Wifi 802.1X (WPA2-Enterprise)
Risposta
09/12/15 12.17
Hello,

has anyone ever tried to use connect an XDK via Wifi to 802.1X (WPA2-Enterprise) secured network?
At my Bosch site, this is the only way I could connect the XDK to a wifi.

If not, does someone know if this is theoretically possible?

thanks,
niclas
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
10/12/15 9.07 come risposta a Niclas Mueller.
Hi Niclas,

it looks like the SimpeLink API, which is part of the SDK, does support EAP. If you don't use certificate files, you should be able to connect to your network by using the function

_i16 sl_WlanConnect (_i8 *pName, _i16 NameLen, _u8 *pMacAddr, SlSecParams_t *pSecParams, SlSecParamsExt_t *pSecExtParams)

with SL_SEC_TYPE_WPA_WPA2 as security type in the pSecParams and pSecExtParams configured according to your setup.
I currently can't verify this though, as I don't have access to a WPA2-Enterprise network. So please let me know if it works.

Kind regards,
Manuel
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
15/01/16 17.22 come risposta a Manuel Cerny.
Having same question from a german car OEM, WPA2-Enterprise would be key.
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
20/01/16 9.44 come risposta a Kornelius Nägele.
Hi Kornelius,

connecting the XDK to a WPA2-enterprise AP is definitly supported by the SimpleLink API.
You can find the API in the SDK unter lib/wifi/TI/simplelink/include.

Your need to set your username/passwort, the according lenth and the used EapMode in  SlSecParamsExt_t .

With this configuration you can connection to the AP with:
 

_i16  sl_WlanConnect ( _i8 *pName,  _i16 NameLen,  _u8 *pMacAddr,  SlSecParams_t *pSecParams,  SlSecParamsExt_t *pSecExtParams)


You can start with the WNS_wifiNetworkSend example. Then you only need to change the configuration data, because the example shows how to use the simpleLink API.

Please let me know if this helps.

Best reagards,
Manuel
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
16/02/16 13.24 come risposta a Manuel Cerny.
Thanks, Manuel! I will try this next week, and report back here.
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
16/02/16 17.45 come risposta a Kornelius Nägele.
The problem I'm facing is that I can't even find a function that takes a username for an argument. For instance, ideally I am looking for a function named something like  WLI_connectWPA2_ENT. The only one I can find is the  WLI_connectWPA which only takes SSID, pass phrase and callback function as arguments. Is there even a datatype defined for storing a username (similar to  WLI_connectPassPhrase_t)?

Seeing as a large fraction of IoT application are likely to be in industry (and therefore using Enterprise security), shouldn't the connecting-to-enterprise-wifi part be more straightforward?  
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
18/02/16 12.19 come risposta a Patrick Rruelke.
Hello to everyone,

I’m trying to connect the XDK on our “ITM_BCS” WiFi network and without success.
 
I’m using the sl_WlanConnect() method to get connected but it doesn’t work.
The connection process aborts with the following error :

INFO | XDK DEVICE 1: 3 [PIP:2] error in Get host IP by name -161

But the previous method returned me 0 (which is OK).
 
This error code (161) corresponds to nothing, when I see at the header files where are located error codes.
I took contact with our local CI administrators to see dialogs between the XDK and the Acces Point but nothing appeared…
 
Here is what I’m doing to connect to “ITM_BCS” :
 

secParams.Key = (signed char*)EAP_PASS_KEY;
secParams.KeyLen = strlen(EAP_PASS_KEY);
secParams.Type = SL_SEC_TYPE_WPA_WPA2; //also tested with SL_SEC_TYPE_WPA_ENT
 
eapParams.EapMethod = SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2;
eapParams.User = (signed char*)EAP_USER_NAME;
eapParams.UserLen = strlen(EAP_USER_NAME);
eapParams.AnonUserLen = 0;
 
if (0 == sl_WlanConnect((char*)WLAN_CONNECT_WPA_SSID, strlen(WLAN_CONNECT_WPA_SSID), NULL, &secParams, &eapParams))
{
//treatment
}

 
With the CI team, we saw that “ITM_BCS” network is PEAPv0 with MSCHAPv2 without certificates. We already have username and password which already works on other mobile devices (Pocket PCs).

What I’m doing wrong ? Were you faced to this problem ?

