You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Testing your eduroam setup (especially when you are new) can be daunting. The developers of the wpa_supplicant software on Linux provide a handy tool called eapol_test that will test an EAP authentication flow like a client with a lot of debug information. 

eapol_test is traditionally only available on Linux. Instructions to build it for Linux and for Windows are below.

Linux

Build on Linux

Preparatory work

Install the usual build-tools:

sudo apt-get install build-essential

Install the OpenSSL development files:

sudo apt-get install libssl-dev

Building eapol_test

Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz

Unpack the wpa_supplicant distribution, change into the wpa_supplicant/ subdirectory and create the default config file by executing

cp defconfig .config

Then, enable compilation of eapol_test by editing the .config file and setting (i.e. uncommenting)

CONFIG_EAPOL_TEST=y

You can then compile eapol_test with

make eapol_test

Windows

Currently the instructions for Windows depend on using a Linux host (such as a virtual machine or a container if you are using Docker or similar). The instructions following here are for virtual machine-based building.

Cross-compile on Linux for Windows

Preparatory work

Install Ubuntu 20.

Install MinGW:

sudo apt-get install mingw-w64

Install the usual build-tools:

sudo apt-get install build-essential

Configuration

Create the script file /usr/bin/mingw64

#!/bin/sh
PREFIX=x86_64-w64-mingw32
export CC=$PREFIX-gcc
export CXX=$PREFIX-g++
export CPP=$PREFIX-cpp
export AR=$PREFIX-ar
export AS=$PREFIX-as
export NM=$PREFIX-nm
export WINDRES=$PREFIX-windres
export RANLIB=$PREFIX-ranlib
export ADDR2LINE=$PREFIX-addr2line
export DLLTOOL=$PREFIX-dlltool
export DLLWRAP=$PREFIX-dllwrap
export ELFEDIT=$PREFIX-elfedit
export OBJCOPY=$PREFIX-objcopy
export OBJDUMP=$PREFIX-objdump
export READELF=$PREFIX-readelf
export SIZE=$PREFIX-size
export STRINGS=$PREFIX-strings
export STRIP=$PREFIX-strip
export WINDMC=$PREFIX-windmc
export GCOV=$PREFIX-gcov
export PATH="/usr/x86_64-w64-mingw32/bin:$PATH"
exec "$@"

Make it executable by all

sudo chmod a+x /usr/bin/mingw64

Building the sources

Download eapol_test.c.patch and eapol_test.config from https://github.com/janetuk/eapol_test

Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz

Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz


Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it when you build eapol_test.exe

Change to the libtommath directory. Run the build command

mingw64 make

This should build successfully and leave you with a library in the directory.

Unpack the wpa_supplicant distribution. Copy eapol_test.config to the wpa_supplicant subdirectory

cp eapol_test.config wpa_supplicant-2.9/wpa_supplicant/.config

Change to the wpa_supplicant subdirectory. 

Edit the .config file. Find the line ifndef CONFIG_INTERNAL_LIBTOMMATH, change the line below it to the directory you built libtommath in:

LTM_PATH=<directory where you built libtommath>

Run the patching command to fix eapol_test.c

patch eapol_test.c <full path to eapol_test.c.patch>

Run the build command

CFLAGS=" -Wno-error=pointer-to-int-cast -MMD -O2 -g -w" mingw64 make eapol_test

You should now have an eapol_test.exe with around 6707168 bytes in size.

Copy this to a Windows box. Run it without parameters. It should display command-line parameters.

Testing with eapol_test

Testing with eapol_test on Linux or Windows will ultimately yield the same results. The configuration files for use with the utility are identical on either platform. Here is a sample configuration file you can use.

Configuration file

network={
  phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=1 peapver=0"
  key_mgmt=WPA-EAP
  eap=PEAP
  identity="<username@realm>"
  anonymous_identity="@realm"
  password="<userpassword>"
  phase2="eapauth=MSCHAPV2"
#  ca_cert="<full path of the CA root certificate>"
}

To use server certificate validation, uncomment the ca_cert line.

To test various TLS handshakes within PEAP, enable (set to 0) the appropriate tls_disable_tlsv1... option.

To use EAP-TTLS, change the eap= line to TTLS

To change the second-phase authentication, you can either use an EAP inner method by specifying 'eapauth=', or a non-EAP inner method by specifying 'auth=' in the phase2= line.

For complete information on the configuration file format, visit https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf



  • No labels