- My goal is: I want to connect my device to WPA-PEAP enabled network
- My actions are: I can able to set user name and password as per WiFi-STA configuration
- The result I see is: When I provide SSID, username, and password, the device is failing to connect, whenever the device is trying to connect and disconnect it is giving different reasons(Ex: disconnected, reason 204),
but through config-get, I can cross-check the SSID,user name password is set. - My expectation & question is: How to make the device to connect to a network which has WPA-PEAP mode enabled.
The device I am using is ESP32.
Please help to achieve it.
Thanks and regards
Lokesh CJ
PEAP means Protected EAP. How is that “protected” ? by means of a TLS layer that encrypts the actual EAP authentication. How does TLS encryption work ? Using symmetric keys derived from asymmetric keys validated through certificates. How does that TLS connection get established and how does the device know it will be using PEAP ? That happens in the negotiation phase, using EAP, and your device will get a hint from your AP (Access Point) and from your configuration.
You will need a bogus user name for the wrapping EAP and a real user name for your inner (protected) EAP, plus your CA certificate to validate your RADIUS certificate, and perhaps your user certificate and private key if your network is using mutual authentication. Your provider should be able to explain to you what you need.
In our particular case, your device will not try to perform EAP negotiation if it does not have a CA certificate configured.
- ["wifi.sta.enable", true] # Enable Station mode
- ["wifi.sta.ssid", "Sandbox"] # WiFi network name
- ["wifi.sta.user", "bob"] # Username for auth in PEAP/TTLS
- ["wifi.sta.pass", "hello"] # Password
- ["wifi.sta.anon_identity", "anonymous"] # Bogus identity for external EAP
- ["wifi.sta.cert", "sandboxclient.crt"] # Client certificate (* optional)
- ["wifi.sta.key", "sandboxclient.key"] # Client key (EAP-TLS or optional)
- ["wifi.sta.ca_cert", "ca.crt"] # CA certificate
@scaprile Thank you for the response.
I have tried setting the following to connect ESP32 to WPA-PEAP network
config_schema:
- ["wifi.ap.enable", false]
- ["wifi.sta.enable", true]
- ["wifi.sta.ssid", "FT-Test"]
- ["wifi.sta.user", "prem"]
- ["wifi.sta.pass", "JumpCloud#123"]
- ["wifi.sta.ca_cert", "radius.jumpcloud.com-2021"]
but still device fails to connect and shows following error:
[Sep 24 18:41:31.557] e[0;32mI (479598) phy_init: phy_version 4660,0162888,Dec 23 2020e[0m
[Sep 24 18:41:31.557] I (479618) wifi:mode : sta (9c:9c:1f:c5:52:bc)
[Sep 24 18:41:33.682] mgos_wifi_sta.c:516 Trying FT-Test AP 6e:3a:1e:84:5e:f1 RSSI -61 cfg 0 att 20
[Sep 24 18:41:33.682] esp32_wifi.c:653 WiFi STA: protocol BGN (0x7)
[Sep 24 18:41:33.682] esp32_wifi.c:410 Failed to read radius.jumpcloud.com-2021
[Sep 24 18:41:33.682] mgos_net.c:89 WiFi STA: connecting
[Sep 24 18:41:35.721] mgos_wifi.c:70 WiFi STA: Disconnected, reason: 201
[Sep 24 18:41:35.721] mgos_wifi_sta.c:536 Connect failed
[Sep 24 18:41:35.721] I (483768) wifi:flush txq
[Sep 24 18:41:35.721] I (483768) wifi:stop sw txq
[Sep 24 18:41:35.721] I (483778) wifi:lmac stop hw txq
[Sep 24 18:41:35.721] mgos_net.c:84 WiFi STA: disconnected
[Sep 24 18:41:37.777] mgos_wifi_sta.c:516 Trying FT-Test AP 8e:15:44:a9:7a:16 RSSI -65 cfg 0 att 20
[Sep 24 18:41:37.777] esp32_wifi.c:653 WiFi STA: protocol BGN (0x7)
[Sep 24 18:41:37.777] esp32_wifi.c:410 Failed to read radius.jumpcloud.com-2021
[Sep 24 18:41:37.777] e[0;32mI (485808) phy_init: phy_version 4660,0162888,Dec 23 2020e[0m
[Sep 24 18:41:37.777] I (485828) wifi:mode : sta (9c:9c:1f:c5:52:bc)
[Sep 24 18:41:37.777] mgos_net.c:89 WiFi STA: connecting
[Sep 24 18:41:39.828] mgos_wifi.c:70 WiFi STA: Disconnected, reason: 201
[Sep 24 18:41:39.828] mgos_wifi_sta.c:536 Connect failed
[Sep 24 18:41:39.828] I (487868) wifi:flush txq
[Sep 24 18:41:39.828] I (487868) wifi:stop sw txq
[Sep 24 18:41:39.828] I (487868) wifi:lmac stop hw txq
[Sep 24 18:41:39.828] mgos_net.c:84 WiFi STA: disconnected
[Sep 24 18:41:41.812] mgos_wifi_sta.c:496 No candidate APs
C:/mos/esp32_wpa
Do you actually have a file with that name in your device that is a valid certificate ?