[Kindle Touch] Support for Enterprise WPA

[ixtab]

UPDATE for Firmware 5.1.0: This has become obsolete with firmware 5.1.0, because that firmware includes support for WPA-EAP. You can run the uninstaller either before, or after, you have updated.

Hi all,

I have created a launcher extension which allows to connect to Enterprise WPA (aka WPA-EAP) networks. There is no fancy GUI (configuration is via configuration files), but once it is correctly configured, at least you can connect to the network with a single click.

Installer/uninstaller files and source code are attached.

[ixtab]

I just found a small glitch in the shell script. If you're using this, please replace extensions/wpa_eap/wpa_eap.sh with the attached one.

Note that you can also run this script "interactively" if connected via usbnet, for instance:

Code:

sh /mnt/us/extensions/wpa_eap/wpa_eap.sh /mnt/us/extensions/wpa_eap/networks/sample.cfg

This outputs the configuration it will try to set using wpa_client, and the results of the invocation. This might be useful for troubleshooting.

Anyway, can anyone confirm that this is working not only for me?

Update: attachment removed, please install version 1.1 from above post. It includes this, and another small fix as well.

[thatworkshop]

Quote:

Originally Posted by ixtab

Hi all,

I have created a launcher extension which allows to connect to Enterprise WPA (aka WPA-EAP) networks. There is no fancy GUI (configuration is via configuration files), but once it is correctly configured, at least you can connect to the network with a single click.

Installer/uninstaller files and source code are attached.

I try not to be ignorant and dumb (RTFM rule ) but Update is disabled for me! (I know it was discussed in another thread and I gave advice to the poster myself how to figure it out) but can't do it now!!!
I even did this: After copying the bin to /mnt/us/, I disabled usbnetworking, unplugged then replugged USB cable so that it goes to USB drive mode. And I tried it when USB is unplugged but still grayed.

I wonder if Amazon has updated something in my Touch so no bins can be installed (I haven't tried this).

[ixtab]

for updates, either:
put them on the device via USB drive, then disconnect and use "Update my Kindle"

or
force an update from the shell:

Code:

lipc-set-prop com.lab126.ota startUpdate 1

[thatworkshop]

cool ixtab. Thanks.
(also I pm'ed you)

[nick-tech]

did anyone configure this for eduroam already?

[thatworkshop]

Quote:

Originally Posted by ixtab

I just found a small glitch in the shell script. If you're using this, please replace extensions/wpa_eap/wpa_eap.sh with the attached one.

Note that you can also run this script "interactively" if connected via usbnet, for instance:

Code:

sh /mnt/us/extensions/wpa_eap/wpa_eap.sh /mnt/us/extensions/wpa_eap/networks/sample.cfg

This outputs the configuration it will try to set using wpa_client, and the results of the invocation. This might be useful for troubleshooting.

Anyway, can anyone confirm that this is working not only for me?

Update: attachment removed, please install version 1.1 from above post. It includes this, and another small fix as well.

I tried the version 1.0 and refused to work for me. For some reason, I don't want to reboot my Touch, but were your changes in 1.1 significant so that it can work? What were the changes if I shall ask?

[ixtab]

Quote:

Originally Posted by cscat

I tried the version 1.0 and refused to work for me. For some reason, I don't want to reboot my Touch, but were your changes in 1.1 significant so that it can work? What were the changes if I shall ask?

What do you mean by "refused"?

"Refused" as in "software crashed and burned" or "refused" as in "I'm not sure if my parameters are correct"?

You are strongly encouraged to download the (just produced) version 1.2. If you don't want to install it using "update your Kindle", feel free to extract the contents of the .bin and manually install the files.

You are also strongly encouraged to test your configuration from the command line, because it provides potentially useful output. Once it works from the command line, it should also work using the launcher.

The changes are:
- version 1.1: fixes in wpa_eap.sh ("certificate not yet valid" logic was broken in 1.0, in the sense that it would always set the time to a particular timestamp regardless of the certificate; moreover, output when run from the shell is more useful in 1.1)
- version 1.2: fix in the invocation (originally forgot the leading slash of "/mnt/us...", I wonder why it even worked at all before).

