repositories / martlubbers.net.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add allow-hotplug stuff to nonm.html
[martlubbers.net.git] / nonm.html
diff --git a/nonm.html b/nonm.html
index 5baa473..3820563 100644 (file)
--- a/nonm.html
+++ b/nonm.html
@@ -79,5 +79,57 @@ update_config=1
                Note that it resides by default in <tt>/usr/sbin</tt>.
                <tt>wpa_gui</tt> is a graphical frontend where you can add, remove, diagnose and change wireless networks with <em>almost</em> as much functionality as <tt>wpa_cli</tt>.
                </p>
+
+               <h2><tt>eduroam</tt></h2>
+               <p>
+               Eduroam gives a nice configuration assistant tools nowadays that will generate a <tt>wpa_supplicant.conf</tt> entry for you.
+               Previously you could hash your password using md4 but I haven't tested whether this still works.
+               </p>
+
+               <h3>update: <tt>cat</tt> broken</h3>
+               The tool worked before&trade; but not anymore on my debian testing version.
+               Therefore I've pasted my config here for later reference.
+               You get the <tt>ca_cert</tt> from the assistant tool.
+               I might upload that here as well.
+               <pre>
+network={
+       ssid="eduroam"
+       proto=RSN
+       key_mgmt=WPA-EAP
+       pairwise=CCMP
+       auth_alg=OPEN
+       eap=PEAP
+       identity="YOURUSERNAME@ru.nl"
+       anonymous_identity="anonymous@ru.nl"
+       password="YOURPASSWORD"
+#      ca_cert="/home/frobnicator/.cat_installer/ca.pem"
+       domain_suffix_match="authenticatie.ru.nl"
+       phase2="auth=MSCHAPV2"
+}
+               </pre>
+               </p>
+
+               <h2><tt>openssl</tt> update (not needed anymore)</h2>
+               <p>
+               The new version of openssl disables everything lower than TLSv1.2.
+               If you see errors in <tt>/var/log/syslog</tt> about <tt>TLS</tt> you have to allow lower version TLS versions by changing the last two lines in <tt>/etc/ssl/openssl.cnf</tt> to:
+               <pre>
+MinProtocol = TLSv1.0
+CipherString = DEFAULT@SECLEVEL=1
+               </pre>
+               </p>
+
+               <h2>Interaction with wired interfaces</h2>
+               <p>
+               When you have an ethernet jack as well in your laptop you might be tempted to put this in your <tt>/etc/network/interfaces</tt> as well
+               <pre>
+auto enp0s31f6
+iface enp0s31f6 inet dhcp
+               </pre>
+               However, this results in your machine eagerly waiting for a connection at boot because a <em>connected</em> ethernet jack means a connected card, and the card is always connected in a laptop.
+               <tt>ifupdown-extra</tt> contains scripts to fix this.
+               Just link <tt>/etc/network/if-up.d/00check-network-cable</tt> to <tt>/etc/network/if-pre-up.d/00check-network-cable</tt> and be good to go.
+               If your system has <em>predictable</em> network names you might need to apply <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970359">this</a> patch first
+               </p>
        </body>
 </html>
Website repo for martlubbers.net/lubbe.rs/triestemuziek.nl