Difference between revisions of "Spacenet"
m (starting to clean up the subobject mess) |
m (my head hurts~~) |
||
| Line 183: | Line 183: | ||
== Available SSID's == | == Available SSID's == | ||
| − | {{#subobject: | + | {{#subobject: |
|SSID=spacenet | |SSID=spacenet | ||
|Band=5GHz | |Band=5GHz | ||
| Line 189: | Line 189: | ||
|Text=Spacenet | |Text=Spacenet | ||
}} | }} | ||
| − | {{#subobject: | + | {{#subobject: |
|SSID=spacenet_legacy | |SSID=spacenet_legacy | ||
|Band=2.4GHz | |Band=2.4GHz | ||
| Line 195: | Line 195: | ||
|Text=Spacenet for hardware that does not have a 5GHz WLAN interface | |Text=Spacenet for hardware that does not have a 5GHz WLAN interface | ||
}} | }} | ||
| − | {{#subobject: | + | {{#subobject: |
|SSID=ACKspaceWifi | |SSID=ACKspaceWifi | ||
|Band=2.4GHz | |Band=2.4GHz | ||
|IEEE=802.11g | |IEEE=802.11g | ||
|Text=More or less reserved for IoT and the like. Usage is discouraged | |Text=More or less reserved for IoT and the like. Usage is discouraged | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
}} | }} | ||
| − | + | Here is the list of available wireless networks: | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
{{#ask: | {{#ask: | ||
| − | [[ | + | [[-Has subobject::{{FULLPAGENAME}}]] |
| − | |? | + | |mainlabel=- |
| − | |? IEEE | + | |?SSID |
| + | |?Band | ||
| + | |?IEEE | ||
| + | |?Text | ||
}} | }} | ||
| − | Here is the list of available wireless networks: | + | Here is the list of available wireless SPACENET networks: |
{{#ask: | {{#ask: | ||
| − | [[ | + | [[SSID::~spacenet*]] |
| + | |mainlabel=- | ||
|?SSID | |?SSID | ||
|?Band | |?Band | ||
|?IEEE | |?IEEE | ||
|?Text | |?Text | ||
| + | | index=0 | ||
| + | | link=all | ||
| + | | format=broadtable | ||
| + | | headers=plain | ||
| + | | class=sortable wikitable smwtable | ||
| + | | default=unknown item | ||
}} | }} | ||
[[Category:Network]] | [[Category:Network]] | ||
Revision as of 09:59, 19 April 2019
| Project: Spacenet | |
|---|---|
| Featured: | No |
| State | Completed |
| Members | Xopr, Stuiterveer |
| GitHub | No GitHub project defined. Add your project here. |
| Description | Connect to an encrypted accesspoint using your own credentials in every hackerspace |
| Picture | |
| |
Contents
We haz spacenet.
Certificate
the certificate, as from /etc/freeradius/certs/server.pem
-----BEGIN CERTIFICATE----- MIICrDCCAZSgAwIBAgIJAMjCD6YctrsTMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNV BAMTA3N0azAeFw0xMzEwMTYxOTIxMjZaFw0yMzEwMTQxOTIxMjZaMA4xDDAKBgNV BAMTA3N0azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMma4GFfqU8l RhusbiqAAMWha3x4a/gsVLL5IycWIh9wkHr+5nwgzEzj/ZUxUEqkKPq6l1AAbJ3i eaEhI9X2MeT2Vur7azio/l+VWnnvhS7ZaY8ywDWa89QSAvtxxi3v7WQgCYwvVtcx Cy/wotJXRKVgSjwlBvMnCFAR9cbgNk134ew+EObuL6srMmIJiTQMxUQiczInHuU4 KAR9WgZJ3AWqQwRNBoDu7+zeUgFqSMDOjmwkQ01ho48CNCOcxkTZJa+AI34PcPA0 O0I9dDcdUbZpNZWBpOkbcgVCGugise2j9oY2DoyGko8HDDoD+WMdzFG63uqSmZZs G7RM64lerVECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEA aGiSuucx07a9xnl0GiAQFkoLmNcWs5C8+8PNE7YHYNkPtDQ0etMWqNd7jTaWrxIq StA1bJWMfNeN1uSO0VM6zp2e+kgiO90Q133Po4f1B3dTu+/qYsbU35vdUcL1gQTu WNcbTEQjEhAj1Ft8q+L08COcVqws4ATJEhAwKCq57ld+8o+p4CGRb9Y4OtY/1yja NY7CSjcB2uYKhazj+UQOtXFv3f4SDQ3E9fQpcVXmvg+uctHt0QlWLfZZTHqzBuM0 WmgOMqfMn5C5jYn3CtQCR7srfegUzzo8918BwQ3AwnpcxwwQhHkfNGHBUPOKy/5U y3JynLzV+LNs2kjsmzwiLQ== -----END CERTIFICATE-----
Connecting
Go to the chapter of your operating system below.
