Difference between revisions of "Spacenet"

From Hackerspace ACKspace
Jump to: navigation, search
m (starting to clean up the subobject mess)
m (my head hurts~~)
Line 183: Line 183:
  
 
== Available SSID's ==
 
== Available SSID's ==
{{#subobject:WLAN
+
{{#subobject:
 
  |SSID=spacenet
 
  |SSID=spacenet
 
  |Band=5GHz
 
  |Band=5GHz
Line 189: Line 189:
 
  |Text=Spacenet
 
  |Text=Spacenet
 
}}
 
}}
{{#subobject:WLAN
+
{{#subobject:
 
  |SSID=spacenet_legacy
 
  |SSID=spacenet_legacy
 
  |Band=2.4GHz
 
  |Band=2.4GHz
Line 195: Line 195:
 
  |Text=Spacenet for hardware that does not have a 5GHz WLAN interface
 
  |Text=Spacenet for hardware that does not have a 5GHz WLAN interface
 
}}
 
}}
{{#subobject:WLAN
+
{{#subobject:
 
  |SSID=ACKspaceWifi
 
  |SSID=ACKspaceWifi
 
  |Band=2.4GHz
 
  |Band=2.4GHz
 
  |IEEE=802.11g
 
  |IEEE=802.11g
 
  |Text=More or less reserved for IoT and the like. Usage is discouraged
 
  |Text=More or less reserved for IoT and the like. Usage is discouraged
}}
 
{{#subobject:WLAN
 
|SSID=test
 
|Band=2.4GHz
 
|IEEE=802.11g
 
|Text=Fake
 
}}
 
{{#subobject:WLAN
 
|SSID=tryout
 
|Band=5GHz
 
|IEEE=802.11ac
 
|Text=Also fake
 
 
}}
 
}}
  
 
+
Here is the list of available wireless networks:
WLAN all:
+
{{#ask: [[WLAN::+]] }}
+
 
+
 
+
WLAN spacenet:
+
{{#ask: [[WLAN:: ~spacenet*; ?; ? ; ?]] }}
+
 
+
 
{{#ask:
 
{{#ask:
  [[WLAN::+]]
+
  [[-Has subobject::{{FULLPAGENAME}}]]
  |? WLAN
+
|mainlabel=-
  |? IEEE
+
  |?SSID
 +
|?Band
 +
  |?IEEE
 +
|?Text
 
}}
 
}}
  
  
Here is the list of available wireless networks:
+
Here is the list of available wireless SPACENET networks:
 
{{#ask:
 
{{#ask:
  [[-Has subobject::{{FULLPAGENAME}}]]  
+
  [[SSID::~spacenet*]]
 +
|mainlabel=-
 
  |?SSID
 
  |?SSID
 
  |?Band
 
  |?Band
 
  |?IEEE
 
  |?IEEE
 
  |?Text
 
  |?Text
 +
| index=0
 +
| link=all
 +
| format=broadtable
 +
| headers=plain
 +
| class=sortable wikitable smwtable
 +
| default=unknown item
 
}}
 
}}
  
 
[[Category:Network]]
 
[[Category:Network]]

Revision as of 09:59, 19 April 2019

Project: Spacenet
Featured: No
State Completed
Members Xopr, Stuiterveer
GitHub No GitHub project defined. Add your project here.
Description Connect to an encrypted accesspoint using your own credentials in every hackerspace
Picture
Linux spacenet connect dialog.png

We haz spacenet.

Certificate

NOTE
We have this new certificate (since April 2015)

the certificate, as from /etc/freeradius/certs/server.pem

-----BEGIN CERTIFICATE-----
MIICrDCCAZSgAwIBAgIJAMjCD6YctrsTMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNV
BAMTA3N0azAeFw0xMzEwMTYxOTIxMjZaFw0yMzEwMTQxOTIxMjZaMA4xDDAKBgNV
BAMTA3N0azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMma4GFfqU8l
RhusbiqAAMWha3x4a/gsVLL5IycWIh9wkHr+5nwgzEzj/ZUxUEqkKPq6l1AAbJ3i
eaEhI9X2MeT2Vur7azio/l+VWnnvhS7ZaY8ywDWa89QSAvtxxi3v7WQgCYwvVtcx
Cy/wotJXRKVgSjwlBvMnCFAR9cbgNk134ew+EObuL6srMmIJiTQMxUQiczInHuU4
KAR9WgZJ3AWqQwRNBoDu7+zeUgFqSMDOjmwkQ01ho48CNCOcxkTZJa+AI34PcPA0
O0I9dDcdUbZpNZWBpOkbcgVCGugise2j9oY2DoyGko8HDDoD+WMdzFG63uqSmZZs
G7RM64lerVECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEA
aGiSuucx07a9xnl0GiAQFkoLmNcWs5C8+8PNE7YHYNkPtDQ0etMWqNd7jTaWrxIq
StA1bJWMfNeN1uSO0VM6zp2e+kgiO90Q133Po4f1B3dTu+/qYsbU35vdUcL1gQTu
WNcbTEQjEhAj1Ft8q+L08COcVqws4ATJEhAwKCq57ld+8o+p4CGRb9Y4OtY/1yja
NY7CSjcB2uYKhazj+UQOtXFv3f4SDQ3E9fQpcVXmvg+uctHt0QlWLfZZTHqzBuM0
WmgOMqfMn5C5jYn3CtQCR7srfegUzzo8918BwQ3AwnpcxwwQhHkfNGHBUPOKy/5U
y3JynLzV+LNs2kjsmzwiLQ==
-----END CERTIFICATE-----

Connecting

Go to the chapter of your operating system below.

