How to connect with OpenRC, ethernet, 802.1 ,PEAP, MSCHAPv2, password and MAC spoofing without polkit
nona - about 2 years ago -
Hello,
I am trying to connect to a network which is protected with PEAP, a username and password. I do not use polkit. I am using OpenRC, spoofed MAC and I do not have (nor want) polkit (policy-kit).
I have tried with Connman, NetworkManager and (dhcpcd + wpa_supplicant). I do not need a GUI solution. I just need something that I can automate at boot--or something, that is, if it runs on the terminal, that's totally fine.
Thank you in advance
Connman¶
I tried to create different types of /var/lib/connman/*.config files. The closes that I got was figuring out that the files need to be called ethernet_<MAC here>_cable.config, and that this does not work:
# /var/lib/connman/*.config
[service_ethernet_<MAC here>_cable]
Type = ethernet
DeviceName = eth0 # I do not force "eth0", it's created by my system every time
EAP = peap
CACertFile = /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
Phase2 = MSCHAPV2
Identity = <my username in plain text>
AutoConnect = true
Security = ieee8021x
Passphrase = <my password in plain text>
This only allows me to connect to the network, which later tells me that I need a PEAP connection.
NetworkManager¶
I installed nm-connection-editor to set-up the 802.1 configuration. I just added the path to the certificate, the username, PEAP and the password.
It actually connects, but once it does, my session is messed up: I can no run some programs with a message saying that Display :0 does not exist or something like that. Then, I need to kill my session for the GUI to work again. For instance, with LXQT, I have to switch virtual terminals (CTRL + ALT + F2) and log back in, because the Logout submenu does nothing.
DHCPCD + wpa_supplicant¶
I created a /etc/wpa_supplicant/wpa_supplicant.conf
# /etc/wpa_supplicant/wpa_supplicant.conf
# Connect like this:
# wpa_supplicant -Dwired -B -ieth0 -c/etc/wpa_supplicant/wpa_supplicant.conf
# dhcpcd -i eth0
# dhclient -v
# https://wiki.archlinux.org/title/Wpa_supplicant
# Giving configuration update rights to wpa_cli
ctrl_interface=/run/wpa_supplicant
# enable users without root access to connect to wireless networks
ctrl_interface_group=wheel
# store changes made with wpa_cli
update_config=1
# https://bbs.archlinux.org/viewtopic.php?id=188783
# https://wiki.archlinux.org/title/Wpa_supplicant#802.1x/radius
# Wired Ethernet drivers
ap_scan=0
fast_reauth=1
network={
key_mgmt=IEEE8021X
eap=PEAP
ssid="<the SSID of the connection>"
ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
phase2="auth=MSCHAPV2"
identity="<username>"
# wpa_passphrase SSID <passphrase>
# psk=<result of the above command>
password="<plain text password>"
}
This kind of works, but then the connection is lost. I don't know why.
Others¶
I did not try the wpa_supplicant in a new environment, but I did reinstall Parabola from scratch, fearing that a local configuration was interfering with the connection. This happens with or without a display manager (LXQT and [icewm + startx]).
Replies (2)
How to connect with OpenRC, ethernet, 802.1 ,PEAP, MSCHAPv2, password and MAC spoofing without polkit - bill-auger - almost 2 years ago -
i dont have much advice on this off-hand - i think those X
server problems are resolved with a polkit though
RE: How to connect with OpenRC, ethernet, 802.1 ,PEAP, MSCHAPv2, password and MAC spoofing without polkit - nona - almost 2 years ago -
The KISS approach: connect the ethernet cable before starting the session. Still, it would be nice to have a polkit-independent solution.