Least Action

Nontrivializing triviality..and vice versa.

Connecting to an MSCHAPV2-based wireless network in Arch Linux

leave a comment »

Arch Linux comes with “wifi-menu”, but this does not let you connect to a WPA2-based network which requires you to enter both a login-id as as well as a password. Some of these networks use MSCHAPV2, which due its vulnerabilities, is not recommended by the Arch community (see https://wiki.archlinux.org/index.php/WPA2_Enterprise). On the campus I am currently stationed in, we have a MSCHAPV2-based network known as WolfieNet-Secure, the alternative to which is an unsecured wifi connection. The university does not currently offer any Linux support and their instructions for configuring WolifeNet-Secure in Linux work only for Ubuntu (which comes with out of the box MSCHAPV2 support).

This is a quick and fast way to get such a network connection to work in Arch Linux. But this is not the best way, and I strongly suggest using it once to set up Arch Linux but switch to Network Manager once you have X Windows working. This is particularly important if you are behind such a network, cannot get access to a network cable, and must install Arch Linux off the net.

Step 1: Bring up the interface.

ip link set wlp5s0 up

Replace wlp5s0 with your wireless interface.

Step 2: As superuser, create a new file /etc/wpa_supplicant/example.conf, with the following

ctrl_interface=/run/wpa_supplicant
update_config=1

Step 3: Start wpa_supplicant using

wpa_supplicant -B -i wlp5s0 -c /etc/wpa_supplicant/example.conf

Step 4: Create a script which connects to the network.

#!/bin/bash

wpa_cli -wlps5s0 disconnect
wpa_cli -wlp5s0 add_network
wpa_cli -wlp5s0 set_network 0 auth_alg OPEN
wpa_cli -wlp5s0 set_network 0 key_mgmt WPA-EAP
wpa_cli -wlp5s0 set_network 0 pairwise CCMP
wpa_cli -wlp5s0 set_network 0 group CCMP
wpa_cli -wlp5s0 set_network 0 proto WPA2
wpa_cli -wlp5s0 set_network 0 eap PEAP
wpa_cli -wlp5s0 set_network 0 identity “login-id
wpa_cli -wlp5s0 set_network 0 password “password
wpa_cli -wlp5s0 set_network 0 phase1 “peapver=0”
wpa_cli -wlp5s0 set_network 0 phase2 “MSCHAPV2”
wpa_cli -wlp5s0 set_network 0 mode 0
wpa_cli -wlp5s0 set_network 0 ssid “WolfieNet-Secure”
wpa_cli -wlp5s0 select_network 0
wpa_cli -wlp5s0 enable_network 0
wpa_cli -wlp5s0 reassociate
wpa_cli -wlp5s0 status

Save this file in your /usr/bin or your home folder, for instance by an unimaginative name like “wificonnect” and then make it an executable using

chmod +x wificonnect

Step 5: run dhcpcd (this may be optional in some setups)

dhcpcd wlp5s0

Finally, add the script to your system startup. I find it convenient to actually execute it by hand for now. But if you work mostly in X Windows, then doing so manually may be an annoyance.

A drawback of the above script is that your password is stored in plaintext. This is easily fixable, and one can introduce a layer of encryption. Documentation for this is easily available on the internet and is a matter of common knowledge among experienced users of Linux, so I won’t go into this in more detail.

Notes:

1. dhcpcd will usually run by itself if you enabled it using

systemctl enable dhcpcd.service

Another issue is that on some laptops, due to shaky network adapter support, it may be useful to first connect to an open wifi network (if one is available) to get the interface running, before switching over to a secure wifi using the above script.

2. If you have multiple profiles, it may become necessary to change the number 0 which appears after each set_network command in the above script, to 1 or some other number. To verify this, one can run

wpa_cli

and type each line of the above script after removing the leading “spa_ctl -wlp5s0” statements. The add_network command will return a number, which if other than 0, must be entered in the script above.

There may be additional tweaks or caveats, which I may update in future.

Advertisements

Written by Vivek

July 12, 2015 at 21:27

Posted in Linux

Tagged with

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: