Xsupplicant

From SOWNWiki
Jump to: navigation, search
Name Xsupplicant
Platform(s) Windows XP, Windows Vista, Linux
Website http://open1x.sourceforge.net

Xsupplicant is an open source 802.1x client being developed by the OpenSEA Alliance. Currently in Major version 2, it runs under Windows XP. In the coming months, it will be ported to Windows Vista and Linux (possible MacOS). The main motivation for cross platform development is that institutions such as Universities and alike would only have to support a single client, rather than the multitude of different clients that run on different platforms.

Introduction

The 802.1x project is currently engaged in heavy testing of this client. There have been several bugs of varying severity located, and some issues commented on about the gui. Most of these niggles should be worked out over the coming months before porting to other platforms commences.

Generally the client is a feature rich client with full support for all main EAP protocols and inner methods. Being gui based, it is quite intuitive, and a lot more userfriendly than several of its competitors. It is far more powerful than the Windows XP client which has significant design flaws.

Configuring Xsupplicant

Specific Instructions

SOWN community accounts

SOWN community Accounts have certain restrictions on EAP types and internal handshake methods. The technical details and reasoning behind them can be found on the 802.1x and FreeRadius pages.

SOWN community Accounts MUST use EAP-TTLS and PAP in the following instructions. If you use any of the other methods, Authentication will simply fail.

We are currently working on a resolution to this problem.

ISS, ECS users

Users making use of SOWN-802.1x SSIDs should configure the client using the Any of the EAP technologies supported by the University. These currently include EAP-TTLS, and EAP-PEAP using MSCHAP, MSCHAPv2, PAP, and CHAP (where approrpriate). Insert your choice of protocols, and your ISS/ECS credentials in place of SOWN Specific information.

Eduroam Users

Your home institution should have made you aware of what EAP-Methods it supports. Whether making use of our eduroam SSIDs or one of our 802.1x SSIDs replace any SOWN specific settings with those for your home institution in the following.

General instructions

Get Configuration Menu

xsupconf1.png

Right Click the Open1x tray item and select 'Configure'

Find Advanced Settings

xsupconf2.png

Select the 'Options' tab

Click 'Show Advanced Configuration' Button.

Create a new Profile

xsupconf3.png

Click on 'Profiles' in the Tree menu, and click 'New'.

Configure Profile Settings

xsupconf4.png

Give your profile a useful name eg 'SOWN EAP-TTLS'

Select 'EAP-TTLS' from the Protocol drop down box.

Uncheck 'Validate Server Certificate' -- will need to change this when we have a working certificate...

Check 'Use this identity' and enter anything@sown.org.uk in the box.

Select 'PAP' from the 'Tunnel Protocol' box.

Configure Login Details

xsupconf5.png

Select the 'User Credentials' tab.

Select 'Don't prompt for anything (Use this username and password)'

Enter your SOWN username and password into the boxes.

Click save.

Create New Connection

Select 'Connections' from the tree menu followed by the 'New' Button.

Give your connection a useful name like 'SOWN-802.1x(wpa)'

Configure Connection

Select your wireless card from the 'Adapter' drop down box.

Click the 'Rescan' Box.

Select the [SOWN]-802.1x SSID from the drop down box. SOWN 802.1x SSIDs support WPA+WPA2 unless otherwise indicated (by the addition of WEP to the SSID).

Select the appropriate Association Mode from the drop down box (WPA-Enterprise for WPA enabled SSIDs, Dynamic WEP 802.1x for WEP SSIDs)

Select the profile you just created from the 'Profile' drop down menu.

Click Save.

Connect to Network

xsupconf6.png

Double click on the System tray icon.

Select your new Connection from the 'Connection' box, Click Connect.

Assuming everything is fine, it should now authenticate you and you will have access to the internet. Remember if you are a ISS/ECS/eduroam user you should substitute your own EAP/PAP settings in the above.