-
-
Save Matheus-Garbelini/2cd780aed2eddbe17eb4adb5eca42bd6 to your computer and use it in GitHub Desktop.
#include <ESP8266WiFi.h> | |
extern "C" { | |
#include "user_interface.h" | |
#include "wpa2_enterprise.h" | |
#include "c_types.h" | |
} | |
// SSID to connect to | |
char ssid[] = "TEST_KRA"; | |
char username[] = "matheus_garbelini"; | |
char identity[] = "matheus_garbelini"; | |
char password[] = "testtest"; | |
uint8_t target_esp_mac[6] = {0x24, 0x0a, 0xc4, 0x9a, 0x58, 0x28}; | |
void setup() { | |
WiFi.mode(WIFI_STA); | |
Serial.begin(115200); | |
delay(1000); | |
Serial.setDebugOutput(true); | |
Serial.printf("SDK version: %s\n", system_get_sdk_version()); | |
Serial.printf("Free Heap: %4d\n",ESP.getFreeHeap()); | |
// Setting ESP into STATION mode only (no AP mode or dual mode) | |
wifi_set_opmode(STATION_MODE); | |
struct station_config wifi_config; | |
memset(&wifi_config, 0, sizeof(wifi_config)); | |
strcpy((char*)wifi_config.ssid, ssid); | |
strcpy((char*)wifi_config.password, password); | |
wifi_station_set_config(&wifi_config); | |
wifi_set_macaddr(STATION_IF,target_esp_mac); | |
wifi_station_set_wpa2_enterprise_auth(1); | |
// Clean up to be sure no old data is still inside | |
wifi_station_clear_cert_key(); | |
wifi_station_clear_enterprise_ca_cert(); | |
wifi_station_clear_enterprise_identity(); | |
wifi_station_clear_enterprise_username(); | |
wifi_station_clear_enterprise_password(); | |
wifi_station_clear_enterprise_new_password(); | |
wifi_station_set_enterprise_identity((uint8*)identity, strlen(identity)); | |
wifi_station_set_enterprise_username((uint8*)username, strlen(username)); | |
wifi_station_set_enterprise_password((uint8*)password, strlen((char*)password)); | |
wifi_station_connect(); | |
while (WiFi.status() != WL_CONNECTED) { | |
delay(1000); | |
Serial.print("."); | |
} | |
Serial.println("WiFi connected"); | |
Serial.println("IP address: "); | |
Serial.println(WiFi.localIP()); | |
} | |
void loop() { | |
} |
is there a way to connect without using hardcoded values. as in wifi manager we manually input details, likewise in enterprise connection is that possible?
hi @caxefaizan, not sure what you meant by hardcoded. As with wifi manager, you can change the enterprise parameters as shown on this lines: https://gist.github.com/Matheus-Garbelini/2cd780aed2eddbe17eb4adb5eca42bd6#file-esp8266_wpa2_enterprise_example-ino-L10-L13
In short, you can just write what username,password,ssid you wish on function wifi_station_set_enterprise_identity
, wifi_station_set_enterprise_username
and wifi_station_set_enterprise_password
. What is different here is that these function are a bit different.
hi @caxefaizan, not sure what you meant by hardcoded. As with wifi manager, you can change the enterprise parameters as shown on this lines: https://gist.github.com/Matheus-Garbelini/2cd780aed2eddbe17eb4adb5eca42bd6#file-esp8266_wpa2_enterprise_example-ino-L10-L13
In short, you can just write what username,password,ssid you wish on function
wifi_station_set_enterprise_identity
,wifi_station_set_enterprise_username
andwifi_station_set_enterprise_password
. What is different here is that these function are a bit different.
yea.. what i meant was .. lets suppose if i replace my device from one coffee shop to another.. i don't want to reprogram it with the new credentials. instead i want to type it manually every time i switch between coffee shops to avoid reprogramming. i hope its clear this time?
Ah yes, sorry. I guess you may need to modify wifi-manager for that, indeed it only handles passwords and some security options for you.
