綾小路龍之介の素人思考

[debian] wpa_supplicant で WPA2,AES,EAP-TLS 方式の無線 LAN

debian で WN-G54/CBL を使って wpa2 の無線 LAN を使う。

PKCS#12 証明書から認証局証明書 (cacert.pm)、クライアント証明書 (cert.pem)、プライベートキー (key.pem)を取り出す。PKCS#12 証明書のパスワードが必要。

$ openssl pkcs12 -in example.p12 -out cacert.pem -cacerts -nokeys
Enter Import Password:
MAC verified OK
$ openssl pkcs12 -in example.p12 -out cert.pem -clcerts -nokeys
Enter Import Password:
MAC verified OK
$ openssl pkcs12 -in example.p12 -out key.pem -nocerts
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

/etc/wpa_supplicant.confを作成。

# cat /etc/wpa_supplicant.conf
network={
        ssid="XXX"
        scan_ssid=1
        key_mgmt=WPA-EAP
        pairwise=CCMP TKIP
        group=CCMP TKIP
        eap=TLS
        identity="XXXXXXXXXX"
        ca_cert="/XXXXXXX/cacert.pem"
        client_cert="/XXXXXXX/cert.pem"
        private_key="/XXXXXXX/key.pem"
        private_key_passwd="XXXXXXXXXXXXXXXXXXX"
}

wpa_supplicant を起動して、接続状態の確認とIPアドレスの取得。

# wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf
# iwconfig
lo        no wireless extensions.

wlan0     IEEE 802.11bg  ESSID:"XXX"
          Mode:Managed  Frequency:2.437 GHz  Access Point: XXXXXXXXXXXXXXXXX
          Bit Rate=54 Mb/s   Tx-Power=20 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=39/70  Signal level=-71 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:3   Missed beacon:0

eth0      no wireless extensions.
# dhclient wlan0

よさそうなら起動時に設定を反映させる。

# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
        address 192.168.20.1
        netmask 255.255.255.0

auto wlan0
iface wlan0 inet dhcp
        pre-up wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf
        post-down killall -q wpa_supplicant

リファレンス

  1. Wireless Security - WPA2 EAP-TLS using wpa_supplicant howto
  2. WN-G54/CBL | 仕様 | 無線LAN子機 | IODATA アイ・オー・データ機器

ソーシャルブックマーク

  1. はてなブックマーク
  2. Google Bookmarks
  3. del.icio.us

ChangeLog

  1. Posted: 2010-08-03T13:38:36+09:00
  2. Modified: 2010-08-03T13:38:36+09:00
  3. Generated: 2017-03-15T23:09:19+09:00