diff options
| -rw-r--r-- | data/templates/wifi/wpa_supplicant.conf.j2 | 14 | ||||
| -rw-r--r-- | interface-definitions/interfaces_wireless.xml.in | 16 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_wireless.py | 9 |
3 files changed, 34 insertions, 5 deletions
diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2 index ac857a04a..8839663e1 100644 --- a/data/templates/wifi/wpa_supplicant.conf.j2 +++ b/data/templates/wifi/wpa_supplicant.conf.j2 @@ -61,6 +61,8 @@ network={ # If not set, this defaults to: WPA-PSK WPA-EAP {% if security.wpa.mode is vyos_defined('wpa3') %} key_mgmt=SAE +{% elif security.wpa.username is vyos_defined %} + key_mgmt=WPA-EAP WPA-EAP-SHA256 {% else %} key_mgmt=WPA-PSK WPA-PSK-SHA256 {% endif %} @@ -76,8 +78,18 @@ network={ # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant # startup and reconfiguration time can be optimized by generating the PSK only # only when the passphrase or SSID has actually changed. +{% if security.wpa.username is vyos_defined %} + identity="{{ security.wpa.username }}" + password="{{ security.wpa.passphrase }}" + phase2="auth=MSCHAPV2" + eap=PEAP +{% elif security.wpa.username is not vyos_defined %} psk="{{ security.wpa.passphrase }}" -{% else %} +{% else %} key_mgmt=NONE +{% endif %} +{% endif %} +{% if security.bssid is vyos_defined %} + bssid={{ security.bssid }} {% endif %} } diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 0a62b3255..dd2ae02bc 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -723,6 +723,15 @@ <help>Wireless security settings</help> </properties> <children> + <leafNode name="bssid"> + <properties> + <help>Basic Service Set Identifier (BSSID)</help> + <constraint> + <regex>([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}</regex> + </constraint> + <constraintErrorMessage>Invalid BSSID</constraintErrorMessage> + </properties> + </leafNode> <node name="station-address"> <properties> <help>Station MAC address based authentication</help> @@ -899,15 +908,16 @@ </properties> <defaultValue>wpa+wpa2</defaultValue> </leafNode> + #include <include/generic-username.xml.i> <leafNode name="passphrase"> <properties> - <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> + <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> <valueHelp> <format>txt</format> - <description>Passphrase of at least 8 but not more than 63 printable characters</description> + <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description> </valueHelp> <constraint> - <regex>.{8,63}</regex> + <regex>.*</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py index 73944dc8b..5fd7ab6e9 100755 --- a/src/conf_mode/interfaces_wireless.py +++ b/src/conf_mode/interfaces_wireless.py @@ -184,11 +184,18 @@ def verify(wifi): if not any(i in ['passphrase', 'radius'] for i in wpa): raise ConfigError('Misssing WPA key or RADIUS server') + if 'username' in wpa: + if 'passphrase' not in wpa: + raise ConfigError('WPA-Enterprise configured - missing passphrase!') + elif 'passphrase' in wpa: + # check if passphrase meets the regex .{8,63} + if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63: + raise ConfigError('WPA passphrase must be between 8 and 63 characters long') if 'radius' in wpa: if 'server' in wpa['radius']: for server in wpa['radius']['server']: if 'key' not in wpa['radius']['server'][server]: - raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}') + raise ConfigError(f'Missing RADIUS shared secret key for server: {server}') if 'capabilities' in wifi: capabilities = wifi['capabilities'] |