Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6496: Added support for WPA-Enterprise client-mode #3711

Merged
merged 3 commits into from
Jul 5, 2024
Merged

T6496: Added support for WPA-Enterprise client-mode #3711

merged 3 commits into from
Jul 5, 2024

Conversation

part1cleth1ef
Copy link
Contributor

Change Summary

Added support for WPA-Enterprise client-mode

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

wireless

Proposed changes

How to test

Configuration:

vyos@vyos# edit interfaces wireless wlan0
set security wpa enterprise_username 'somedomain\someuser'
set security wpa enterprise_passphrase 'somepassphrase'
vyos@vyos#

show interface wireless output:

vyos@vyos:~$ show interfaces wireless
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
wlan0            -                                 A/D  SWC-24
wlan1            10.1.0.1/24                       A/D  Test AP (2.4Ghz)
wlan2            10.6.32.101/20                     u/u  SWC-5
vyos@vyos:~$

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation --> it doesn't seem like the docs for wireless security document everything so I'm going to take that approach.
  • I have updated the documentation accordingly

@part1cleth1ef part1cleth1ef requested a review from a team as a code owner June 23, 2024 23:20
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 23, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

@c-po
Copy link
Member

c-po commented Jun 24, 2024

Please use:

  • set security wpa enterprise username
  • set security wpa enterprise password

instead.

When using username and password please include our common building blocks

#include <include/generic-password.xml.i>
#include <include/generic-username.xml.i>

c-po
c-po approved these changes Jun 24, 2024
View reviewed changes
data/templates/wifi/wpa_supplicant.conf.j2 Outdated Show resolved Hide resolved
interface-definitions/interfaces_wireless.xml.in Outdated Show resolved Hide resolved
interface-definitions/interfaces_wireless.xml.in Outdated Show resolved Hide resolved
@c-po
Copy link
Member

c-po commented Jun 24, 2024
edited
Loading

So in general my requested changes can be sumarised as:

Personal mode

  • set interfaces wireless wlan0 security wpa passphrase <secret>

Enterprise Mode

  • set interfaces wireless wlan0 security wpa enterprise username <name>
  • set interfaces wireless wlan0 security wpa enterprise passphrase <secret>

If username is specified, but not password you should raise ConfigError() in verify()

@part1cleth1ef
Copy link
Contributor Author

@c-po I've completed the requested checks, additionally I didn't edit anything that would mess with the smoketests so perhaps something is temperamental?

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

part1cleth1ef and others added 2 commits July 5, 2024 08:48
@part1cleth1ef @c-po
wireless: T6496: support for EAP-MSCHAPv2 client over wifi
fc42630 
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`

fix: attempt to fix indentation on `wpa_supplicant.conf.j2`

fix: incorrect bssid mapping

fix: use the correct jinja templating (I think)

fix: “remote blank space

fix: attempt to fix the formatting in j2

fix: attempt to fix the formatting in j2

feat: rename enterprise username and password + add checks in conf mode.

fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part

fix: fix indentation on `wpa_supplicant.conf.j2`
@c-po
wireless: T6496: use ascii regex for WPA passphrase constraint
5a6ac65
@c-po
Copy link
Member