You may need to take a look if someone else has made an esp8266 captive portal for wpa-enterprise already.
Hello @Matheus-Garbelini I'm having hard time to connect my esp8266 to a Wireless LAN using a Freeradius server.
it's able to be authenticated with MSCHAPV2 but immediately after it's reset and start it over like in a loop and doesn't obtain an IP address. I'm using latest arduino ide with espressif sdk 3.0 (generic esp8266 board).
Any suggestions?
Method private structure allocated failure EAP-MSCHAPV2: RX identifier 2 mschapv2_id 2 EAP-MSCHAPV2: Generate Challenge Response EAP-MSCHAPV2: RX identifier 3 mschapv2_id 2 state: 5 -> 2 (ec0) rm 0 .reconnect state: 2 -> 0 (0) scandone state: 0 -> 2 (b0) state: 2 -> 3 (0) state: 3 -> 5 (10) add 0 aid 3 cnt Method private structure allocated failure EAP-MSCHAPV2: RX identifier 2 mschapv2_id 2 EAP-MSCHAPV2: Generate Challenge Response EAP-MSCHAPV2: RX identifier 3 mschapv2_id 2 state: 5 -> 2 (ec0) rm 0 .reconnect state: 2 -> 0 (0) scandone
Hello @ziogianni I was having a similar issue while using a NodeMCU. The board would try to connect then reboot, it would occasionally obtain an IP but would only stay connected to the network for about 8 seconds before rebooting again.
The thing that seemed to fix the problem for me was to go to the Tools tab in the Arduino IDE and after selecting the proper ESP board there should be an Erase Flash: drop down option towards the bottom. Try changing the default setting of "Only Sketch" to "All Flash Contents" I hope this helps.
Hi @ziogianni,
It appears we are using the same board, mine is also an ESP8266 based NodeMCU "Amica" board I got off Amazon link here.
Short answer I've selected ("NodeMCU 1.0 (ESP-12E Module)") for the board.
I actually ran into some issues this evening while playing around with the code.
I am now trying to connect a smart RGBW downlight that uses a generic ESP8266 module to the WPA2 Enterprise network by reflashing it and haven't had any luck just the same boot loop issue. After an hour or so of trying I went back to using my NodeMCU, but forgot to switch the board type back. The sketch uploaded to the NodeMCU fine as you stated but was stuck in our previous discussed boot loop.
at least for this chip, many configurations seem to work (generic esp8266, feather, 12E) but maybe they lack of some features like wpa2 enterprise
I believe you are correct with the lack of some features as it seems that when the "Generic ESP8266 Module" is selected for the board the ESP refuses to connect to the network and gets stuck in a boot loop @Matheus-Garbelini hopefully knows more as I really have no idea.
Although once I reuploaded the sketch with the proper board selected ("NodeMCU 1.0 (ESP-12E Module)") the NodeMCU seemed to connect to the network just fine.
hi @ziogianni, you may need to confirm this, but check your EAP server logs, ESP32 may be using eap-tls version 1.0, which is can be rejected by EAP servers such as FreeRadius. In this case, I've had success by changing a TLS config as exemplified here: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks#attention
This may be different depending on what EAP server you are using. I've no idea if this is possible on Windows EAP server for example.
@Matheus-Garbelini Is it possible to manually configure the IP address in your code instead of using DHCP addressing?
I currently have our IT department reserving the IP address for my NodeMCU by using its device name, which works but I'd prefer to be able to configure the IP on my end.
hi @ziogianni, you may need to confirm this, but check your EAP server logs, ESP32 may be using eap-tls version 1.0, which is can be rejected by EAP servers such as FreeRadius. In this case, I've had success by changing a TLS config as exemplified here: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks#attention
This may be different depending on what EAP server you are using. I've no idea if this is possible on Windows EAP server for example.
Hi @Matheus-Garbelini, I gave a check to the freeradius configuration files and as I supposed there was a section related to the TLS settings.
The two variables I found tls_min_version and tls_max_version in the eap.cnf file are respectively set to 1.0 and 1.3.
