If you are running wireless, you should assume that you are publishing your all communications such as passwords on the front page of the New York Times unless you are running wpa. Anyone with a laptop within range -- and in range can mean a half mile or more if your snoopers have an antenna connected to their laptop -- can read it all. Microsoft's WEP is badly broken and there is software available for free on the web that will enable anyone who wants to to break a WEP connection to do so within a few minutes.
I tend to use wired connections because they are much faster and more stable. It is easy to install a second network card in a linux box and use masquerading to connect a second computer to the outside world through the box if you need to. But -- a few weeks ago signs appeared in my building indicating that wireless access was available and telltale wireless access points appeared in the halls. There are links from CIS explaining how to configure wpa connections for everything from Windows Vista to Palm TX, but they forgot to explain how to connect from the Fedora 9 linux running on my Gateway laptop. So I had to figure out how to do it.
The anaconda installer had found my Intel pro/Wireless 2200BG card when I installed Fedora, so I didn't need to worry about drivers. It had even installed NetworkManager. And I made a point of installing wpa_supplicant. But that in itself didn't get me to tamulink-wpa.
Here's what did.
I think that Ubuntu has a ca package installer. Maybe Fedora does, too; but I wasn't sure where to find it. So I just used a wired connection and pointed my browser at the Go Daddy site that I knew from the Windows instructions would have my certificate. Part way down the page it lists ValCertLegacy Certificate Chain. Below that it says ValCert Root Certificate and you will see a link to valcert_class2_root.crt.
Now if I left click on that link, firefox brings up a pop-up that says that this certificate is already installed as a certificate authority. But I wanted the file inself, so I right clicked on the link and did Save Link As ... to a subdirectory called CERTS that I had created in my home directory.
It is a text file, valcert_class2_root.crt, of length 1084. If you use
the more command in a terminal window, you see
-----BEGIN CERTIFICATE
stuff
-----END CERTIFICATE
Now the NetworkManager Applet expects you to browse for a .pem file, not a .crt file, so I renamed the file to valcert_class2_root.pem.
I then disconnected the wired ethernet: NetworkManager knows that wired networks are faster, so it will default to a wired connection if you have one; and you will never get to wireless.
I then saw an icon for a pair of linked computers with a red x. I then left clicked on the icon and a pop-up appeared showing me that three networks are available, tamulink guest, tamulink-help, and tamulink-wpa. I clicked the round radio button for tamulink-wpa.
At that point the icon changes from linked computers to two comets chasing each other as it tries to connect. Once everything is configured, there will be a message that contact has been established, and the two comets change to a how-many-bars icon. When I am connected, a mouseover tells me that I am connected to 'tamulink-wpa' (71%).
But first, I need a one-time setup for the connection.
When the two computer icon is clicked, a window pops up with tabs for wired, wireless, mobile broadband, vpn, and dsl. Click on the wireless tab. Mark with your mouse the default connection and Edit the default to create a Connection name: tamulink-wpa, with the connect automatically box checked.
The Wireless tab should have
SSID: tamulink-wpa
Mode: infrastructure
BSSID: blank
MAC address: blank
MTU: Automatic
The Wireless Security tab should have
Security: WPA & WPA Enterprise
Authentication: Protected EAP(PEAP)
Anonymous identity: blank
CA Certificate: Now browse to the CERTS directory and the
valcert_class2_root.pem file that you downloaded and click on it.
PEAP Version: Version 0
Inner Authentication: MSCHAPv2
User Name: Your netId
Password: blank
When you connect, you will get to fill in the NetId password in that box.
The IPv4 settings tab gets you to Method = DHCP.
You should now be ready to connect.
If you have trouble, you can su to root, go to
/etc/sysconfig/networking/devices, where you will find a file called
ifcfg-eth1. (eth0 is my wired connection.) My version of that file has
entries for
TYPE=wireless
DNS1=128.194.254.1
DEVICE=eth1
HWADDR=the MAC address of my wireless card
BOOTPROTO=dhcp
ONBOOT=yes
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
For what it is worth, the wpa configuration to the wireless router at
home is exactly the same, except much easier. The Wireless Security tab brings up
only two entries:
Security: WPA & WPA2 Personal
Password: blank
The router at home has Security Mode WPA_Personal. WPA Mode is set to WPA2 Only. Cipher Type AES.
If you find corrections or shortcuts, please email me and let me know so I can fix errors and pass on suggestions.