This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
networkconfigurationsettings [2020/10/21 16:30] Andrew Zaborowski [Embedded PEMs] Syntax highlighting |
networkconfigurationsettings [2020/11/26 18:43] Andrew Zaborowski Mention EAP-PEAP-Phase2-Method specifically, link to [[ipconfiguration]] |
||
---|---|---|---|
Line 10: | Line 10: | ||
^ Setting Key ^ Values ^ Description ^ | ^ Setting Key ^ Values ^ Description ^ | ||
| Group header: **''[Settings]''** ||| | | Group header: **''[Settings]''** ||| | ||
- | | ''Autoconnect'' | **''true''**, ''false'' | (optional) | | + | | ''AutoConnect'' | **''true''**, ''false'' | (optional) | |
+ | | ''Autoconnect'' | **''true''**, ''false'' | (deprecated in favour or ''AutoConnect'') (optional) | | ||
| ''Hidden'' | ''true'', **''false''** | Used for //hidden// networks i.e. those that do not reply to scan probing except when their SSIDs are included explicitly (optional) | | | ''Hidden'' | ''true'', **''false''** | Used for //hidden// networks i.e. those that do not reply to scan probing except when their SSIDs are included explicitly (optional) | | ||
| ''AlwaysRandomizeAddress'' | ''true'', **''false''** | Always randomize MAC address on each new connection. Requires ''AddressRandomization=network'' in main.conf (optional) | | | ''AlwaysRandomizeAddress'' | ''true'', **''false''** | Always randomize MAC address on each new connection. Requires ''AddressRandomization=network'' in main.conf (optional) | | ||
| ''AddressOverride'' | ''MAC Address'' | Override the MAC address used for this network. Requires ''AddressRandomization=network'' in main.conf (optional) | | | ''AddressOverride'' | ''MAC Address'' | Override the MAC address used for this network. Requires ''AddressRandomization=network'' in main.conf (optional) | | ||
- | ===== Pre-Shared Key (WPA/WPA2 Personal) network settings ===== | + | ===== IP configuration settings ===== |
+ | |||
+ | See [[ipconfiguration|IP configuration]]. | ||
+ | |||
+ | ===== Pre-Shared Key (WPA/WPA2 Personal/SAE) network settings ===== | ||
^ Setting Key ^ Values ^ Description ^ | ^ Setting Key ^ Values ^ Description ^ | ||
| Group header: **''[Security]''** ||| | | Group header: **''[Security]''** ||| | ||
Line 27: | Line 32: | ||
^ Setting Key ^ Values ^ Description ^ | ^ Setting Key ^ Values ^ Description ^ | ||
| Group header: **''[Security]''** ||| | | Group header: **''[Security]''** ||| | ||
- | | ''EAP-Method'' | ''AKA'', ''%%AKA'%%'', ''GTC'', ''MD5'', ''MSCHAPV2'', ''PEAP'', ''PWD'', ''SIM'', ''TLS'', ''TTLS'', ''WSC'' (internal) | No default | | + | | ''EAP-Method'' | ''AKA'', ''%%AKA'%%'', ''GTC'' (*), ''MD5'' (*), ''MSCHAPV2'', ''PEAP'', ''PWD'', ''SIM'', ''TLS'', ''TTLS'', ''WSC'' (internal) | No default | |
| Applies to: **EAP-SIM**, **EAP-AKA**, **EAP-AKA'** ||| | | Applies to: **EAP-SIM**, **EAP-AKA**, **EAP-AKA'** ||| | ||
| ''EAP-Identity'' | //text// | EAP identity string transmitted in plaintext, if any (optional) | | | ''EAP-Identity'' | //text// | EAP identity string transmitted in plaintext, if any (optional) | | ||
- | | Applies to: **EAP-GTC** ||| | + | | Applies to: **EAP-GTC** (Only EAD or TTLS/PEAP inner method) ||| |
| ''EAP-Identity'' | //text// | EAP identity/username string transmitted in plaintext. No default, if not provided IWD will request a username at connection time | | | ''EAP-Identity'' | //text// | EAP identity/username string transmitted in plaintext. No default, if not provided IWD will request a username at connection time | | ||
| ''EAP-Password'' | //text// | EAP GTC secret string. No default, if not provided IWD will request a passphrase at connection time | | | ''EAP-Password'' | //text// | EAP GTC secret string. No default, if not provided IWD will request a passphrase at connection time | | ||