So TLS 1.0 should be already supported by the server I'm using.
Hello @ziogianni I was having a similar issue while using a NodeMCU. The board would try to connect then reboot, it would occasionally obtain an IP but would only stay connected to the network for about 8 seconds before rebooting again.
The thing that seemed to fix the problem for me was to go to the Tools tab in the Arduino IDE and after selecting the proper ESP board there should be an Erase Flash: drop down option towards the bottom. Try changing the default setting of "Only Sketch" to "All Flash Contents" I hope this helps.
@V-R-E Unfortunately it didn't work for me, it restarts and keeps saying Connection Status: 4
So it is possible to use WPA2 Enterprise with an esp8266?
Just a heads up everyone, if identity is not set, it will not be empty, it is acutually set to [email protected].
Here's my version of the above with websocket, works with peap mschapv2 at my uni:
https://gist.github.com/venetanji/d71dc271ebf51236ec6ce99aa48eee26
Hi, I'm getting this message from the Serial Monitor constantly. I am using a NodeMCU v1.0 board. I already set Erase Flash option to All flash contents but did not work.
Any comments on how to solve it?
,,,,,,,,,,pm open,type:2 0
14:40:29.211 -> ,,,,,,,,,,,,,,,,,,,,state: 5 -> 0 (2)
14:40:48.703 -> rm 0
14:40:48.703 -> pm close 7
14:40:48.703 -> reconnect
14:40:48.805 -> scandone
14:40:48.805 -> state: 0 -> 2 (b0)
14:40:48.805 -> state: 2 -> 3 (0)
14:40:48.805 -> state: 3 -> 5 (10)
14:40:48.805 -> add 0
14:40:48.805 -> aid 1
14:40:48.805 -> cnt
14:40:49.204 -> ,,,,,,,,,,pm open,type:2 0
14:40:59.208 -> ,,,,,,,,
Hi, thanks for yout reply.
The certs are in the following format :
char ssid[] = "CNIOPROF";
char username[] = "";
char identity[] = "";
char password[] = "xxxx";
That should be hex, right?
Regarding the TLS, I am using a nodemcu board whose TLS version is 1.2. How can I chech which versions are supported by the server?
After all what I do is basically uploading that code to the nodemcu.
I am quite new to this Arduino environment. Thanks for your patience.
I meet the same problem when use the code above. Using arduino IDE.
hardware: ESP-12F ESP8266MOD
using NodeMCU 1.0(ESP-12E)_ and erase all flash content
after it connect the wifi , it just keep about 8 second and then restart. Why this happened and if there is a valid method to solve this?
Thanks a lot! I had so much troubles working with esp8266 in the University. Now the problem is solved
`#include <ESP8266WiFi.h>
extern "C" {
#include "user_interface.h"
#include "wpa2_enterprise.h"
#include "c_types.h"
}
// SSID to connect to
char ssid[] = "eduroam";
char username[] = "101227402";
char identity[] = "101227402";
char password[] = "passwprd";
uint8_t target_esp_mac[6] = {0x24, 0x0a, 0xc4, 0x9a, 0x58, 0x28};
void setup() {
WiFi.mode(WIFI_STA);
Serial.begin(115200);
delay(1000);
Serial.setDebugOutput(true);
Serial.printf("SDK version: %s\n", system_get_sdk_version());
Serial.printf("Free Heap: %4d\n",ESP.getFreeHeap());
// Setting ESP into STATION mode only (no AP mode or dual mode)
wifi_set_opmode(STATION_MODE);
struct station_config wifi_config;
memset(&wifi_config, 0, sizeof(wifi_config));
strcpy((char*)wifi_config.ssid, ssid);
strcpy((char*)wifi_config.password, password);
wifi_station_set_config(&wifi_config);
wifi_set_macaddr(STATION_IF,target_esp_mac);
wifi_station_set_wpa2_enterprise_auth(1);
// Clean up to be sure no old data is still inside
wifi_station_clear_cert_key();
wifi_station_clear_enterprise_ca_cert();
wifi_station_clear_enterprise_identity();
wifi_station_clear_enterprise_username();
wifi_station_clear_enterprise_password();
wifi_station_clear_enterprise_new_password();
wifi_station_set_enterprise_identity((uint8*)identity, strlen(identity));
wifi_station_set_enterprise_username((uint8*)username, strlen(username));
wifi_station_set_enterprise_password((uint8*)password, strlen((char*)password));
wifi_station_clear_enterprise_cert_key();
wifi_station_connect();
while (WiFi.status() != WL_CONNECTED) {
delay(1000);
Serial.print(".");
}
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP());
}
void loop() {
}`
####################################################
I am trying to connect to eduroam in my university,
It uses MSCHAPV2 as the Phase 2 Authentication,
And do not Validate the Ca Certificate
I keep getting the error below and it loops forever,
.reconnect
...scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 0 (12)
.reconnect
...scandone
state: 0 -> 2 (b0)
If anyone can please guide me or link me to any post to solve this issue, I really do appreciate it very much.