c-po commented Jul 5, 2024 

[email protected]:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_wireless.py
test_add_multiple_ip_addresses (__main__.WirelessInterfaceTest.test_add_multiple_ip_addresses) ... ok
test_add_single_ip_address (__main__.WirelessInterfaceTest.test_add_single_ip_address) ... ok
test_dhcp_client_options (__main__.WirelessInterfaceTest.test_dhcp_client_options) ... ok
test_dhcp_disable_interface (__main__.WirelessInterfaceTest.test_dhcp_disable_interface) ... ok
test_dhcp_vrf (__main__.WirelessInterfaceTest.test_dhcp_vrf) ... ok
test_dhcpv6_client_options (__main__.WirelessInterfaceTest.test_dhcpv6_client_options) ... ok
test_dhcpv6_vrf (__main__.WirelessInterfaceTest.test_dhcpv6_vrf) ... ok
test_dhcpv6pd_auto_sla_id (__main__.WirelessInterfaceTest.test_dhcpv6pd_auto_sla_id) ... ok
test_dhcpv6pd_manual_sla_id (__main__.WirelessInterfaceTest.test_dhcpv6pd_manual_sla_id) ... ok
test_interface_description (__main__.WirelessInterfaceTest.test_interface_description) ... ok
test_interface_disable (__main__.WirelessInterfaceTest.test_interface_disable) ... ok
test_interface_ip_options (__main__.WirelessInterfaceTest.test_interface_ip_options) ... ok
test_interface_ipv6_options (__main__.WirelessInterfaceTest.test_interface_ipv6_options) ... skipped 'not supported'
test_interface_mtu (__main__.WirelessInterfaceTest.test_interface_mtu) ... skipped 'not supported'
test_ipv6_link_local_address (__main__.WirelessInterfaceTest.test_ipv6_link_local_address) ... skipped 'not supported'
test_mtu_1200_no_ipv6_interface (__main__.WirelessInterfaceTest.test_mtu_1200_no_ipv6_interface) ... skipped 'not supported'
test_span_mirror (__main__.WirelessInterfaceTest.test_span_mirror) ... skipped 'not supported'
test_vif_8021q_interfaces (__main__.WirelessInterfaceTest.test_vif_8021q_interfaces) ... skipped 'not supported'
test_vif_8021q_lower_up_down (__main__.WirelessInterfaceTest.test_vif_8021q_lower_up_down) ... skipped 'not supported'
test_vif_8021q_mtu_limits (__main__.WirelessInterfaceTest.test_vif_8021q_mtu_limits) ... skipped 'not supported'
test_vif_8021q_qos_change (__main__.WirelessInterfaceTest.test_vif_8021q_qos_change) ... skipped 'not supported'
test_vif_s_8021ad_vlan_interfaces (__main__.WirelessInterfaceTest.test_vif_s_8021ad_vlan_interfaces) ... ok
test_vif_s_protocol_change (__main__.WirelessInterfaceTest.test_vif_s_protocol_change) ... ok
test_wireless_access_point_bridge (__main__.WirelessInterfaceTest.test_wireless_access_point_bridge) ... ok
test_wireless_add_single_ip_address (__main__.WirelessInterfaceTest.test_wireless_add_single_ip_address) ... ok
test_wireless_hostapd_config (__main__.WirelessInterfaceTest.test_wireless_hostapd_config) ... ok
test_wireless_hostapd_he_config (__main__.WirelessInterfaceTest.test_wireless_hostapd_he_config) ... ok
test_wireless_hostapd_vht_mu_beamformer_config (__main__.WirelessInterfaceTest.test_wireless_hostapd_vht_mu_beamformer_config) ... ok
test_wireless_hostapd_vht_su_beamformer_config (__main__.WirelessInterfaceTest.test_wireless_hostapd_vht_su_beamformer_config) ... ok
test_wireless_hostapd_wpa_config (__main__.WirelessInterfaceTest.test_wireless_hostapd_wpa_config) ... ok
test_wireless_security_station_address (__main__.WirelessInterfaceTest.test_wireless_security_station_address) ... ok

----------------------------------------------------------------------
Ran 31 tests in 240.015s

OK (skipped=9)

@c-po c-po merged commit 262dd9a into vyos:current Jul 5, 2024
8 of 9 checks passed
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024

CI integration ❌ failed!

Details

CI logs

  • ❌ failed CLI Smoketests returned: 1
  • 👍 passed Config tests returned: 0
  • 👍 passed RAID1 tests returned: 0

@sever-sever
Copy link
Member

@Mergifyio backport circinus

@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 19, 2024
edited
Loading

backport circinus

✅ Backports have been created

@mergify mergify bot mentioned this pull request Sep 19, 2024
Merged
12 tasks
dmbaturin added a commit that referenced this pull request Sep 19, 2024
@dmbaturin
Merge pull request #4085 from vyos/mergify/bp/circinus/pr-3711
1909f2d 
T6496: Added support for WPA-Enterprise client-mode (backport #3711)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@sever-sever sever-sever sever-sever approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin was automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

Assignees

@part1cleth1ef part1cleth1ef

Labels
backport current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@part1cleth1ef @c-po @sever-sever