On Tue, Jul 11, 2017 at 11:53:45AM +0000, Joshua Riesenweber wrote:
> I'm looking to setup a public wireless network, where clients can create an encrypted connection to the authenticator but do not require a client cert.
> I've seen a few references to UNAUTH-TLS and WFA-UNAUTH-TLS that appears to do exactly this, but I haven't been able to find any config examples and haven't had any luck trying to configure it.
That configuration would be otherwise identical to EAP-TLS cases, but
there is no client_cert of private_key configuration on the client. For
example:
network={
ssid="test"
eap=UNAUTH-TLS
ca_cert="ca.pem"
identity="unauthenticated"
}
on the client.
And on the hostapd-as-EAP-server:
"unauthenticated" UNAUTH-TLS
in the eap_user.conf file while the main config includes normal
parameters for EAP-TLS (ca_cert, server_cert, private_key).
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