Thank you by advance
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
22/02/16 12.56 come risposta a Olivier Richard.
Hi everyone,

as you already mentioned, there is no function in BCDS_WlanConnect.h that connects to an WPA2 enterprise network.
To do so, you need to access the simple link API directly. I definitely see space for improvement here and I will discuss this issue with our development team.

——

Did you successfully run the WlanManagement example with a normal AP?

This code should be fine. Unfortunately, I have no access to an PEAP0 MSCHAPv2 enterprise network right now to check it.
But I will ask, if the development team have any experiences.

SlSecParams_t secParams;
SlSecParamsExt_t eapParams;

secParams.Key = (signed char*)EAP_PASS_KEY;
secParams.KeyLen = strlen(EAP_PASS_KEY);
secParams.Type = SL_SEC_TYPE_WPA_ENT;      // you definitely need this here
 
eapParams.EapMethod = SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2;
eapParams.User = (signed char*)EAP_USER_NAME;
eapParams.UserLen = strlen(EAP_USER_NAME);
eapParams.AnonUserLen = 0;
 
if (0 == sl_WlanConnect((char*)WLAN_CONNECT_WPA_SSID, strlen(WLAN_CONNECT_WPA_SSID), 0, &secParams, &eapParams))
{
// treatment - blocking or callback
}


Kind regards,
Manuel
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
22/02/16 14.42 come risposta a Manuel Cerny.
Hello Manuel,

Thank you for your detailed reply. I already tested the code you mentioned above, and the problem stills there, with the same error code.
Yes i tested with a normal AP and WlanManagement demo, without any problem. I was able to retrieve an HTML page content without difficulties.

Guys from CI mentionned me that there is AES encryption under ITM_BCS. Maybe il could be that. I also redefined a connection method with AES ciphers like :

#define SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2_AES            EAPMETHOD(PEAP0 , MSCHAP                   , SMART_CONFIG_CIPHER_AES , SMART_CONFIG_CIPHER_AES)

But without success. Same problem with same error code.

I think there is a major gap here for WPA2-Enterprise connections, and i'm curious to have the reply from the XDK development team, the fact is that SimpleLink API is managed by TI.

Best regards

0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
17/03/16 13.36 come risposta a Olivier Richard.
Did you flash a ca.pem Root Certificate? If so, where did you put it?
0 (0 Voti)
Wifi 802.1X (WPA2-Enterprise)
Risposta
17/03/16 23.30 come risposta a Kornelius Nägele.
Hello guys,

I forwarded the issue to the developers and they will take care for it. I will keep you posted, as soon as I know more.
But for now, let me try to help as far as I can.

It seems like the old version of the simple link API doesn’t support a certificateless connection, and you need the server certificate flashed at     

/cert/ca.pem 


Kornelius, did you successfully connected to an enterprise network?

Kind regards
Manuel
0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
09/06/16 12.27 come risposta a Manuel Cerny.

Hi,

Are there any new developments regardig the issue yet? The people from Bosch Connected Devices keep referring me to this Community. I think for any industrial Use Case connecting the XDK to a secured network like WPA2 will be unavoidable. In case anyone found a way to implement it via the Simple Link API, I`d be grateful for the help.

Rgards, Felix

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
10/06/16 6.40 come risposta a Felix Gandha Salentin.

Hi Felix,

I definitely agree with you. The implementation of this EAP-methods are essential for any industrial use of the XDK. Currently, I don’t know anybody who implemented it directly with the simple link stack and additionally, there wasn’t any development started so far.

All I can do, is to ask you for patience again. I will try to kick of this development as fast as I can.

Kind regards,
Manuel

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
10/08/16 19.41 come risposta a Manuel Cerny.

Manuel,

It has been a couple of month since the last response on this thread, have you head from the development team yet whether or not this has been implemented?

Has anyone else in the community had success with this?

Thank you,

Christopher Koch

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
11/08/16 9.13 come risposta a Christopher Koch.

Hello Chris,

the enterprise Wi-Fi functionality isn’t implemented right now and unfortunately I can’t make any suggestion when the SDK will provide it.
I definitely notice the rising needs, even in a few other treads.

I will kick of the development again and report you about the progress next week.

Kind regards,
Manuel

 

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
16/08/16 11.53 come risposta a Manuel Cerny.

