WiFi

Students have an open access to WiFi connection at school. EPITA provides two differents networks with various specifications detailled below.

Your Bocal logins are required to connect to the WiFi network.

IONIS

The IONIS WiFi hotspot requires a 5 Ghz WiFi card. The IONIS WiFi is recommended as it provides a faster and more stable connection.

To connect on IONIS, follow these steps:

  1. Connect to the IONIS WiFi hotspot
  2. You will be asked for your logins. You need to log with your epita's email address and Bocal's password.

Archlinux configuration

This section assumes you want to connect to the IONIS WiFi on an Archlinux distribution, and have an activated WiFi interface. To get the name of your WiFi interface you can type: $ iw dev.

This configuration is using netctl, a profile-based network manager for Archlinux. Thus, you will have to configure a network profile. A simple profile is presented below. For more information, please visit the Archlinux wiki on netctl.

  1. Create a file in /etc/netctl/. Its name should be self-explanatory. A good name would be \<interface>-IONIS.
  2. Fill it with the following configuration, with your parameters:
Description='EPITA IONIS profile'
Interface=<interface>
ESSID='IONIS'
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="IONIS"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'identity="<epita_email_address>"'
    'password="<bocal_password>"'
)
  1. Start the profile. $ netctl start <file_name> You can also enable it, to automatically try to connect to IONIS at boot. $ netctl enable <file_name>

If you wish to avoid having a password stored in plain text, you may want to try wpa_passphrase to make a pre-shared key instead, calculated from an input passphrase and the SSID. Please refer to this netctl section.

You can find other configuration examples in /etc/netctl/examples/.

Troubleshooting

TLS 1.0/1.1

TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled by some operating systems. If journalctl -e -u wpa_supplicant.service (the service name may change depending on your distribution) reports something like:

wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
wlp2s0: Trying to associate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
wlp2s0: Associated with 9c:5d:12:de:c4:e4
wlp2s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp2s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlp2s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

You have to allow explicitly the legacy security policies. For Fedora 33+, see https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2.