Download; wpasupplicant 2:2.9-8. Package Actions. Source Files / View Changes; Bug Reports / Add New Bug; Search Wiki. Install the wpasupplicant package, which includes the main program wpasupplicant, the passphrase tool wpapassphrase, and the text front-end wpacli. Optionally, also install the official wpasupplicantgui AUR which provides wpagui, a graphical front-end for wpasupplicant, or wpa-cute AUR which is a fork from an earlier version of wpa. Wpasupplicant is a cross-platform supplicant with support for WEP, WPA and WPA2 (IEEE 802.11i).It is suitable for desktops, laptops and embedded systems. It is the IEEE 802.1X/WPA component that is used in the client stations.
Select Your Operating System
Add repository and install manually
For openSUSE Tumbleweed run the following as root:
For openSUSE Leap 15.2 run the following as root:
For openSUSE Leap 15.1 run the following as root:
For openSUSE Factory-z run the following as root:
Grab binary packages directly
Packages for openSUSE Leap 15.2:
Packages for openSUSE Factory-z:
Add repository and install manually
For SLE 15 SP2 run the following as root:
For SLE 12 SP5 run the following as root:
For SLE 12 SP4 run the following as root:
Grab binary packages directly
Packages for SLE 12 SP5:
| *Important note to pay attention to* |
| You'll most likely use eth0 on a USG and eth2 or eth3 on a USG-Pro, edit the files accordingly. Do not run the supplicant on virtual interfaces (e.g. eth0.0), as it will not work. |
| *Pre-requisites* |
| Get certs, run the mfg_dat_decode tool. You should end up with 3 certs: CA_*.pem, Client_*.pem and PrivateKey_PKCS1_*.pem, as well as a a wpa_supplicant.conf file |
| In the archive generated by the tool, edit wpa_supplicant.conf to add the full path /config/auth/ to all 3 files: |
| network={ |
| ca_cert='/config/auth/CA_xxxxxx.pem' |
| client_cert='/config/auth/Client_xxxxxx.pem' |
| eap=TLS |
| eapol_flags=0 |
| identity='AA:AA:AA:AA:AA:AA' # Gateway MAC address |
| key_mgmt=IEEE8021X |
| phase1='allow_canned_success=1' |
| private_key='/config/auth/PrivateKey_PKCS1_xxxxxx.pem' |
| } |
| Download the compiled WPA Supplicant binary: https://www.dslreports.com/r0/download/2382315~c173ce2d062cf92116ed2427bb79dd18/wpa_supplicant.zip |
| Create wpa_supplicant.sh and make sure it matches your WAN port |
| #!/usr/bin/env bash |
| #Start EAP-TLS on eth0 |
| #Check if already running to avoid multiple instances |
| IF_WAN=eth0 |
| PROCESS_NAME=wpa_supplicant |
| PROCESS_PATH=/config/scripts/wpa_supplicant |
| PROCESS_COUNT=$(ps -A | grep $PROCESS_NAME | egrep -v 'grep|$(basename $0)' | grep -c $PROCESS_NAME) |
| if [ $PROCESS_COUNT = 0 ] && [ -x $PROCESS_PATH ]; then |
| $PROCESS_PATH -s -B -Dwired -i$IF_WAN -c/config/scripts/wpa_supplicant.conf -g/var/run/wpa_supplicant.ctrl -P/var/run/wpa_supplicant.pid |
| fi |
| SCP into usg and drop the following files into the following locations: |
| /config/scripts/wpa_supplicant (the binary file from 2.) |
| /config/scripts/post-config.d/wpa_supplicant.sh |
| /config/wpa_supplicant.conf |
| 3 certificate PEM files to /config/auth |
| Run the following commands: |
| sudo chmod +x /config/scripts/wpa_supplicant |
| sudo chmod +x /config/scripts/post-config.d/wpa_supplicant.sh |
| sudo chmod -R 0600 /config/auth |
| Set your WAN port VLAN to 0, you might need to use the old UI for this as the new one errors out when choosing VLAN 0. |
| Create a config.gateway.json file to ensure the MAC spoofing is persistent, make sure the values in bold are updated: |
| { |
| 'interfaces':{ |
| 'ethernet':{ |
| 'eth0':{ |
| 'mac':”AA:AA:AA:AA:AA:AA' |
| } |
| } |
| } |
| } |
| Follow the USG documentation: https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration#2 |
| Reboot the gateway. |
| Monitor logs on the gateway by running |
| tail -n 50 -f /var/log/messages |
commented Jan 25, 2021
On line 33, wpa_supplicant.conf is at /config/scripts/, but on line 39, it is at /config/. |