VintageNet with Wired 802.1x under Nerves

This is some ongoing work I’m doing for [ REDACTED ] (one of my favorite clients, makes me seem very cool and mysterious). I am reporting the progress and procedure here to gives some findable context for others who want to do this stuff and also some context for the PR.

Wired 802.1x using EAP-TLS with device certificates is a pretty decent bump in network security and control, or so I hear.

I’ve confirmed the Linux setup for wired 802.1x using this helpful note and a freeradius server along with a Unifi managed switch. So we have a Raspbian OS install doing the right song and dance.

Currently we are hacking apart VintageNetWiFi and VintageNetEthernet to reproduce the config and setup.

We got the thing working but hit a fairly unexpected snag. No wired driver for wpa_supplicant.

So Add wired driver to WPA Supplicant by tomielee · Pull Request #234 · nerves-project/nerves_system_rpi4 · GitHub should address the immediate need we have and we’re currently building that system to see if it works out. It passes then smell check at least.

@fhunleth is this handled in each system separately or should this go somewhere in nerves_system_br?

1 Like

It worked!

@fhunleth the separate supplicant library we discussed is taking shape here: GitHub - underjord/vintage_net_supplicant: Vintage Net Supplicant

We are not 100% certain about the dividing line between Supplicant and WiFi libraries. Currently we brought a lot of WiFi-stuff over to the Supplicant library, because that worked and it all seemed relevant to the supplicant’s work. But much of it is pointless for the Supplicant under Ethernet. I think that’s fine but let us know what you think.

Plenty of tidying up before you get PRs for WiFi, Ethernet and we consider the Supplicant library ready to move over into the nerves-networking org but it is on it’s way.