Code Monkey home page Code Monkey logo

esp8266-eduroam's Introduction

esp8266-eduroam

eduroam on a esp8266 SoC

Prerequisites

Use esp-open-sdk toolchain for building firmware.

Notes:

  • use version 1.5.2 or later of the espressif sdk for EAP-TLS support.
  • use version 2.0.0 or later of the espressif sdk for PEAP or EAP-TTLS support.

PEAP still has issues that need to be resolved:

  • the EAP outer identity seems fixed to [email protected].
  • MS-Chapv2 authentication fails for some reason.

build ESP8266 eduroam demo

cd user
make

Use esptool to burn your demo program:

make flash

Setup authentication server

The test environment consists of an Ubuntu VM. VirtualBox is used to host the VMs. Vagrant is used to automate VM management. Ansible is used for provisioning

To get started, use:

vagrant up

to build the VM, and use:

vagrant ssh

to logon. In the sequel we assume you are working on the guest VM.

debugging

For debugging it is useful to generate additional logging. Stop the freeradius daemon and start it in debugging mode:

sudo invoke-rd.d freeradius stop
sudo freeradius -X

A simple test without using EAP:

radtest john secret 127.0.0.1 100 testing123

This should result in an Access-Accept.

debugging EAP-TLS

sh test/eapol_test_install.sh

You should now have a new binary /usr/local/bin/eapol_test.

To test EAP configuration using PEAP (useful because client certificates are not involved):

eapol_test -c /vagrant/test/eapol_test.conf.peap -a127.0.0.1 -p1812 -stesting123

To test EAP configuration using TLS:

eapol_test -c /vagrant/test/eapol_test.conf.tls -a127.0.0.1 -p1812 -stesting123

Certificates

Client and server certificates for testing are included in the x509 directory. Both certificates are issued by a demo Certification Authority. You can renew certificates using the Makefile in that directory, or replace certificates and keys with your own (in which case you should also replace the CA certificate known to the server).

Open issues

  • Be careful storing production keys on your esp8266. It is probably quite easy for others to retrieve these keys when you loose your esp.
  • I do not know of any way to verify the server certificate against the CA certificate when using SDK version 1.5.x. This means your WiFi client is prone to a man-in-the-middle attack. Use version 2.x of the SDK to verify the CA certificate on the client.

esp8266-eduroam's People

Contributors

joostd avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.