ubuntu22.04连网/peap/WPA2/MSCHAPv2

问题：

最近新电脑装的ubuntu22.04连接校园网发现连不上了，查阅文档发现问题出在ubuntu22上，ubuntu用的是非安全认证，所以很多校园网包括eduroam都崩了，所以要手动enable

这里不论需不需要ca证书应该都能解决这部分问题，解决不了的小伙伴记得看看自己的CA证书名字是不是带空格，带空格记得删掉

解决方法参考这篇文章
https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c

第一步:

Create specific openssl.cnf for wpa_supplicant

$ sudo cp /etc/ssl/openssl.cnf /etc/wpa_supplicant/

This will ensure that enabling TLS 1.0 applies only to WPA negotiations, which will mitigate the security impact of this change somewhat.

第二步:

Enable legacy TLS in the copied config file

$ sudo gedit /etc/wpa_supplicant/openssl.cnf

找到下面几行

[openssl_init]
providers = provider_sect

在后面插入

ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
CipherString = DEFAULT@SECLEVEL=1

第三步:

Make wpa_supplicant use the new configuration
As root, edit /usr/lib/systemd/system/wpa_supplicant.service.

$ sudo gedit /usr/lib/systemd/system/wpa_supplicant.service

找到下面几行

[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID

改成

[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
Environment="OPENSSL_CONF=/etc/wpa_supplicant/openssl.cnf"
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID

第四步:

Restart the wpa_supplicant

$ sudo systemctl daemon-reload
$ sudo systemctl restart wpa_supplicant.service

然后就能解决问题了

---