You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in the group: Users.
Free text:
__TOC__ We haz [https://spacefed.net/index.php?title=Spacenet spacenet]. == Certificate == Note: this certificate is from December 2023 and is for spacenet only. There is another certificate inside [[file:ackspace.ovpn.7z]] which is for [[VPN]] only. the certificate, as from /etc/freeradius/certs/server.pem {{ACKspaceNetCert}} == Connecting == Go to the chapter of your operating system below. === Linux === Copy & Paste the certificate above into a file and name it ackspace.pem Put it in your own home folder. Linux WIFI settings: {| class="wikitable" ! scope="col" | field ! scope="col" | setting |- | Network name || {{#ask: [[SSID::~spacenet*]] |mainlabel=- |headers=hide |?SSID |?Band | format=list |sep= and/or }} |- | Wireless security || WPA & WPA2 Enterprise |- | Authentication || Tunneled TLS (TTLS), or PEAP |- | Anonymous identity || anonymous@ackspace.nl |- | CA certificate || ackspace.pem |- | PEAP version (optional) || automatic Inner |- | Inner authentication || MSCHAPv2 (or PAP without a certificate) |- | Username || <user>'''@ackspace.nl''' |- | Password || you should know this |} [[Image:linux spacenet connect dialog.png|400px]] ==== auto VPN ==== If you're using spacenet on a remote (untrusted) location, it's a good idea to use the ACKspace [[VPN]] on top of it. You can auto-connect by: * click on the network icon * click ''Edit Connections...'' * doubleclick '''spacenet''' * go to tab ''General'' * check ''Automatically connect to VPN'' * select '''ackspace''' * click ''Save'' [[Image:auto_vpn.png|400px]] === Windows 7 === <Da_Syntax> :Windows 7 uses ntlm v2 and will fail trying to authenticate with the router. :In order to fix this run (win+'r') "secpol.msc" and do the following: :Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" :and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box :Press {{b|Ok}}, reboot ... profit!! </Da_Syntax> Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box. You should manually create a wireless network under "Manage wireless networks". Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS. ==== EAP-MSCHAPv2 ==== * SSID: spacenet * Security type: WPA2-Enterprise * Encryption type: AES * Authentication: Microsoft: Protected EAP (PEAP) DO NOT USE CERTIFICATE WITH WINDOWS. DO NOT ENTER RADIUS NAME OR IP. * Validate server certificate (good practice) ** Connect to these servers: common-name of the certificate installed on your RADIUS server ** Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server * Authentication method: secured passwords (EAP-MSCHAP v2) ** Do NOT use windows logon name and password (will probably not work for you) * Use user authentication ** Save credentials: user@ackspace.nl with your password [[Image:windows_mschap_1.png]] [[Image:windows_mschap_2.png]] [[Image:windows_mschap_3.png]] [[Image:windows_mschap_4.png]] [[Image:windows_mschap_5.png]] ==== EAP-TLS ==== * Make sure your device has a client certificate issued by your PKI * SSID: spacenet * Security type: WPA2-Enterprise * Encryption type: AES * Authentication: Microsoft: Smart Card or other certificate * Validate server certificate (good practice) ** Connect to these servers: common-name of the certificate installed on your RADIUS server ** Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server [[Image:windows_tls_1.png]] [[Image:windows_tls_2.png]] === iOS (iPhone and iPad) === just use your username and password an accept the certificate. === SailfishOS (Jolla) === For ease of typing on a big keyboard, make sure you have Developer mode and Remote connection enabled. Connect to the phone using SSH, gain root, and create the server certificate. ssh nemo@<ip> su-devel vi /etc/ssl/certs/ACKspace.pem press {{k|i}}, paste the certificate info, press {{k|Esc}}, {{k|:}}{{k|w}}{{k|q}} followed by {{k|enter}} Create the WPA2 enterprise config: vi /var/lib/connman/wifi_spacenet.config press {{k|i}} and paste the following text: [service_spacenet] Type=wifi Name=spacenet EAP=peap CACertFile=/etc/ssl/certs/ACKspace.pem Phase2=MSCHAPV2 Identity=<user>'''@ackspace.nl''' Passphrase=<your password> Logout, disable wifi, enable it again. Go to System, WLAN, connect to internet, and tap WLAN spacenet shouldbe in the list; tap to connect. == How to register == To use Spacenet, ACKspace needs to store your plain text username (the part before @ackspace.nl) and an '''NTLM hash''' of your password you wish to use. Note that this hash is based on MD4 which can be cracked in microseconds (Also see [https://en.wikipedia.org/wiki/MD4#Security wikipedia]; Don't use an important password for this. If you use the hashes generator, make sure you enter your password without username or domain etc. Contact [[user:PsychiC|PsychiC]], [[user:Vicarious|Vicarious]], [[User:Xopr|Xopr]] or [[User:Stuiterveer|Stuiterveer]] if you'd wish to register. [[Category:Information]] == Info for freeradius admin == edit /etc/freeradius/users Add either one of lines :noobuser Cleartext-Password := "foobar123" :leetuser NT-Password := "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" {{#Widget:NTLMgenerator}} <div class="mw-collapsible mw-collapsed" id="mw-customcollapsible-spacestate_py"> ==== NTLM.py ==== <div class="mw-customtoggle-spacestate_py mw-code">Click here to view python examples of NTLM hash generators</div> <pre class="mw-collapsible-content"> import hashlib,binascii passwd = '$password' print 'NTLM hash is', binascii.hexlify(hashlib.new('md4', passwd.encode('utf-16le')).digest()) # OR use import smbpasswd # via [apt-get install | yum install] python-smbpasswd passwd = '$password' print 'NTLM hash is', smbpasswd.nthash(passwd) </pre> </div> == Available SSID's == {{#subobject: |SSID=spacenet |Band=5GHz |IEEE=802.11ac |Text=Spacenet }} {{#subobject: |SSID=spacenet_legacy |Band=2.4GHz |IEEE=802.11g |Text=Spacenet for hardware that does not have a 5GHz WLAN interface }} {{#subobject: |SSID=ACKspaceWifi |Band=2.4GHz |IEEE=802.11g |Text=More or less reserved for IoT and the like. Usage is discouraged }} Here is the list of available wireless networks: {{#ask: [[-Has subobject::{{FULLPAGENAME}}]] |mainlabel=- |?SSID |?Band |?IEEE |?Text }} [[Category:Network]]
Summary:
This is a minor edit Watch this page
Cancel
