Well, I at least have a tangible error now. Observing through wpa_cli, I
get the following:
<3>CTRL-EVENT-EAP-STATUS status=‘eap parameter needed’ parameter=‘PASSWORD’
<3>CTRL-REQ-PASSWORD-0: Password needed for SSID eduroam
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
Authentication with $BSSID timed out.
Out of curiosity I switched it to WPA2-PSK and it says it successfully
associated, however I can’t ping anything and trying to use dhclient just
results in it timing out/sleeping.
I know my password is correct as well
On Mon, Feb 3, 2020 at 4:42 AM Raf Czlonka <rczlo...@gmail.com> wrote:
> On Sun, Feb 02, 2020 at 09:42:52PM GMT, Charlie Burnett wrote:
> > Hey @misc,
> > I've used OpenBSD on my desktop and server for a while, however they both
> > have an Ethernet connection. I recently got my hands on a thinkpad x1 6th
> > gen in order to ensure compatibility with OpenBSD. I can connect fine via
> > the /etc/hostname.if with /etc/netstart, however I need to be able to
> > connect to eduroam for class. I was using linux on my past laptop,
> however
> > I connected through wpa_supplicant on it. I copied my wpa_supplicant.conf
> > over, however whenever I try to connect to a network I get hung up in the
> > same spot. The conf works fine on linux, so the credentials are correct.
> > I've also ensured the interface was up with "doas ifconfig iwm0 up"
> Here's
> > the output from attempting to connect with "doas wpa_supplicant -i iwm0
> -c
> > /etc/wpa_supplicant.conf -D openbsd -dd":
> > wpa_supplicant v2.9
> > Successfully initialized wpa_supplicant
> > Initializing interface 'iwm0' conf '/etc/wpa_supplicant.conf' driver
> > 'openbsd' ctrl_interface 'N/A' bridge 'N/A'
> > Configuration file '/etc/wpa_supplicant.conf' ->
> '/etc/wpa_supplicant.conf'
> > Reading configuration file '/etc/wpa_supplicant.conf'
> > ctrl_interface='/var/run/wpa_supplicant'
> > ctrl_interface_group='wheel'
> > eapol_version=2
> > ap_scan=1
> > fast_reauth=1
> > update_config=1
> > Line: 11 - start of a new network block
> > ssid - hexdump_ascii(len=): HOME
> > key_mgmt: 0x2
> > PSK - hexdump(len=): [REMOVED]
> > Line: 19 - start of a new network block
> > ssid - hexdump_ascii(len=7): eduroam
> > scan_ssid=1 (0x1)
> > key_mgmt: 0x1
> > eap methods - hexdump(len=): 00 00 00 00 19 00 00 00 00 00 00 00 00 00
> 00 00
> > phase2 - hexdump_ascii(len=):
> > 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
> > auth_alg: 0x1
> > identity - hexdump_ascii(len=):
> > ca_cert - hexdump_ascii(len=):
> > 2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 41 /etc/ssl/certs/A
> > 64 64 54 72 75 73 74 5f 45 78 74 65 72 6e 61 6c ddTrust_External
> > 5f 52 6f 6f 74 2e 70 65 6d _Root.pem
> > password - hexdump_ascii(len=): [REMOVED]
> > Line: 32 - start of a new network block
> > ssid - hexdump_ascii(len=): HOME2
> > PSK - hexdump(len=): [REMOVED]
> > Priority group 0
> > id=0 ssid='HOME'
> > id=1 ssid='eduroam'
> > id=2 ssid='HOME2'
> > Add interface iwm0 to a new radio N/A
> > iwm0: Failed to attach pkt_type filter
> > iwm0: Own MAC address: 38:00:25:6c:76:6d
> > iwm0: RSN: flushing PMKID list in the driver
> > iwm0: Setting scan request: 0.100000 sec
> > ENGINE: Loading builtin engines
> > ENGINE: Loading builtin engines
> > EAPOL: SUPP_PAE entering state DISCONNECTED
> > EAPOL: Supplicant port status: Unauthorized
> > EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> > EAPOL: SUPP_BE entering state INITIALIZE
> > EAP: EAP entering state DISABLED
> > ctrl_interface_group=0 (from group name 'wheel')
> > iwm0: Added interface iwm0
> > iwm0: State: DISCONNECTED -> DISCONNECTED
> > iwm0: Using OpenBSD - overriding ap_scan configuration
> > EAPOL: disable timer tick
> >
> > Here is the output after sending a ctrl-C to the terminal:
> > ^Ciwm0: Removing interface iwm0
> > iwm0: Request to deauthenticate - bssid=00:00:00:00:00:00
> > pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING)
> state=DISCONNECTED
> > iwm0: State: DISCONNECTED -> DISCONNECTED
> > EAPOL: External notification - portEnabled=0
> > EAPOL: External notification - portValid=0
> > iwm0: WPA: Clear old PMK and PTK
> > iwm0: Cancelling scan request
> > iwm0: Cancelling authentication timeout
> > Remove interface iwm0 from radio
> > Remove radio
> > iwm0: CTRL-EVENT-TERMINATING
> >
>
> Hi Charlie,
>
> eduroam works just fine on OpenBSD with wpa_supplicant.
>
> However, you hadn't followed the information provided in the
> pkg-readme file:
>
> /usr/local/share/doc/pkg-readmes/wpa_supplicant
>
> Namely:
>
> # ifconfig iwm0 join "Laakista Humppa" wpa wpaakms 802.1x
>
> as well as:
>
> Do not enable "ap_scan" - it is not supported by the OpenBSD
> support code.
>
> scan_ssid=1 isn't necessary either - eduroam APs shouldn't reject
> broadcast SSID.
>
> fast_reauth=1 is the default so there's no need to use it, unless you
> want/need to disable it with '0'.
>
> Can't recall whether it is at all necessary, but I also have phase1
> in my config:
>
> phase1="peaplabel=0"
>
> as well as anonymous identity:
>
> anonymous_identity="..."
>
> Also, depending on the APs, EAPOL version might need to be set to 1:
>
> eapol_version=1
>
> From the above, it looks like you have actually copied
> /etc/ssl/certs/AddTrust_External_Root.pem" file (and created the
> directory structure) from Linux. How about simply changing that
> line to:
>
> ca_cert="/etc/ssl/cert.pem"
>
> All that being said, I've been to places where I couldn't get eduroam
> connection even on my phone.
>
> Anyway, please try with the above changes and report back.
>
> Cheers,
>
> Raf
>
> >
> > And here's my wpa_supplicant.conf (with ssid's and psk's removed):
> > ctrl_interface=/var/run/wpa_supplicant
> > ctrl_interface_group=wheel
> > eapol_version=2
> > ap_scan=1
> > fast_reauth=1
> > update_config=1
> >
> > network={
> > ssid="HOME"
> > psk=PASSWORD
> > }
> >
> > # Eduroam
> > network={
> > ssid="eduroam"
> > scan_ssid=1
> > key_mgmt=WPA-EAP
> > eap=PEAP
> > phase2="auth=MSCHAPV2"
> > auth_alg=OPEN
> > identity="burne...@umn.edu"
> > ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
> > password="Here I am, here I remain."
> > }
> >
> > network={
> > ssid="HOME2"
> > psk=PASSWORD
> > }
> >
> > Any help would be very much appreciated!
>