Linux

Copy & Paste the certificate above into a file and name it ackspace.pem

Put it in your own home folder.

Linux WIFI settings:

field setting
Network name spacenet and/or spacenet_legacy
Wireless security WPA & WPA2 Enterprise
Authentication Tunneled TLS (TTLS), or PEAP
Anonymous identity anonymous@ackspace.nl
CA certificate ackspace.pem
PEAP version (optional) automatic Inner
Inner authentication MSCHAPv2 (or PAP without a certificate)
Username <user>@ackspace.nl
Password you should know this

Linux spacenet connect dialog.png

Windows 7

<Da_Syntax>

Windows 7 uses ntlm v2 and will fail trying to authenticate with the router.
In order to fix this run (win+'r') "secpol.msc" and do the following:
Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level"
and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box
Press Ok, reboot ... profit!!

</Da_Syntax>


Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.

You should manually create a wireless network under "Manage wireless networks".

Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.

EAP-MSCHAPv2

  • SSID: spacenet
  • Security type: WPA2-Enterprise
  • Encryption type: AES
  • Authentication: Microsoft: Protected EAP (PEAP)


DO NOT USE CERTIFICATE WITH WINDOWS.

DO NOT ENTER RADIUS NAME OR IP.


  • Validate server certificate (good practice)
    • Connect to these servers: common-name of the certificate installed on your RADIUS server
    • Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
  • Authentication method: secured passwords (EAP-MSCHAP v2)
    • Do NOT use windows logon name and password (will probably not work for you)
  • Use user authentication
    • Save credentials: user@ackspace.nl with your password


Windows mschap 1.png

Windows mschap 2.png

Windows mschap 3.png

Windows mschap 4.png

Windows mschap 5.png

EAP-TLS

  • Make sure your device has a client certificate issued by your PKI
  • SSID: spacenet
  • Security type: WPA2-Enterprise
  • Encryption type: AES
  • Authentication: Microsoft: Smart Card or other certificate
  • Validate server certificate (good practice)
    • Connect to these servers: common-name of the certificate installed on your RADIUS server
    • Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server

Windows tls 1.png

Windows tls 2.png

iOS (iPhone and iPad)

just use your username and password an accept the certificate.


SailfishOS (Jolla)

For ease of typing on a big keyboard, make sure you have Developer mode and Remote connection enabled. Connect to the phone using SSH, gain root, and create the server certificate.

ssh nemo@<ip>
su-devel
vi /etc/ssl/certs/ACKspace.pem

press i, paste the certificate info, press Esc, :wq followed by enter

Create the WPA2 enterprise config:

vi /var/lib/connman/wifi_spacenet.config

press i and paste the following text:

[service_spacenet]
Type=wifi
Name=spacenet
EAP=peap
CACertFile=/etc/ssl/certs/ACKspace.pem
Phase2=MSCHAPV2
Identity=<user>@ackspace.nl
Passphrase=<your password>

Logout, disable wifi, enable it again. Go to System, WLAN, connect to internet, and tap WLAN spacenet shouldbe in the list; tap to connect.

How to register

To use Spacenet, ACKspace needs to store your plain text username (the part before @ackspace.nl) and an NTLM hash of your password you wish to use. If you use the hashes generator, make sure you enter your password without username or domain etc.

Contact PsychiC, Vicarious, Xopr or Stuiterveer if you'd wish to register.

Info for freeradius admin

edit /etc/freeradius/users Add either one of lines

noobuser Cleartext-Password := "foobar123"
leetuser NT-Password := "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

NTLM hash generator
(note that there is no roundtrip involved, hash is generated client-side using utf8-to-utf16 little endian and md4 hash)

NTLM.py

Click here to view python examples of NTLM hash generators
  import hashlib,binascii
  passwd = '$password'
  print 'NTLM hash is', binascii.hexlify(hashlib.new('md4', passwd.encode('utf-16le')).digest())
# OR use
  import smbpasswd # via [apt-get install | yum install] python-smbpasswd
  passwd = '$password'
  print 'NTLM hash is', smbpasswd.nthash(passwd)

Available SSID's

Here is the list of available wireless networks:

SSIDBandIEEEText
This property is a special property in this wiki.
spacenet5GHz802.11acSpacenet
spacenet_legacy2.4GHz802.11gSpacenet for hardware that does not have a 5GHz WLAN interface
ACKspaceWifi2.4GHz802.11gMore or less reserved for IoT and the like. Usage is discouraged


Here is the list of available wireless SPACENET networks:

SSIDBandIEEEText
spacenet5GHz802.11acSpacenet
spacenet_legacy2.4GHz802.11gSpacenet for hardware that does not have a 5GHz WLAN interface