summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-07-05 09:00:13 +0200
committerGitHub <noreply@github.com>2024-07-05 09:00:13 +0200
commit262dd9a972260dfab340367cbb40ba064bb2a1aa (patch)
treeb9f834937d27b15617177c7058011de31206c37c
parent0e70cea1daf2abf9c9074bb5da4f3de5c1aca833 (diff)
parent0c9499c5b3f7cc053c1f29ecf28d679c1a3156e2 (diff)
downloadvyos-1x-262dd9a972260dfab340367cbb40ba064bb2a1aa.tar.gz
vyos-1x-262dd9a972260dfab340367cbb40ba064bb2a1aa.zip
Merge pull request #3711 from part1cleth1ef/current
T6496: Added support for WPA-Enterprise client-mode
-rw-r--r--data/templates/wifi/wpa_supplicant.conf.j214
-rw-r--r--interface-definitions/interfaces_wireless.xml.in20
-rwxr-xr-xsrc/conf_mode/interfaces_wireless.py9
3 files changed, 38 insertions, 5 deletions
diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2
index ac857a04a..04088e1ad 100644
--- a/data/templates/wifi/wpa_supplicant.conf.j2
+++ b/data/templates/wifi/wpa_supplicant.conf.j2
@@ -61,6 +61,8 @@ network={
# If not set, this defaults to: WPA-PSK WPA-EAP
{% if security.wpa.mode is vyos_defined('wpa3') %}
key_mgmt=SAE
+{% elif security.wpa.username is vyos_defined %}
+ key_mgmt=WPA-EAP WPA-EAP-SHA256
{% else %}
key_mgmt=WPA-PSK WPA-PSK-SHA256
{% endif %}
@@ -76,8 +78,18 @@ network={
# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
# startup and reconfiguration time can be optimized by generating the PSK only
# only when the passphrase or SSID has actually changed.
+{% if security.wpa.username is vyos_defined %}
+ identity="{{ security.wpa.username }}"
+ password="{{ security.wpa.passphrase }}"
+ phase2="auth=MSCHAPV2"
+ eap=PEAP
+{% elif security.wpa.username is not vyos_defined %}
psk="{{ security.wpa.passphrase }}"
-{% else %}
+{% else %}
key_mgmt=NONE
+{% endif %}
+{% endif %}
+{% if bssid is vyos_defined %}
+ bssid={{ bssid }}
{% endif %}
}
diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in
index 0a62b3255..fdcb79b19 100644
--- a/interface-definitions/interfaces_wireless.xml.in
+++ b/interface-definitions/interfaces_wireless.xml.in
@@ -899,15 +899,16 @@
</properties>
<defaultValue>wpa+wpa2</defaultValue>
</leafNode>
+ #include <include/generic-username.xml.i>
<leafNode name="passphrase">
<properties>
- <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
+ <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
<valueHelp>
<format>txt</format>
- <description>Passphrase of at least 8 but not more than 63 printable characters</description>
+ <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description>
</valueHelp>
<constraint>
- <regex>.{8,63}</regex>
+ <regex>[[:ascii:]]{1,256}</regex>
</constraint>
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
@@ -940,6 +941,19 @@
<constraintErrorMessage>Invalid SSID</constraintErrorMessage>
</properties>
</leafNode>
+ <leafNode name="bssid">
+ <properties>
+ <help>Basic Service Set Identifier (BSSID) - currently station mode only</help>
+ <valueHelp>
+ <format>macaddr</format>
+ <description>BSSID (MAC) address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="mac-address"/>
+ </constraint>
+ <constraintErrorMessage>Invalid BSSID</constraintErrorMessage>
+ </properties>
+ </leafNode>
<leafNode name="type">
<properties>
<help>Wireless device type for this interface</help>
diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py
index 73944dc8b..5fd7ab6e9 100755
--- a/src/conf_mode/interfaces_wireless.py
+++ b/src/conf_mode/interfaces_wireless.py
@@ -184,11 +184,18 @@ def verify(wifi):
if not any(i in ['passphrase', 'radius'] for i in wpa):
raise ConfigError('Misssing WPA key or RADIUS server')
+ if 'username' in wpa:
+ if 'passphrase' not in wpa:
+ raise ConfigError('WPA-Enterprise configured - missing passphrase!')
+ elif 'passphrase' in wpa:
+ # check if passphrase meets the regex .{8,63}
+ if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63:
+ raise ConfigError('WPA passphrase must be between 8 and 63 characters long')
if 'radius' in wpa:
if 'server' in wpa['radius']:
for server in wpa['radius']['server']:
if 'key' not in wpa['radius']['server'][server]:
- raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}')
+ raise ConfigError(f'Missing RADIUS shared secret key for server: {server}')
if 'capabilities' in wifi:
capabilities = wifi['capabilities']