🔒 xsupplicant for VU

updated @ 2006-05-26

As I study Computer Science on the Vrije Universiteit in Amsterdam, I wanted to use my GNU/Linux laptop with their wireless network. As they are using some neat encryption schemes, involving rotating wep keys, eap-ttls, pap and such, for which you need the Aegis client on windows [or the Intel Pro/wireless program as I use with my ipw2200 chip on my Centrino based laptop]. I had to configure xsupplicant accordingly. You can find my configuration for xsupplicant 1.x on this page.

These settings will most likely work with other highly secured networks too, so I hope this page will help others too.

Configure your laptop to work with the wireless network of the VU

My /etc/xsupplicant/xsupplicant.conf [note that my wifi connection is on eth1. you may want to change that to wlan0 or something]:

network_list = default, VU-Campusnet

allow_interfaces = eth1
deny_interfaces = eth0, lo

logfile = /var/log/xsupplicant.log

VU-Campusnet
{
        type = wireless
        wireless_control = yes
        allow_types = eap-ttls
        identity = <BEGIN_ID>YOUR_VUNET_ID@vu.nl<END_ID>

        eap-ttls
        {
                root_cert = NONE
                phase2_type = pap
                pap
                {
                        username = <BEGIN_UNAME>YOUR_VUNET_ID@vu.nl<END_UNAME>

                        password = <BEGIN_PASS>YOUR_PASSWORD<END_PASS>
                }
        }
}

Note that no dhclient's should be running and the wep key configured for the wireless interface should be all zero's before running the following script. [You can check this with iwconfig]

I got feedback that in xsupplicant 1.2 some things aren't supported anymore and the syntax has changed a bit. This should work:

network_list = default, VU-Campusnet

logfile = /var/log/xsupplicant.log

default
{
}

VU-Campusnet
{
        type = wireless
        wireless_control = yes
        allow_types = eap-ttls
        identity = YOUR_VUNET_ID@vu.nl

        eap-ttls
        {
                root_cert = NONE
                phase2_type = pap
                pap
                {
                        username = YOUR_VUNET_ID@vu.nl
                        password = YOUR_PASSWORD
                }
        }
}

NB: in even newer versions, you have to double-quote your password to get this to work.

My wifi_vu enable script [save as executable script and execute when you want to use the network]:

#!/bin/bash
iwconfig eth1 mode Managed
iwconfig eth1 enc open
iwconfig eth1 essid VU-Campusnet
ifconfig eth1 up

dhclient eth1
ntpdate ntp.cs.uu.nl

The last line is for synchronizing the clock through NTP, which I do per default, as it's such an easy way to keep them all in sync. You can remove it, or substitute an NTP server near you to make it work [better]