| #include <ESP8266WiFi.h> | |
| extern "C" { | |
| #include "user_interface.h" | |
| #include "wpa2_enterprise.h" | |
| #include "c_types.h" | |
| } | |
| // SSID to connect to | |
| char ssid[] = "TEST_KRA"; | |
| char username[] = "matheus_garbelini"; | |
| char identity[] = "matheus_garbelini"; | |
| char password[] = "testtest"; | |
| uint8_t target_esp_mac[6] = {0x24, 0x0a, 0xc4, 0x9a, 0x58, 0x28}; | |
| void setup() { | |
| WiFi.mode(WIFI_STA); | |
| Serial.begin(115200); | |
| delay(1000); | |
| Serial.setDebugOutput(true); | |
| Serial.printf("SDK version: %s\n", system_get_sdk_version()); | |
| Serial.printf("Free Heap: %4d\n",ESP.getFreeHeap()); | |
| // Setting ESP into STATION mode only (no AP mode or dual mode) | |
| wifi_set_opmode(STATION_MODE); | |
| struct station_config wifi_config; | |
| memset(&wifi_config, 0, sizeof(wifi_config)); | |
| strcpy((char*)wifi_config.ssid, ssid); | |
| strcpy((char*)wifi_config.password, password); | |
| wifi_station_set_config(&wifi_config); | |
| wifi_set_macaddr(STATION_IF,target_esp_mac); | |
| wifi_station_set_wpa2_enterprise_auth(1); | |
| // Clean up to be sure no old data is still inside | |
| wifi_station_clear_cert_key(); | |
| wifi_station_clear_enterprise_ca_cert(); | |
| wifi_station_clear_enterprise_identity(); | |
| wifi_station_clear_enterprise_username(); | |
| wifi_station_clear_enterprise_password(); | |
| wifi_station_clear_enterprise_new_password(); | |
| wifi_station_set_enterprise_identity((uint8*)identity, strlen(identity)); | |
| wifi_station_set_enterprise_username((uint8*)username, strlen(username)); | |
| wifi_station_set_enterprise_password((uint8*)password, strlen((char*)password)); | |
| wifi_station_connect(); | |
| while (WiFi.status() != WL_CONNECTED) { | |
| delay(1000); | |
| Serial.print("."); | |
| } | |
| Serial.println("WiFi connected"); | |
| Serial.println("IP address: "); | |
| Serial.println(WiFi.localIP()); | |
| } | |
| void loop() { | |
| } |
@Matheus-Garbelini Is it possible to manually configure the IP address in your code instead of using DHCP addressing?
I currently have our IT department reserving the IP address for my NodeMCU by using its device name, which works but I'd prefer to be able to configure the IP on my end.
hi @ziogianni, you may need to confirm this, but check your EAP server logs, ESP32 may be using eap-tls version 1.0, which is can be rejected by EAP servers such as FreeRadius. In this case, I've had success by changing a TLS config as exemplified here: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks#attention
This may be different depending on what EAP server you are using. I've no idea if this is possible on Windows EAP server for example.
Hi @Matheus-Garbelini, I gave a check to the freeradius configuration files and as I supposed there was a section related to the TLS settings.
The two variables I found tls_min_version and tls_max_version in the eap.cnf file are respectively set to 1.0 and 1.3.
So TLS 1.0 should be already supported by the server I'm using.
Hello @ziogianni I was having a similar issue while using a NodeMCU. The board would try to connect then reboot, it would occasionally obtain an IP but would only stay connected to the network for about 8 seconds before rebooting again.
The thing that seemed to fix the problem for me was to go to the Tools tab in the Arduino IDE and after selecting the proper ESP board there should be an Erase Flash: drop down option towards the bottom. Try changing the default setting of "Only Sketch" to "All Flash Contents" I hope this helps.
@V-R-E Unfortunately it didn't work for me, it restarts and keeps saying Connection Status: 4
So it is possible to use WPA2 Enterprise with an esp8266?
Just a heads up everyone, if identity is not set, it will not be empty, it is acutually set to anonymous@espressif.com.
Here's my version of the above with websocket, works with peap mschapv2 at my uni:
https://gist.github.com/venetanji/d71dc271ebf51236ec6ce99aa48eee26
Hi, I'm getting this message from the Serial Monitor constantly. I am using a NodeMCU v1.0 board. I already set Erase Flash option to All flash contents but did not work.
Any comments on how to solve it?
,,,,,,,,,,pm open,type:2 0
14:40:29.211 -> ,,,,,,,,,,,,,,,,,,,,state: 5 -> 0 (2)
14:40:48.703 -> rm 0
14:40:48.703 -> pm close 7
14:40:48.703 -> reconnect
14:40:48.805 -> scandone
14:40:48.805 -> state: 0 -> 2 (b0)
14:40:48.805 -> state: 2 -> 3 (0)
14:40:48.805 -> state: 3 -> 5 (10)
14:40:48.805 -> add 0
14:40:48.805 -> aid 1
14:40:48.805 -> cnt
14:40:49.204 -> ,,,,,,,,,,pm open,type:2 0
14:40:59.208 -> ,,,,,,,,
Hi, thanks for yout reply.
The certs are in the following format :
char ssid[] = "CNIOPROF";
char username[] = "";
char identity[] = "";
char password[] = "xxxx";
That should be hex, right?
Regarding the TLS, I am using a nodemcu board whose TLS version is 1.2. How can I chech which versions are supported by the server?
After all what I do is basically uploading that code to the nodemcu.
I am quite new to this Arduino environment. Thanks for your patience.
I meet the same problem when use the code above. Using arduino IDE.
hardware: ESP-12F ESP8266MOD
using NodeMCU 1.0(ESP-12E)_ and erase all flash content
after it connect the wifi , it just keep about 8 second and then restart. Why this happened and if there is a valid method to solve this?
hi @ziogianni, you may need to confirm this, but check your EAP server logs, ESP32 may be using eap-tls version 1.0, which is can be rejected by EAP servers such as FreeRadius. In this case, I've had success by changing a TLS config as exemplified here: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks#attention
This may be different depending on what EAP server you are using. I've no idea if this is possible on Windows EAP server for example.