Windows WiFi with WPA2-Enterprise + EAP-TTLS + PAP

5

3

The task is to teach Windows (XP,Vista,7) how to connect to a WiFi with WPA2-Enterprise using EAP-TTLS and PAP.

So far I know the following solutions:

  • SecureW2 Personal Client 2.X: Vendor declared end-of-life. Not publicly available.
  • The "Intel PROSet/Wireless WiFi Connection Utility" works on Intel WiFi cards.
  • The Windows port of wpa_supplicant is still called experimental and difficult install.

The only notebook with a non-Intel wireless network card that I got my hands on bluescreened with the Intel tool so I'm reluctant to borrow me another one for testing. Has anyone done this successfully?

Do you know other software to achieve this?

user16115

Posted 2010-09-09T16:50:22.863

Reputation:

secureW2 is avaiable here: http://www.utwente.nl/icts/programmas/securew2/

– motobói – 2015-05-18T14:20:26.817

It's not looking promising...:( you may also want to ask on http://serverfault.com as those guys do administration and may know more about configuring this security for end users.

– JNK – 2010-09-09T16:57:09.700

Answers

3

You need to install a 3rd party tool as EAP-TTLS is not supported by the OS out-of-the-box.

If you're not comfortable with SecureW2 I'd recommend XSupplicant. It's open source (GPLv2), runs fine on Windows and has a GUI.

Open1X Screenshot

imoatama

Posted 2010-09-09T16:50:22.863

Reputation: 1 906

Some links on the website seem to be down. The sourceforge pages still work: http://sourceforge.net/projects/open1x/

– jasperado – 2014-10-21T11:34:12.387

4

Windows XP and Vista don't support TTLS out of the box, so it requires the installation of a helper program. The program to use is SecureW2, which unfortunately is no longer freeware. However, the last freeware version 1.13 is reported as still working very well on all versions from XP to Windows 7. I have managed to find a version from the University of Manitoba. To download, type "guest" in the UMnetID field and click Continue, then Utilities, then download SecureW2 Eap Suite version 1.13.

The following instructions were taken from Windows 7 - EAP-TTLS securew2. Alternative and much more graphically-oriented instructions can be found in WPA2 Enterprise with 802.1x / EAP-TTLS section "Client 802.1x | Windows XP/Vista".

  1. Download the EAP Suite v 1.13, and install it. Most likely, you'll have to restart Windows 7 after the install.
  2. After reboot, click the Windows start button, then Control Panel. The Control Panel opens.
  3. In the left pane, click Control Panel Home, then in the right pane under the Network and Internet section click View network status and tasks.
  4. In the left pane, click Manage wireless networks. A list of previously connected wireless networks appears.
  5. If YourNetwork appears in the list, double-click the YourNetwork icon and go to step 12. Otherwise, proceed to the next step.
  6. Click Add.
  7. Click Manually create a network profile. A dialogue box appears.
  8. In the Network name: field, type YourNetwork
  9. In the Security type: drop-down box, select 802.1x.
    1. Click Next. The message 'Successfully added YourNetwork' should appear.
    2. Click Change connection settings. The YourNetwork Wireless Network properties dialogue box appears.
    3. Click the Security tab.
    4. Ensure the settings are as follows:
      • Security type: 802.1x
      • Encryption type: WEP
      • Choose a network authentication method: SecureW2 EAP-TTLS
      • Check the Cache user information for subsequent connections to this network check box
    5. Click Settings...
    6. Click New and enter YourNetwork. Click OK.
    7. In the Connection tab, ensure the Use alternate outer identity checkbox is selected, and the Use anonymous outer identity radio button is selected.
    8. Ensure the Enable session resumption (quick connect) checkbox is selected.
    9. In the Certificates tab, ensure the Verify server certificate checkbox is selected, then click Add CA. Locate and highlight Thawte Premium Server CA then click Add CA.
    10. Ensure the Verify server name: checkbox is selected, then enter auth.yournetwork.com in the corresponding field.
    11. In the Authentication tab, for the Select Authentication Method: drop-down menu, ensure PAP is selected.
    12. Click Advanced.
    13. Ensure the Allow users to setup new connections checkbox is selected.
    14. Click OK to close each open dialogue box.

harrymc

Posted 2010-09-09T16:50:22.863

Reputation: 306 093

Thank you for your detailed answer. Unfortunately I need a legally distributable solution. – None – 2010-09-12T21:19:40.673

2Every freeware is legally distributable by all means. I assure you that the university distributes it to all comers, even to guests, quite legally. It is only later versions than 1.13 that were released with a commercial license, which is why I went to quite a few lengths to find you this older and still free copy, after verifying that it is still said to work on all Windows versions. I suggest that you grab it while it's still available, as it fully answers your needs. – harrymc – 2010-09-13T06:01:52.767

OK, after reading the packaged license.txt I see that it is indeed legally distributable because it's licensed under the GPL. By using the term "freeware" instead of "free software" / "open source" you lead me to believe you meant the once "free for personal usage without distribution" and now gone version of the client. – None – 2010-09-13T10:48:03.470

1Yeah, licensing is confusing. But once released under a license, the license is irrevocable (unless the license is modifiable). – harrymc – 2010-09-13T11:28:21.210

Here is a direct download to SecureW2 GPL edition: http://bherila.net/downloads/SecureW2_EAP_Suite_113.zip

– Ben Herila – 2010-10-10T07:35:13.347

Asked: 2010-09-09T16:50:22.863

Viewed: 25 600 times

Active: 2014-05-14T17:31:57.453