Client configuration to use
TTLS+PAP for WPA
Install wpa_supplicant from http://hostap.epitest.fi/wpa_supplicant/.
On Debian you can do
Now set up a configuration file ie. put following in
/etc/wpa_supplicant.conf. Please adjust red entries to correspond to
For extra security you can also point wpa_supplicant to the CA
(Certificate Authority) certificate for the network you are using ie.
To start WPA Supplicant use following. For example with Intel Centrino
you would put something like this
-c /etc/wpa_supplicant.conf -i wlan0 -D ipw
Change -D ipw if you are using something other than Centrino ie.
ndiswrapper. Then you need to configure your IP via e.g. dhcp
pump -i wlan0
You are done.
Mac OS X
This is how you would configure a
Mac OS X 10.3.x client to use TTLS+PAP to authenticate against WPA.
1. Click on the wireless icon.
2. Select "Open Internet Connect".
3. Click File then "New 802.1X Connection"
4. Click on 802.1X icon. Enter your username/password and the Wireless
Network you want to connect to e.g.
4. Click on Configurations then Edit Configurations. You will be
prompted to save the configuration. Name it ie. CS 802.11. You will
then get a window as follows
5. Check off everything other than TTLS.
6. Click on TTLS and click on Configure
7. Select PAP as TTLS Inner Authentication ie.
8. Click OK then OK again. Try to connect.
9. During authentication you will likely be prompted to accept
certificate for the server.
10. Click Accept All
11. That should be it.
Windows XP SecureW2 setup
the Windows Version of SecureW2 tool from the url given below.
a zip file. Unzip and run the installation file. You will be prompted
reboot. After reboot do following.
Click on the Wireless Connection Icon in the taskbar and select
“View available Wireless Networks”
on Wireless Networks tab and Select your WPA network ie. CSWIRELESS-WPA
and click on
SecureW2 window will show up.
'Configure' for DEFAULT profile. Go to Certificates Tab and check off
"Verify server certificate"
Next click on Authentication tab and
make sure that PAP is the select authentication method ie.
Next select "User account" tab and fill out the appropriate info or
check off "Prompt user for credentials".
Click OK and then try to connect to
Authors: Vladimir Vuksan (E-mail
me) and Venkataramana Nadimpalli