You are not logged in.
After I had success setting up openconnect with netctl and pass (this thread), I had the idea to change all my netctl profiles to use pass to store the key.
With my wifi at home using a pre-shared key this works perfectly fine. However, it does not work with eduroam.
My config looks as follows:
Connection='wireless'
Interface=wlan0
Security='wpa-configsection'
Description="eduroam network"
IP='dhcp'
TimeoutWPA=30
LOCAL_USERNAME=stupidus
REMOTE_USERNAME=name-of-the-file-in-pass
PASSWORD=`su ${LOCAL_USERNAME} -c "pass ${REMOTE_USERNAME}" | head -n 1`
WPAConfigSection=(
'ssid="eduroam"'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'proto=WPA2'
'phase2="auth=PAP"'
'anonymous_identity="something"'
'identity="not-really-important@what.ever"'
'password="${PASSWORD}"'
)Using this config, I get the following error:
Apr 18 18:12:26 laptop kernel: wlan0: authenticate with xx:xx:xx:xx:xx
Apr 18 18:12:26 laptop kernel: wlan0: send auth to xx:xx:xx:xx:xx (try 1/3)
Apr 18 18:12:26 laptop kernel: wlan0: authenticated
Apr 18 18:12:26 laptop kernel: wlan0: associate with xx:xx:xx:xx:xx (try 1/3)
Apr 18 18:12:26 laptop kernel: wlan0: RX AssocResp from xx:xx:xx:xx:xx (capab=0x11 status=0 aid=25)
Apr 18 18:12:26 laptop kernel: wlan0: associated
Apr 18 18:12:26 laptop kernel: wlan0: Limiting TX power to 17 dBm as advertised by xx:xx:xx:xx:xx
Apr 18 18:12:29 laptop kernel: wlan0: deauthenticating from xx:xx:xx:xx:xx by local choice (Reason: 3=DEAUTH_LEAVING)
Apr 18 18:12:42 laptop kernel: wlan0: authenticate with xx:xx:xx:xx:xx
Apr 18 18:12:42 laptop kernel: wlan0: send auth to xx:xx:xx:xx:xx (try 1/3)
Apr 18 18:12:42 laptop kernel: wlan0: authenticated
Apr 18 18:12:42 laptop kernel: wlan0: associate with xx:xx:xx:xx:xx (try 1/3)
Apr 18 18:12:43 laptop kernel: wlan0: RX AssocResp from xx:xx:xx:xx:xx (capab=0x31 status=0 aid=110)
Apr 18 18:12:43 laptop kernel: wlan0: associated
Apr 18 18:12:43 laptop kernel: wlan0: Limiting TX power to 17 dBm as advertised by xx:xx:xx:xx:xx
Apr 18 18:12:55 laptop network[27487]: WPA association/authentication failed for interface 'wlan0'
Apr 18 18:12:55 laptop kernel: wlan0: deauthenticating from xx:xx:xx:xx:xx by local choice (Reason: 3=DEAUTH_LEAVING)
Apr 18 18:12:55 laptop network[27487]: Failed to bring the network up for profile 'wlan0-eduroam-2'I believe, the authentication does not work, because the command substitution in the password line does not work correctly. Maybe it is also related to the special quoting rules of wpa_supplicant. I tried all kinds of variations of the quoting (such as adding literal \"), but I still cannot get it to work. Is it even possible to use command substitution within the WPAConfigSection?
EDIT:
I got it to work after a lot of trial and error.
This is my netctl profile now:
Connection='wireless'
Interface=wlan0
Security='wpa-configsection'
Description="eduroam network"
IP='dhcp'
TimeoutWPA=30
LOCAL_USERNAME=stupidus
REMOTE_USERNAME=the-name-of-the-pass-file
PASSWORD=`su ${LOCAL_USERNAME} -c "pass ${REMOTE_USERNAME}" | head -n 1`
WPACONFIG="\
ssid=\"eduroam\"
key_mgmt=WPA-EAP
eap=TTLS
proto=WPA2
phase2=\"auth=PAP\"
anonymous_identity=\"anonymous@something.some\"
identity=\"someone@something.some\"
password=\"${PASSWORD}\""
WPAConfigSection=$(echo "$WPACONFIG")I was able to debug it by checking the temporary /run/network/wpa_supplicant.conf file, that netctl creates.
Last edited by stupidus (2016-04-19 15:54:00)
Offline