Linux
Copy & Paste the certificate above into a file and name it ackspace.pem
Put it in your own home folder.
Linux WIFI settings:
| field | setting |
|---|---|
| Network name | spacenet and/or spacenet_legacy |
| Wireless security | WPA & WPA2 Enterprise |
| Authentication | Tunneled TLS (TTLS), or PEAP |
| Anonymous identity | anonymous@ackspace.nl |
| CA certificate | ackspace.pem |
| PEAP version (optional) | automatic Inner |
| Inner authentication | MSCHAPv2 (or PAP without a certificate) |
| Username | <user>@ackspace.nl |
| Password | you should know this |
Windows 7
<Da_Syntax>
- Windows 7 uses ntlm v2 and will fail trying to authenticate with the router.
- In order to fix this run (win+'r') "secpol.msc" and do the following:
- Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level"
- and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box
- Press Ok, reboot ... profit!!
</Da_Syntax>
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.
You should manually create a wireless network under "Manage wireless networks".
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.
EAP-MSCHAPv2
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Protected EAP (PEAP)
DO NOT USE CERTIFICATE WITH WINDOWS.
DO NOT ENTER RADIUS NAME OR IP.
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
- Authentication method: secured passwords (EAP-MSCHAP v2)
- Do NOT use windows logon name and password (will probably not work for you)
- Use user authentication
- Save credentials: user@ackspace.nl with your password
EAP-TLS
- Make sure your device has a client certificate issued by your PKI
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Smart Card or other certificate
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
iOS (iPhone and iPad)
just use your username and password an accept the certificate.
SailfishOS (Jolla)
For ease of typing on a big keyboard, make sure you have Developer mode and Remote connection enabled. Connect to the phone using SSH, gain root, and create the server certificate.
ssh nemo@<ip> su-devel vi /etc/ssl/certs/ACKspace.pem
press i, paste the certificate info, press Esc, :wq followed by enter
Create the WPA2 enterprise config:
vi /var/lib/connman/wifi_spacenet.config
press i and paste the following text:
[service_spacenet] Type=wifi Name=spacenet EAP=peap CACertFile=/etc/ssl/certs/ACKspace.pem Phase2=MSCHAPV2 Identity=<user>@ackspace.nl Passphrase=<your password>
Logout, disable wifi, enable it again. Go to System, WLAN, connect to internet, and tap WLAN spacenet shouldbe in the list; tap to connect.
How to register
To use Spacenet, ACKspace needs to store your plain text username (the part before @ackspace.nl) and an NTLM hash of your password you wish to use. If you use the hashes generator, make sure you enter your password without username or domain etc.
Contact PsychiC, Vicarious, Xopr or Stuiterveer if you'd wish to register.
Info for freeradius admin
edit /etc/freeradius/users Add either one of lines
- noobuser Cleartext-Password := "foobar123"
- leetuser NT-Password := "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
NTLM hash generator
(note that there is no roundtrip involved, hash is generated client-side using utf8-to-utf16 little endian and md4 hash)
NTLM.py
import hashlib,binascii
passwd = '$password'
print 'NTLM hash is', binascii.hexlify(hashlib.new('md4', passwd.encode('utf-16le')).digest())
# OR use
import smbpasswd # via [apt-get install | yum install] python-smbpasswd
passwd = '$password'
print 'NTLM hash is', smbpasswd.nthash(passwd)
Available SSID's
Here is the list of available wireless networks:
| SSID | Band | IEEE | Text"Text" is a predefined property that represents text of arbitrary length and is provided by Semantic MediaWiki. |
|---|---|---|---|
| spacenet_legacy | 2.4GHz | 802.11g | Spacenet for hardware that does not have a 5GHz WLAN interface |
| ACKspaceWifi | 2.4GHz | 802.11g | More or less reserved for IoT and the like. Usage is discouraged |
| spacenet | 5GHz | 802.11ac | Spacenet |
Here is the list of available wireless SPACENET networks:
| SSID | Band | IEEE | Text |
|---|---|---|---|
| spacenet_legacy | 2.4GHz | 802.11g | Spacenet for hardware that does not have a 5GHz WLAN interface |
| spacenet | 5GHz | 802.11ac | Spacenet |
