WIFI STA - WPA-PEAP mode

#1
  1. My goal is: I want to connect my device to WPA-PEAP enabled network
  2. My actions are: I can able to set user name and password as per WiFi-STA configuration
  3. The result I see is: When I provide SSID, username, and password, the device is failing to connect, whenever the device is trying to connect and disconnect it is giving different reasons(Ex: disconnected, reason 204),
    but through config-get, I can cross-check the SSID,user name password is set.
  4. My expectation & question is: How to make the device to connect to a network which has WPA-PEAP mode enabled.
    The device I am using is ESP32.
    Please help to achieve it.
    Thanks and regards
    Lokesh CJ
#2

PEAP means Protected EAP. How is that “protected” ? by means of a TLS layer that encrypts the actual EAP authentication. How does TLS encryption work ? Using symmetric keys derived from asymmetric keys validated through certificates. How does that TLS connection get established and how does the device know it will be using PEAP ? That happens in the negotiation phase, using EAP, and your device will get a hint from your AP (Access Point) and from your configuration.

You will need a bogus user name for the wrapping EAP and a real user name for your inner (protected) EAP, plus your CA certificate to validate your RADIUS certificate, and perhaps your user certificate and private key if your network is using mutual authentication. Your provider should be able to explain to you what you need.
In our particular case, your device will not try to perform EAP negotiation if it does not have a CA certificate configured.

  - ["wifi.sta.enable", true]          # Enable Station mode
  - ["wifi.sta.ssid", "Sandbox"]       # WiFi network name
  - ["wifi.sta.user", "bob"]           # Username for auth in PEAP/TTLS
  - ["wifi.sta.pass", "hello"]         # Password
  - ["wifi.sta.anon_identity", "anonymous"] # Bogus identity for external EAP
  - ["wifi.sta.cert", "sandboxclient.crt"]  # Client certificate (*  optional)
  - ["wifi.sta.key", "sandboxclient.key"]   # Client key (EAP-TLS or optional)
  - ["wifi.sta.ca_cert", "ca.crt"]          # CA certificate
#3

@scaprile Thank you for the response.