' >> > Add interface iwm0 to a new radio N/A >> > iwm0: Failed to attach pkt_type filter >> > iwm0: Own MAC address: 38:00:25:6c:76:6d >> > iwm0: RSN: flushing PMKID list in the driver >> > iwm0: Setting scan request: 0.100000 sec >> > ENGINE: Loading builtin engines >> > ENGINE: Loading builtin engines >> > EAPOL: SUPP_PAE entering state DISCONNECTED >> > EAPOL: Supplicant port status: Unauthorized >> > EAPOL: KEY_RX entering state NO_KEY_RECEIVE >> > EAPOL: SUPP_BE entering state INITIALIZE >> > EAP: EAP entering state DISABLED >> > ctrl_interface_group=0 (from group name 'wheel') >> > iwm0: Added interface iwm0 >> > iwm0: State: DISCONNECTED -> DISCONNECTED >> > iwm0: Using OpenBSD - overriding ap_scan configuration >> > EAPOL: disable timer tick >> > >> > Here is the output after sending a ctrl-C to the terminal: >> > ^Ciwm0: Removing interface iwm0 >> > iwm0: Request to deauthenticate - bssid=00:00:00:00:00:00 >> > pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING) >> state=DISCONNECTED >> > iwm0: State: DISCONNECTED -> DISCONNECTED >> > EAPOL: External notification - portEnabled=0 >> > EAPOL: External notification - portValid=0 >> > iwm0: WPA: Clear old PMK and PTK >> > iwm0: Cancelling scan request >> > iwm0: Cancelling authentication timeout >> > Remove interface iwm0 from radio >> > Remove radio >> > iwm0: CTRL-EVENT-TERMINATING >> > >> >> Hi Charlie, >> >> eduroam works just fine on OpenBSD with wpa_supplicant. >> >> However, you hadn't followed the information provided in the >> pkg-readme file: >> >> /usr/local/share/doc/pkg-readmes/wpa_supplicant >> >> Namely: >> >> # ifconfig iwm0 join "Laakista Humppa" wpa wpaakms 802.1x >> >> as well as: >> >> Do not enable "ap_scan" - it is not supported by the OpenBSD >> support code. >> >> scan_ssid=1 isn't necessary either - eduroam APs shouldn't reject >> broadcast SSID. >> >> fast_reauth=1 is the default so there's no need to use it, unless you >> want/need to disable it with '0'. >> >> Can't recall whether it is at all necessary, but I also have phase1 >> in my config: >> >> phase1="peaplabel=0" >> >> as well as anonymous identity: >> >> anonymous_identity="..." >> >> Also, depending on the APs, EAPOL version might need to be set to 1: >> >> eapol_version=1 >> >> From the above, it looks like you have actually copied >> /etc/ssl/certs/AddTrust_External_Root.pem" file (and created the >> directory structure) from Linux. How about simply changing that >> line to: >> >> ca_cert="/etc/ssl/cert.pem" >> >> All that being said, I've been to places where I couldn't get eduroam >> connection even on my phone. >> >> Anyway, please try with the above changes and report back. >> >> Cheers, >> >> Raf >> >> > >> > And here's my wpa_supplicant.conf (with ssid's and psk's removed): >> > ctrl_interface=/var/run/wpa_supplicant >> > ctrl_interface_group=wheel >> > eapol_version=2 >> > ap_scan=1 >> > fast_reauth=1 >> > update_config=1 >> > >> > network={ >> > ssid="HOME" >> > psk=PASSWORD >> > } >> > >> > # Eduroam >> > network={ >> > ssid="eduroam" >> > scan_ssid=1 >> > key_mgmt=WPA-EAP >> > eap=PEAP >> > phase2="auth=MSCHAPV2" >> > auth_alg=OPEN >> > identity="[email protected]" >> > ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem" >> > password="Here I am, here I remain." >> > } >> > >> > network={ >> > ssid="HOME2" >> > psk=PASSWORD >> > } >> > >> > Any help would be very much appreciated! >> >
