hostapd
Differences
This shows you the differences between two versions of the page.
hostapd [2018/02/26 20:29] – created damien | hostapd [2018/05/22 10:33] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== hostapd' | ||
+ | ===== Howto create a WPA-EAP-protected network ===== | ||
+ | |||
+ | Prevent NetworkManager from trying to configure/ | ||
+ | <file ini / | ||
+ | ... | ||
+ | [keyfile] | ||
+ | unmanaged-devices=mac:< | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | |||
+ | Create hostapd' | ||
+ | <file ini / | ||
+ | interface=< | ||
+ | ssid=< | ||
+ | channel=1 | ||
+ | |||
+ | # IEEE 802.11 specifies two authentication algorithms. hostapd can be | ||
+ | # configured to allow both of these or only one. Open system authentication | ||
+ | # should be used with IEEE 802.1X. | ||
+ | # Bit fields of allowed authentication algorithms: | ||
+ | # bit 0 = Open System Authentication | ||
+ | # bit 1 = Shared Key Authentication (requires WEP) | ||
+ | auth_algs=3 | ||
+ | wpa=3 | ||
+ | wpa_key_mgmt=WPA-EAP | ||
+ | |||
+ | # Require IEEE 802.1X authorization | ||
+ | ieee8021x=1 | ||
+ | eapol_version=2 | ||
+ | eap_message=ping-from-hostapd | ||
+ | eap_server=1 | ||
+ | server_cert=/ | ||
+ | private_key=/ | ||
+ | eap_user_file=/ | ||
+ | </ | ||
+ | |||
+ | and configure the accepted credentials: | ||
+ | <file ini / | ||
+ | # Phase 1 users | ||
+ | # Wildcard for all other identities | ||
+ | * PEAP | ||
+ | |||
+ | # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users | ||
+ | "< | ||
+ | </ | ||
+ | |||
+ | If not already existing, create your hostapd' | ||
+ | < | ||
+ | $ cd / | ||
+ | $ sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostapd.key.pem -out hostapd.cert.pem | ||
+ | </ | ||
+ | |||
+ | Now, you can restart hostapd' | ||
+ | < | ||
+ | $ sudo service hostapd restart | ||
+ | </ |