Hi all,

 

Chris and I were finally able to connect some XDKs to our Bosch LILA WPA2-Enterprise network. [edit] I will try to create a tutorial containing the source code to distribute through proper channels. In a ddition, I also successfully connected to Bosch's MSW_Access wifi using the same procedure below.

First you need to upgrade the XDK wifi module to v2.6.0.5 using the WiFiHostProgramming kit. Pressing XDK button 2 will upgrade the service pack and also serial flash in a dummy certificate (ca.pem) file to the wifi module file system (/cert/ca.pem). You can verify the version of the wifi module by pressing button 1.

Once you upgrade the service pack and flash in the dummy certificate, import the EnterpriseWiFi project and configure the wifi settings in Enterprise.c file. Running the binary will automatically attempt to connect to wifi.

For my test, I used the Bosch LILA network given the SSID, Username, and password. We also used a static IP for connection instead of DHCP. For example:

In EnterpriseWiFi.h file:

#define WLAN_ENT_SSID           "INSERT SSID HERE"
#define WLAN_USERNAME           "INSERT USERNAME HERE"
#define WLAN_ENT_PWD            "INSERT PASSWORD HERE"

EnterpriseWiFi.c static IP configuration:

    //configure static IP 
    NCI_ipSettings_t myIpSet;
    myIpSet.isDHCP =        (uint8_t) DHCP_DISABLED;
    myIpSet.ipV4 =          NCI_ipv4Value(10, 231, 64, 143);
    myIpSet.ipV4DnsServer = NCI_ipv4Value(10, 231, 64, 129);
    myIpSet.ipV4Gateway =   NCI_ipv4Value(10, 231, 64, 129);
    myIpSet.ipV4Mask =      NCI_ipv4Value(255, 255, 255, 128);

and EAP method configuration:

    eapParams.EapMethod = SL_ENT_EAP_METHOD_PEAP0_MSCHAPv2;

The new wifi module allows us to disable server authentication like so:

    // disable server authentication
    unsigned char pValues;
    pValues = 0;  //0 - Disable the server authentication | 1 - Enable (this is the default)
    sl_WlanSet(SL_WLAN_CFG_GENERAL_PARAM_ID,19,1,&pValues);

I'll try to connect with other enterprise networks in the future.

James

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
15/08/16 12.44 come risposta a James Kim.

Hello James,

thank you very much for sharing your solution for the enterprise Wi-Fi communication about this very long discussed topic.
This is a very important feature to develop applications in enterprise environments.

It would be great, if you keep us posted about your connections with other enterprise networks.

Kind regards,
Manuel

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
17/08/16 16.33 come risposta a Manuel Cerny.

Tried it on an independent with Meraki Access Points and it worked! Just had to adopt DHCP:

In EnterpriseWiFi.c:

// search for "NCI_setIpStatic" and replace whole line with:
retStatusSetIp = NCI_setIpDhcp(callbackIpObtained);

Add callback as needed, very basic example:

    
void callbackIpObtained(NCI_ipStatus_t result){
	if(result == NCI_IPV4_ACQUIRED){
		printf("IPv4 Address retrieved.");
	} else {
		printf("something went wrong...");
	}
}

Thanks James and Chris!

Now thanks to you every LiLA network in any Bosch facility can be used by XDK.

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
18/08/16 7.43 come risposta a James Kim.

Hi James,

Thank you so much for providing this. I've been looking for a solution for a while now on how to connect the XDK to the MSW Wifi at the Bosch plant here.

What I don't understand is exactly how to upgrade the Wifi module to v2.6.0.5. I've downloaded the Host programming Addon from TI's homepage for the Wifi chip. But what do I do next? Is there a certain project I need to flash in order to update the device? Thanks in advance for the help.

Felix

0 (0 Voti)
RE: Wifi 802.1X (WPA2-Enterprise)
Risposta
18/08/16 11.29 come risposta a Felix Gandha Salentin.

Felix,

We are currently working on the documentation to go with the two projects you will need to get you started with connecting to a Enterprise network.  Once this is done, the documentation along with the source code for the projects will be provided on the website and we will update this thread.

We have modified the TI host programmer to fit this exact purpose.  It will updated the XDKs Wi-FI module and install the dummy certificate file.  You won't need any materials from TI to get this done.

We hope to have this up soon.  Thank you for your patience.

Christopher Koch

0 (0 Voti)