Source string Read only

(itstool) path: sect4/programlisting
83/830
Context English State
Protected EAP (<acronym>PEAP</acronym>) is designed as an alternative to <acronym>EAP-TTLS</acronym> and is the most used <acronym>EAP</acronym> standard after <acronym>EAP-TLS</acronym>. In a network with mixed operating systems, <acronym>PEAP</acronym> should be the most supported standard after <acronym>EAP-TLS</acronym>.
<acronym>PEAP</acronym> is similar to <acronym>EAP-TTLS</acronym> as it uses a server-side certificate to authenticate clients by creating an encrypted <acronym>TLS</acronym> tunnel between the client and the authentication server, which protects the ensuing exchange of authentication information. <acronym>PEAP</acronym> authentication differs from <acronym>EAP-TTLS</acronym> as it broadcasts the username in the clear and only the password is sent in the encrypted <acronym>TLS</acronym> tunnel. <acronym>EAP-TTLS</acronym> will use the <acronym>TLS</acronym> tunnel for both the username and password.
Add the following lines to <filename>/etc/wpa_supplicant.conf</filename> to configure the <acronym>EAP-PEAP</acronym> related settings:
network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=PEAP <co xml:id="co-peap-eap"/>
identity="test" <co xml:id="co-peap-id"/>
password="test" <co xml:id="co-peap-passwd"/>
ca_cert="/etc/certs/cacert.pem" <co xml:id="co-peap-cacert"/>
phase1="peaplabel=0" <co xml:id="co-peap-pha1"/>
phase2="auth=MSCHAPV2" <co xml:id="co-peap-pha2"/>
}
This field contains the parameters for the first phase of authentication, the <acronym>TLS</acronym> tunnel. According to the authentication server used, specify a specific label for authentication. Most of the time, the label will be <quote>client <acronym>EAP</acronym> encryption</quote> which is set by using <literal>peaplabel=0</literal>. More information can be found in <citerefentry><refentrytitle>wpa_supplicant.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
This field specifies the authentication protocol used in the encrypted <acronym>TLS</acronym> tunnel. In the case of <acronym>PEAP</acronym>, it is <literal>auth=MSCHAPV2</literal>.
<acronym>WEP</acronym>
Wired Equivalent Privacy (<acronym>WEP</acronym>) is part of the original 802.11 standard. There is no authentication mechanism, only a weak form of access control which is easily cracked.
<acronym>WEP</acronym> can be set up using <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.1.100</replaceable> netmask <replaceable>255.255.255.0</replaceable> \
ssid <replaceable>my_net</replaceable> wepmode on weptxkey <replaceable>3</replaceable> wepkey <replaceable>3:0x3456789012</replaceable></userinput>
The <literal>weptxkey</literal> specifies which <acronym>WEP</acronym> key will be used in the transmission. This example uses the third key. This must match the setting on the access point. When unsure which key is used by the access point, try <literal>1</literal> (the first key) for this value.
The <literal>wepkey</literal> selects one of the <acronym>WEP</acronym> keys. It should be in the format <replaceable>index:key</replaceable>. Key <literal>1</literal> is used by default; the index only needs to be set when using a key other than the first key.
Replace the <literal>0x3456789012</literal> with the key configured for use on the access point.
Refer to <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry> for further information.
The <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> facility can be used to configure a wireless interface with <acronym>WEP</acronym>. The example above can be set up by adding the following lines to <filename>/etc/wpa_supplicant.conf</filename>:
network={
ssid="my_net"
key_mgmt=NONE
wep_key3=3456789012
wep_tx_keyidx=3
}
Then:
<prompt>#</prompt> <userinput>wpa_supplicant -i <replaceable>wlan0</replaceable> -c /etc/wpa_supplicant.conf</userinput>
Trying to associate with 00:13:46:49:41:76 (SSID='dlinkap' freq=2437 MHz)
Associated with 00:13:46:49:41:76
Ad-hoc Mode
<acronym>IBSS</acronym> mode, also called ad-hoc mode, is designed for point to point connections. For example, to establish an ad-hoc network between the machines <systemitem>A</systemitem> and <systemitem>B</systemitem>, choose two <acronym>IP</acronym> addresses and a <acronym>SSID</acronym>.
On <systemitem>A</systemitem>:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode adhoc</userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
ether 00:11:95:c3:0d:ac
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g &lt;adhoc&gt;
status: running
ssid freebsdap channel 2 (2417 Mhz 11g) bssid 02:11:95:c3:0d:ac
country US ecm authmode OPEN privacy OFF txpower 21.5 scanvalid 60
protmode CTS wme burst
The <literal>adhoc</literal> parameter indicates that the interface is running in <acronym>IBSS</acronym> mode.
<systemitem>B</systemitem> should now be able to detect <systemitem>A</systemitem>:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode adhoc</userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> up scan</userinput>
SSID/MESH ID BSSID CHAN RATE S:N INT CAPS
freebsdap 02:11:95:c3:0d:ac 2 54M -64:-96 100 IS WME
The <literal>I</literal> in the output confirms that <systemitem>A</systemitem> is in ad-hoc mode. Now, configure <systemitem>B</systemitem> with a different <acronym>IP</acronym> address:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.2</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g &lt;adhoc&gt;
status: running
ssid freebsdap channel 2 (2417 Mhz 11g) bssid 02:11:95:c3:0d:ac
country US ecm authmode OPEN privacy OFF txpower 21.5 scanvalid 60
protmode CTS wme burst
Both <systemitem>A</systemitem> and <systemitem>B</systemitem> are now ready to exchange information.
FreeBSD Host Access Points
FreeBSD can act as an Access Point (<acronym>AP</acronym>) which eliminates the need to buy a hardware <acronym>AP</acronym> or run an ad-hoc network. This can be particularly useful when a FreeBSD machine is acting as a gateway to another network such as the Internet.
Before configuring a FreeBSD machine as an <acronym>AP</acronym>, the kernel must be configured with the appropriate networking support for the wireless card as well as the security protocols being used. For more details, see <xref linkend="network-wireless-basic"/>.

Loading…

No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

The translations in several languages have failing checks

Reset

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect4/programlisting
Flags
no-wrap, read-only
Source string location
book.translate.xml:65535
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10759