TKIP encryption and xsupplicant

[Jeff Stevens]

Jouni Malinen wrote:
> On Mon, Jan 24, 2005 at 07:42:36PM -0600, Jeff Stevens wrote:
>>I also have FC3, and I can tell you wpa_supplicant works with WPA, but 
>>not EAP-TLS.  So if I want to use my WPA at home, its wpa_supplicant. 
>>At work for EAP-TLS, its xsupplicant.  It's ugly, ugly switching between 
>>these two.
> 
> What do you mean with EAP-TLS? IEEE 802.1X with dynamic WEP keys (i.e.,
> no WPA) or WPA-Enterprise/EAP? Please give some more details of what is
> not working. wpa_supplicant has supported EAP-TLS with internal
> implementation since v0.2.1..
> 
I posted a problem with connecting to the AP at work, but the log I 
posted resulted in someone saying my AP is disconnecting me immediately. 
  I don't actually have access to the AP or any debug info...so I can 
only show you the config I have which is "supposed" to work based on the 
examples...

I inferred EAP-TLS based on the comments and the example, and the fact 
that I must use an Equifax certificate to authenticate.  I can't see 
other details on the protocol used by Windows (I don't know if the 
eapol_flag should be 3, 2 or 1, but I tried them all).

Config file:
-----------
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
network={
	ssid="dyndns"
	#scan_ssid=1
	proto=WPA
	key_mgmt=WPA-PSK
	pairwise=TKIP
	group=TKIP
	psk="xxxx"
}

# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
# EAP-TLS for authentication and key generation; require both unicast and
# broadcast WEP keys.
network={
	ssid="IBM"
	scan_ssid=1
	key_mgmt=IEEE8021X
	eap=TLS
	identity="jssteven at us.ibm.com"
	ca_cert="/etc/cert/ibmrootca.pem"
	client_cert="/etc/cert/jeffscert.cer"
	private_key="/etc/cert/jeffskey.pem"
	private_key_passwd="xxxx"
	eapol_flags=3
}

-- 
Jeffrey Stevens
gpg --keyserver pgp.mit.edu --recv-keys D2E5A4E8
Key fingerprint: 1C86 8717 E485 FA4D B9EF 96E2 A1AC 4B00 D2E5 A4E8