Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Testing your eduroam setup (especially when you are new) can be daunting. The developers of the wpa_supplicant software on Linux provide a handy tool called eapol_test that will test an EAP authentication flow like a client with a lot of debug information. 

eapol_test is traditionally only available on Linux. Instructions to build it for Linux and for 64-bit Windows (Windows 7 and later) are below.

If you do not want to build eapol_test for Windows yourself, you can download a digitally signed copy at Github: https://github.com/janetuk/eapol_test

Linux

Build on Linux

Preparatory work

Install the usual build-tools:

...

Code Block
languagebash
sudo apt-get install libssl-dev

NOTE: The following packages may also be required: libdbus-1-dev, libnl-3-dev, libnl-route-3-dev and libnl-genl-3-dev, as well as configuration changes in dbus/dbus_new.c (Ubuntu 20).

Building eapol_test

Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz

Unpack the wpa_supplicant distribution, change into the wpa_supplicant/ subdirectory and create the default config file by executing

...

Code Block
languagebash
make eapol_test

Running ./eapol_test without parameters will display the command-line parameters.

Windows

Currently the The instructions for Windows depend on either using a Linux host (such as a virtual machine), or a container if you are using Docker or similar). The instructions following here are for virtual machine-based building.

...

installing the MinGW64 compiler on Windows. For the former, we recommend a recent version of Ubuntu Linux because it includes recent versions of the required tools. For the latter, the instructions were tested on Windows 7 Enterprise, but should continue to be accurate for Windows 10.

1. Cross-compile on Linux for Windows

Preparatory work

Install Ubuntu 20.

Install MinGW:

Code Block
languagebash
sudo apt-get install mingw-w64

Install the usual build - tools and MinGW:

Code Block
languagebash
sudo apt-get install build-essential mingw-w64

Configuration

Create the script file /usr/bin/mingw64

Code Block
languagebash
#!/bin/sh
PREFIX=x86_64-w64-mingw32
export CC=$PREFIX-gcc
export CXX=$PREFIX-g++
export CPP=$PREFIX-cpp
export AR=$PREFIX-ar
export AS=$PREFIX-as
export NM=$PREFIX-nm
export WINDRES=$PREFIX-windres
export RANLIB=$PREFIX-ranlib
export ADDR2LINE=$PREFIX-addr2line
export DLLTOOL=$PREFIX-dlltool
export DLLWRAP=$PREFIX-dllwrap
export ELFEDIT=$PREFIX-elfedit
export OBJCOPY=$PREFIX-objcopy
export OBJDUMP=$PREFIX-objdump
export READELF=$PREFIX-readelf
export SIZE=$PREFIX-size
export STRINGS=$PREFIX-strings
export STRIP=$PREFIX-strip
export WINDMC=$PREFIX-windmc
export GCOV=$PREFIX-gcov
export PATH="/usr/x86_64-w64-mingw32/bin:$PATH"
exec "$@"

Make it executable by all

Code Block
languagebash
sudo chmod a+x /usr/bin/mingw64

Building the sources

Download eapol_test.c.patch (for wpa_supplicant v2.9 or earlier) and eapol_test.config from https://github.com/janetuk/eapol_test

Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz

Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz


Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it when you build eapol_test.exe

Change to the libtommath directory. Run the build command

Code Block
languagebash
mingw64 make

This should now build successfully and leave you with a library in the directory.

...

Edit the .config file. Find the line ifndef CONFIG_INTERNAL_LIBTOMMATHLTM_PATH=, change the line below it to the directory you built libtommath in:

Code Block
languagebash
LTM_PATH=<directory where you built libtommath>

(for wpa_supplicant v2.9 or earlier) Run the patching command to fix eapol_test.c

Code Block
languagebash
patch eapol_test.c <full path to eapol_test.c.patch>

...

Code Block
languagebash
CFLAGS=" -Wno-error=pointer-to-int-cast -MMD -O2 -g -w" mingw64 make eapol_test

You should now have an eapol_test.exe

...

 around 6-7 MB in size.