@Teakzieas did you try my version? works ok on my uni's eduroam:
https://gist.github.com/venetanji/d71dc271ebf51236ec6ce99aa48eee26
One difference with your code is I don't set the password with:
strcpy((char*)wifi_config.password, password);
Try commenting that line as it is for regular wpa. The wpa2 enterprise password is actually set with this line below:
wifi_station_set_enterprise_password((uint8*)password, strlen((char*)password));
#include <ESP8266WiFi.h>
// include wpa2 enterprise code
extern "C" {
#include "user_interface.h"
#include "wpa2_enterprise.h"
}
// SSID, Username and password. Update with yours!
static const char* ssid = "eduroam";
static const char* username = "101227402"; //
static const char* password = "password";
void setup() {
Serial.begin(115200);
delay(1000);
Serial.setDebugOutput(true);
// Setting ESP into STATION mode only (no AP mode or dual mode)
wifi_set_opmode(STATION_MODE);
struct station_config wifi_config;
memset(&wifi_config, 0, sizeof(wifi_config));
strcpy((char*)wifi_config.ssid, ssid);
wifi_station_set_config(&wifi_config);
// Clean up to be sure no old data is still inside
wifi_station_clear_cert_key();
wifi_station_clear_enterprise_ca_cert();
wifi_station_set_wpa2_enterprise_auth(1);
wifi_station_set_enterprise_username((uint8*)username, strlen(username));
wifi_station_set_enterprise_identity((uint8*)username, strlen(username));
wifi_station_set_enterprise_password((uint8*)password, strlen(password));
wifi_station_connect();
while (WiFi.status() != WL_CONNECTED) {
delay(1000);
Serial.print(".");
}
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP());
}
void loop() {
}
##############################################
i did try your code but i endup in the same place
.reconnect
...scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 0 (12)
.reconnect
Could it be the Version of Nodemcu I am using(NodemcuV2)
Hey, thanks for the examples, your code works like a charm when I connect one ESP8266 "Amica" NodeMCU to university eduroam. I am sending IOT data to thingspeak.
Weird issue, whenever I connect a second NodeMCU with the same code (sending to a different thingspeak channel), the first one stops sending data. Might there be an issue with conflicting IP addresses?
Hey, thanks for the examples, your code works like a charm when I connect one ESP8266 "Amica" NodeMCU to university eduroam. I am sending IOT data to thingspeak. Weird issue, whenever I connect a second NodeMCU with the same code (sending to a different thingspeak channel), the first one stops sending data. Might there be an issue with conflicting IP addresses?
It's that part where the MAC is assigned. You've assigned the same MAC to different devices. When one is trying to connect, the other one is kicked from the network. So just change the MAC on one of the devices
Hello, I just came across your code and am using it to connect a NodeMCU to my departments VLAN on my works wireless network. I have been able to successfully connect to the network and was wondering if it would be possible to setup a manual IP address and Subnet for the NodeMCU, I'm not exactly sure how I'd go about it. Thanks in advance for the help.