[miguelos]

is there any chance to enable kindle touch to connect to peer-to-peer wifi networks ?
can't connect to my wifi router from mobile :/

[ixtab]

According to http://linuxwireless.org/en/users/Drivers/ath6kl , the driver (it's called "ar6003" on the Kindle) should in principle support ad-hoc mode. I guess that you will need to find the correct commands to make it do so, my first guess would be iwconfig.

If you find out how to do it, feel free to post your results here. Maybe I can include them in the file, so this could become an "enable officially unsupported Wireless modes" utility instead of an "enable WPA-EAP Wireless mode" utility only.

[matejs]

Quote:

Originally Posted by nick-tech

did anyone configure this for eduroam already?

Just did :-).

This is configuration for Eduroam at MFF UK, Czech Republic. (eduroam.cuni.cz).
It should work for other universities too. Tested on Kindle Touch 5.0.3 with package 1.2.

this is my eduroam.cfg:

Code:

ssid eduroam
scan_ssid 1
key_mgmt WPA-EAP
pairwise CCMP
group TKIP
eap PEAP
identity "12345678@cuni.cz"
password "****************"
anonymous_identity "@cuni.cz"
altsubject_match "DNS:radius1.eduroam.cuni.cz;DNS:radius2.eduroam.cuni.cz"
phase1 "peaplabel=0"
phase2 "auth=MSCHAPV2"

Change identity, password, anonymous_identity and radius servers.

Running 'iwlist scan' from your Kindle (or nearby Linux computer with WiFi) should give you the values for encryption ciphers (group, pairwise).

There seem to be multiple CA certificates used at different universities.
If you can't find those provided by your university, try one of the attached ones. UVT-89-version1-UTN (Terena CA) worked for me. Save the certificate as eduroam.pem .

[miguelos]

Quote:

Originally Posted by ixtab

According to http://linuxwireless.org/en/users/Drivers/ath6kl , the driver (it's called "ar6003" on the Kindle) should in principle support ad-hoc mode. I guess that you will need to find the correct commands to make it do so, my first guess would be iwconfig.

If you find out how to do it, feel free to post your results here. Maybe I can include them in the file, so this could become an "enable officially unsupported Wireless modes" utility instead of an "enable WPA-EAP Wireless mode" utility only.

The only thing I managed to do was to change wlan0 mode to ad-hoc
iwconfig wlan0 mode ad-hoc

but every try to connect to my ad-hoc network resulted in reverting back to managed mode and autoconnection to my wifi router ;/

[nick-tech]

thank you matejs,

I will test that as soon as I'm back at my university and then post my results here

[wuschel83]

I have tryed this for eduroam germany, but it doesn´t work:
eduroam.cfg:
ssid eduroam
scan_ssid 1
key_mgmt WPA-EAP
eap TTLS
identity "XXXXX@uni-giessen.de"
anonymous_identity="anonymous@uni-giessen.de"
password "XXXXXXXX"
phase2 "auth=PAP"

eduroam.pem:
-----BEGIN CERTIFICATE-----
MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQ YDVQQGEwJERTEc
MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECx MWVC1UZWxlU2Vj
IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZW tvbSBSb290IENB
IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQ swCQYDVQQGEwJE
RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1 UECxMWVC1UZWxl
U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVG VsZWtvbSBSb290
IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQ CrC6M14IspFLEU
ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaA GtuU1cOs7TuKhC
QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqr iTtM2e66foai1S
NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY 8ZTNXeWHmb0moc
QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7 zaAzTVjlsB9WoH
txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsy udMzAP
BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSK pk+tYcNthEeFpa
IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C 4Gdyd1Lx+4ivn+
xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNV mh5XAFmw4jV5mU
Cm26OWMohpLzGITY+9HPBVZkVw==
-----END CERTIFICATE-----

anybody some ideas?

[ixtab]

The parameters look correct as far as I can tell (comparing with http://fss.plone.uni-giessen.de/fss/...upplicant.conf).

One line looks suspicious though: anonymous_identity="anonymous@uni-giessen.de"

I'm not sure if it should contain the "=" sign. Try running the script from the command line (see my second or third post) and check the output, and possibly remove the = and check again.

Good luck