Open kapyaar opened 6 years ago
OK, I went a step further, got a TP Link EAP access point, and configured it with an external radius server, created a testUser, etc. Then, First, I connected my iphone to this network. It connected, asked for my username and password, and successfully authenticated. It did ask about trusting a certificate, and clicked 'Trust'. Connection succeeded ,I could browse the internet, no issues. Then, I tried with ESP, with various minor code changes, and no success. But the good thing is, now I can see what is happening on the radius server. ESP does connect to the AP, but it is the radius auth that is failing. I belive this has to do with the way ESP core is sending info? I am suspecting that the 'Trust this certificate' part that I saw on iphone might be the step that somehow is missing when ESP is attempting to connect?
Someone who is familiar with the core might be able to help.
Log when Iphone connects successfully.
Access Request: Packet-Type = Access-Request
Packet-Src-IP-Address = 172.101.117.178
Packet-Dst-IP-Address = 10.142.0.4
Packet-Src-Port = 51481
Packet-Dst-Port = 8315
User-Name = "testUser"
NAS-IP-Address = 192.168.0.254
NAS-Port = 0
Called-Station-Id = "84-16-F9-88-81-62"
Calling-Station-Id = "24-F0-94-0A-86-91"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0200000e0161766172616368616e
Message-Authenticator = 0x38078a459ea243868a46981130743784
Event-Timestamp = "May 8 2018 18:00:50 UTC"
Tmp-Integer-3 = 8315
Tmp-String-1 = "local"
Called-Station-SSID = "UB_Secure"
Request-Session = "A8EtE6twSP"
Timestamp = 1525802450
Request Reply: Packet-Type = Access-Accept
User-Name = "testUser"
MS-MPPE-Recv-Key = 0xd5cbe4473c46d30e890fe3c3924d523e6be032b3094bf14b60e05af5ba9b519e
MS-MPPE-Send-Key = 0xc73ef4774c2323653421aa7f4c84edd981bdbbd5112528c5d67f3ffff6176047
EAP-MSK = 0xd5cbe4473c46d30e890fe3c3924d523e6be032b3094bf14b60e05af5ba9b519ec73ef4774c2323653421aa7f4c84edd981bdbbd5112528c5d67f3ffff6176047
EAP-EMSK = 0xbcfd626b8b288217d499fcdfeab443e447c3b249f9f40534ce118b27195fcb726a5bfcb8d4daf828ac7fc5b197cae480f10d3269b95671ac1f2b55a4ec7afa25
EAP-Session-Id = 0x195af1e5d304697d2ba6c623125bbde0d6d1840641b961bab216fa17cb09a377c85af1e5d3a10361a0bfaa66c6476aa301b1e6ac09448148ccdf10a057fd9b8cab
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
Timestamp = 1525802456
authdate: 2018-05-08 14:00:50
called_station_id: 84-16-F9-88-81-62
calling_station_id: 24-F0-94-0A-86-91
inner_username: testUser
port: 8315
result: Access-Accept
username: testUser
Now, with ESP conecting,
Access Request: Packet-Type = Access-Request
Packet-Src-IP-Address = 172.101.117.178
Packet-Dst-IP-Address = 10.142.0.4
Packet-Src-Port = 51481
Packet-Dst-Port = 8315
User-Name = "testUser"
NAS-IP-Address = 192.168.0.254
NAS-Port = 0
Called-Station-Id = "84-16-F9-88-81-62"
Calling-Station-Id = "5C-CF-7F-19-D7-AE"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0200000e0161766172616368616e
Message-Authenticator = 0xb4e7aff218206bc6a65477bc7dd91c98
Event-Timestamp = "May 8 2018 19:15:04 UTC"
Tmp-Integer-3 = 8315
Tmp-String-1 = "local"
Called-Station-SSID = "UB_Secure"
Request-Session = "dx6I5LuWl0"
Timestamp = 1525806904
Request Reply: Packet-Type = Access-Reject
EAP-Message = 0x04010004
Message-Authenticator = 0x00000000000000000000000000000000
Timestamp = 1525806905
authdate: 2018-05-08 15:15:04
called_station_id: 84-16-F9-88-81-62
calling_station_id: 5C-CF-7F-19-D7-AE
port: 8315
result: Access-Reject
username: testUser
By the way, if it helps I would be more than happy to work with anyone familiar on this via screen sharing or other modes if that helps.