| ''EAP-GTC-Secret'' | //text// | (deprecated in favour of ''EAP-Password'') | | | ''EAP-GTC-Secret'' | //text// | (deprecated in favour of ''EAP-Password'') | | ||
- | | Applies to: **EAP-MD5** ||| | + | | Applies to: **EAP-MD5** (Only EAD or TTLS/PEAP inner method) ||| |
| ''EAP-Identity'' | //text// | EAP identity/username string transmitted in plaintext. No default, if not provided IWD will request a username at connection time | | | ''EAP-Identity'' | //text// | EAP identity/username string transmitted in plaintext. No default, if not provided IWD will request a username at connection time | | ||
| ''EAP-Password'' | //text// | EAP MD5 secret string. No default, if not provided IWD will request a passphrase at connection time | | | ''EAP-Password'' | //text// | EAP MD5 secret string. No default, if not provided IWD will request a passphrase at connection time | | ||
Line 53: | Line 58: | ||
| ''EAP-TTLS-Phase2-Password'' | //text// | Password string for the TTLS non-EAP Phase 2 methods. No default, if not provided IWD will request a passphrase at connection time. | | | ''EAP-TTLS-Phase2-Password'' | //text// | Password string for the TTLS non-EAP Phase 2 methods. No default, if not provided IWD will request a passphrase at connection time. | | ||
| ''EAP-TTLS-Phase2-*'' | | Any settings to be used for the inner EAP method if one was specified as ''EAP-TTLS-Phase2-Method'', rather than a TTLS-specific method. The prefix ''EAP-TTLS-Phase2-'' replaces the ''EAP-'' prefix in the setting keys and their usage is unchanged. Since the inner method's negotiation is encrypted, a secure identity string can be provided. | | | ''EAP-TTLS-Phase2-*'' | | Any settings to be used for the inner EAP method if one was specified as ''EAP-TTLS-Phase2-Method'', rather than a TTLS-specific method. The prefix ''EAP-TTLS-Phase2-'' replaces the ''EAP-'' prefix in the setting keys and their usage is unchanged. Since the inner method's negotiation is encrypted, a secure identity string can be provided. | | ||
+ | | ''EAP-PEAP-Phase2-Method'' | see ''EAP-Method'' | Phase 2 authentication method for EAP-PEAP. No default value. The PEAP phase 1 with no phase 2 (rare) is not supported. | | ||
| ''EAP-PEAP-Phase2-*'' | | Any settings to be used for the inner EAP method with EAP-PEAP as the outer method. The prefix ''EAP-PEAP-Phase2-'' replaces the ''EAP-'' prefix in the setting keys and their usage is unchanged. Since the inner method's negotiation is encrypted, a secure identity string can be provided. | | | ''EAP-PEAP-Phase2-*'' | | Any settings to be used for the inner EAP method with EAP-PEAP as the outer method. The prefix ''EAP-PEAP-Phase2-'' replaces the ''EAP-'' prefix in the setting keys and their usage is unchanged. Since the inner method's negotiation is encrypted, a secure identity string can be provided. | | ||
| Applies to: **EAP-PWD** ||| | | Applies to: **EAP-PWD** ||| | ||
Line 73: | Line 79: | ||
After this special group tag it's as simple as pasting in a PEM file including the ''BEGIN''/''END'' tags. Now ''my_ca_cert'' can be used to reference the certificate elsewhere in the settings file by prefixing the value with ''embed:'' | After this special group tag it's as simple as pasting in a PEM file including the ''BEGIN''/''END'' tags. Now ''my_ca_cert'' can be used to reference the certificate elsewhere in the settings file by prefixing the value with ''embed:'' | ||
- | <code> | + | <code ini> |
EAP-TLS-CACert=embed:my_ca_cert | EAP-TLS-CACert=embed:my_ca_cert | ||
</code> | </code> |