Copy this to a Windows box. Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.

2. Build on Windows

Preparatory work

Download and install MinGW-W64 from https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/installer/mingw-w64-install.exe

Run the installer, mingw-w64-install.exe. Because it is not signed, Windows will prompt you to confirm whether you wish to run this executable.

During the the installation, you will be prompted for the following:

  • Version: 8.1.0 (default)
  • Architecture: x86_64
  • Threads: win32
  • Exception: seh

Accept all other defaults.

Configuration

Create a batch file: C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0\mingw64\bin\mingw64.bat

Code Block
languagebash
@echo off
set PREFIX=x86_64-w64-mingw32
set CC=%PREFIX%-gcc.exe
set CXX=%PREFIX%-g++.exe
set CPP=%PREFIX%-c++.exe
set GCOV=%PREFIX%-gcov.exe
set MAKE=mingw32-make.exe
%*

Save it. 

Building the sources

Download eapol_test.c (for wpa_supplicant v2.9 or earlier only) and eapol_test.config from https://github.com/janetuk/eapol_test. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop.

Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz

Download wpa_supplicant's source at https://w1.fi/releases/

Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it later. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\libtommath-1.2.0

Unpack the wpa_supplicant distribution. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\wpa-2.9


Open a MinGW-W64 prompt by opening the menu, going to All Programs > MinGW-W64 project > x86_64-8.1.0-win32-seh-rt_v6-rev0 > Run terminal.

Code Block
languagebash
C:\>_

Change to the libtommath directory. Run the build command

Code Block
languagebash
C:\> cd C:\Users\Administrator\Desktop\libtommath-1.2.0
C:\Users\Administrator\Desktop\libtommath-1.2.0> mingw64.bat %MAKE%

This should build successfully and leave you with a library in the directory.

Copy eapol_test.config to the wpa_supplicant subdirectory.

Code Block
languagebash
cd C:\Users\Administrator\Desktop
copy eapol_test.config wpa-2.9\wpa_supplicant\.config

(for wpa_supplicant v2.9 or earlier only) Copy eapol_test.c to the wpa_supplicant subdirectory. You will likely be prompted to overwrite eapol_test.c. Confirm by answering 'Y'.

Code Block
languagebash
cd C:\Users\Administrator\Desktop
copy eapol_test.c wpa-2.9\wpa_supplicant\eapol_test.c

Change to the wpa_supplicant subdirectory. 

Code Block
languagebash
C:\Users\Administrator\Desktop> cd wpa-2.9\wpa_supplicant

Edit the .config file. Find the line LTM_PATH=, change it to the directory you built libtommath in:

Code Block
languagebash
LTM_PATH=C:\Users\Administrator\Desktop\libtommath-1.2.0

Edit the Makefile and replace the CFLAGS= line near the top of the file with this:

Code Block
languagebash
CFLAGS= -Wno-error=pointer-to-int-cast -MMD -O2 -g -w

Run the build command

Code Block
languagebash
C:\Users\Administrator\Desktop\wpa-2.9\wpa_supplicant> mingw64.bat %MAKE% eapol_test

You should now have an eapol_test.exe around 6-7 MB in size.

Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.

Testing with eapol_test

Testing with eapol_test on Linux or Windows will ultimately yield the same results. The configuration files for use with the utility are identical on either platform. Here is a sample configuration file you can use.

Configuration file

Code Block
languagetext
network={
  phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=1 peapver=0"
  key_mgmt=WPA-EAP
  eap=PEAP
  identity="<username@realm>"
  anonymous_identity="@realm"
  password="<userpassword>"
  phase2="eapauth=MSCHAPV2 mschapv2_retry=0"
#  ca_cert="<full path of the CA root certificate>"
#  subject_match="<subject CN>"
#  altsubject_match="<DNS: entry from subjectAltName>"
#  domain_match="<subject CN>"
}

To use server certificate validation, uncomment the ca_cert line.

...