Playing around more on this, I tried the following. I tried to connect my iphone to the enterprise network with the correct username but wrong password. This time, Two interesting finds.
Does this light any bulbs, any one? :)
Radius log for iphone with correct username and wrong password
Access Request: Packet-Type = Access-Request
Packet-Src-IP-Address = 172.101.117.178
Packet-Dst-IP-Address = 10.142.0.4
Packet-Src-Port = 51481
Packet-Dst-Port = 8315
User-Name = "testUser"
NAS-IP-Address = 192.168.0.254
NAS-Port = 0
Called-Station-Id = "84-16-F9-88-81-62"
Calling-Station-Id = "24-F0-94-0A-86-91"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0200000e0161766172616368616e
Message-Authenticator = 0x73ed9adc6cc07fc6452963f2a4a3bc3e
Event-Timestamp = "May 9 2018 18:57:46 UTC"
Tmp-Integer-3 = 8315
Tmp-String-1 = "local"
Called-Station-SSID = "UB_Secure"
Request-Session = "UOBQhUF1IQ"
Timestamp = 1525892266
Request Reply: Packet-Type = Access-Reject
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Timestamp = 1525892268
authdate: 2018-05-09 14:57:46
called_station_id: 84-16-F9-88-81-62
calling_station_id: 24-F0-94-0A-86-91
inner_username: testUser
port: 8315
result: Access-Reject
username: testUser
Radius log for ESP with correct username and password
Access Request: Packet-Type = Access-Request
Packet-Src-IP-Address = 172.101.117.178
Packet-Dst-IP-Address = 10.142.0.4
Packet-Src-Port = 51481
Packet-Dst-Port = 8315
User-Name = "testUser"
NAS-IP-Address = 192.168.0.254
NAS-Port = 0
Called-Station-Id = "84-16-F9-88-81-62"
Calling-Station-Id = "5C-CF-7F-19-D7-AE"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0201000e0161766172616368616e
Message-Authenticator = 0x66ae3c9a3d6a4306437f42d954911411
Event-Timestamp = "May 9 2018 18:32:16 UTC"
Tmp-Integer-3 = 8315
Tmp-String-1 = "local"
Called-Station-SSID = "UB_Secure"
Request-Session = "4lutlg4WNe"
Timestamp = 1525890736
Request Reply: Packet-Type = Access-Reject
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Timestamp = 1525890736
authdate: 2018-05-09 14:32:16
called_station_id: 84-16-F9-88-81-62
calling_station_id: 5C-CF-7F-19-D7-AE
port: 8315
result: Access-Reject
username: testUser
@d-a-v Your link is messed up
Any update on this for ESP8266 WPA2-enterprise PEAP?
Did we have any success with ESP8266 WPA2-enterprise PEAP?
not possible with ESP8266. Got success with ESP32 but only works with few network, not with all. Finally shifted to RPI3B+
Platform
Settings in IDE
Problem Description
I am trying to connect an ESP to wpa2 network at my university. it keeps looping between scandone, and trying to connect, then disconnect. I tried so many variations based on different examples that people say worked for them, this is kind of a jamboree of such code. I also tried with eduroam and pretty much the same result.
Once user mentioned he had this working on 2.4.0, so I went back to that version from 2.4.1, yet no success with that either.
Edit: I got a test enterprise router, and am testing with an external radius router now.
MCVE Sketch
Debug Messages