Feature #5474
open
- Category set to Interfaces
Here's a hacked-together shell script that can be used in the meantime:
#!/usr/bin/env sh
# I use this on pfSense to make wired 802.1x authentication work on startup.
# A good location to put this is in /conf, as that directory is retained during upgrades.
# You can use the shellcmd package to execute upon boot, like "nohup /conf/yourscript.sh &".
# To create password hash do "echo -n your_password | iconv -t utf16le | openssl md4"
PASSWORD="hash:<redacted>"
IDENTITY="<redacted>"
INTERFACE="vmx2"
PARAMS="\
ap_scan 0,\
eapol_flags 0,\
add_network,\
set_network 0 key_mgmt IEEE8021X,\
set_network 0 eap PEAP,\
set_network 0 eapol_flags 0,\
set_network 0 phase2 \\\"auth=MSCHAPV2\\\",\
set_network 0 identity \\\"${IDENTITY}\\\",\
set_network 0 password ${PASSWORD},\
enable_network 0\
"
################################################################################
logger -s "WPA (${INTERFACE}): Beginning WPA authorization process."
WPA_DAEMON_CMD="wpa_supplicant -D wired -i ${INTERFACE} -C /var/run/wpa_supplicant -B"
# Kill any existing wpa_supplicant process.
PID=$(pgrep -f "wpa_supplicant.*${INTERFACE}")
if [ ${PID} > 0 ];
then
logger -s "WPA (${INTERFACE}): Terminating existing supplicant on PID ${PID}."
RES=$(kill ${PID})
fi
# Start wpa_supplicant daemon.
RES=$(${WPA_DAEMON_CMD})
PID=$(pgrep -f "wpa_supplicant.*${INTERFACE}")
logger -s "WPA (${INTERFACE}): Supplicant running on PID ${PID}."
# Set WPA configuration parameters.
logger -s "WPA (${INTERFACE}): Setting network configuration."
IFS=","
for STR in ${PARAMS};
do
STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')"
RES=$(eval wpa_cli ${STR})
done
# Wait until wpa_cli has authenticated.
WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2"
IP_STATUS_CMD="ifconfig ${INTERFACE} | grep 'inet\ ' | cut -d' ' -f2"
logger -s "WPA (${INTERFACE}): Waiting for authorization."
while true;
do
WPA_STATUS=$(eval ${WPA_STATUS_CMD})
if [ X${WPA_STATUS} = X"Authorized" ];
then
logger -s "WPA (${INTERFACE}): Authorization completed."
IP_STATUS=$(eval ${IP_STATUS_CMD})
if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ];
then
logger -s "WPA (${INTERFACE}): No IP address assigned, force restarting DHCP."
RES=$(eval /etc/rc.d/dhclient forcerestart ${INTERFACE})
IP_STATUS=$(eval ${IP_STATUS_CMD})
fi
logger -s "WPA (${INTERFACE}): IP address is ${IP_STATUS}."
break
else
sleep 1
fi
done
logger -s "WPA (${INTERFACE}): Process complete, exiting."
Also available in: Atom
PDF
Updated by 
Updated by