HS 2.0: Add some documentation for OSEN and network block use
This adds notes on how wpa_supplicant can be configured for OSEN for a link-layer protected online signup connection and how network profiles can be set for a Hotspot 2.0 data connection when using external Interworking network selection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
e114e999e0
commit
aeb408fff1
2 changed files with 69 additions and 0 deletions
|
@ -564,3 +564,68 @@ OK
|
|||
<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
|
||||
<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
|
||||
<3>ANQP fetch completed
|
||||
|
||||
|
||||
Hotspot 2.0 Rel 2 online signup and OSEN
|
||||
----------------------------------------
|
||||
|
||||
Following parameters can be used to create a network profile for
|
||||
link-layer protected Hotspot 2.0 online signup connection with
|
||||
OSEN. Note that ssid and identify (NAI) values need to be set based on
|
||||
the information for the selected provider in the OSU Providers list
|
||||
ANQP-element.
|
||||
|
||||
network={
|
||||
ssid="HS 2.0 OSU"
|
||||
proto=OSEN
|
||||
key_mgmt=OSEN
|
||||
pairwise=CCMP
|
||||
group=GTK_NOT_USED
|
||||
eap=WFA-UNAUTH-TLS
|
||||
identity="anonymous@example.com"
|
||||
ca_cert="osu-ca.pem"
|
||||
ocsp=2
|
||||
}
|
||||
|
||||
|
||||
Hotspot 2.0 connection with external network selection
|
||||
------------------------------------------------------
|
||||
|
||||
When an component controlling wpa_supplicant takes care of Interworking
|
||||
network selection, following configuration and network profile
|
||||
parameters can be used to configure a temporary network profile for a
|
||||
Hotspot 2.0 connection (e.g., with SET, ADD_NETWORK, SET_NETWORK, and
|
||||
SELECT_NETWORK control interface commands):
|
||||
|
||||
interworking=1
|
||||
hs20=1
|
||||
auto_interworking=0
|
||||
|
||||
network={
|
||||
ssid="test-hs20"
|
||||
proto=RSN
|
||||
key_mgmt=WPA-EAP
|
||||
pairwise=CCMP
|
||||
anonymous_identity="anonymous@example.com"
|
||||
identity="hs20-test@example.com"
|
||||
password="password"
|
||||
ca_cert="ca.pem"
|
||||
eap=TTLS
|
||||
phase2="auth=MSCHAPV2"
|
||||
update_identifier=54321
|
||||
#ocsp=2
|
||||
}
|
||||
|
||||
|
||||
These parameters are set based on the PPS MO credential and/or NAI Realm
|
||||
list ANQP-element:
|
||||
|
||||
anonymous_identity: Credential/UsernamePassword/Username with username part
|
||||
replaced with "anonymous"
|
||||
identity: Credential/UsernamePassword/Username
|
||||
password: Credential/UsernamePassword/Password
|
||||
update_identifier: PPS/UpdateIdentifier
|
||||
ca_cert: from the downloaded trust root based on PPS information
|
||||
eap: Credential/UsernamePassword/EAPMethod or NAI Realm list
|
||||
phase2: Credential/UsernamePassword/EAPMethod or NAI Realm list
|
||||
ocsp: Credential/CheckAAAServerCertStatus
|
||||
|
|
|
@ -762,6 +762,7 @@ fast_reauth=1
|
|||
# FT-SAE = SAE with FT
|
||||
# WPA-EAP-SUITE-B = Suite B 128-bit level
|
||||
# WPA-EAP-SUITE-B-192 = Suite B 192-bit level
|
||||
# OSEN = Hotspot 2.0 Rel 2 online signup connection
|
||||
# If not set, this defaults to: WPA-PSK WPA-EAP
|
||||
#
|
||||
# ieee80211w: whether management frame protection is enabled
|
||||
|
@ -1121,6 +1122,9 @@ fast_reauth=1
|
|||
# number of authentication servers. Strict EAP conformance mode can be
|
||||
# configured by disabling workarounds with eap_workaround=0.
|
||||
|
||||
# update_identifier: PPS MO ID
|
||||
# (Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)
|
||||
|
||||
# Station inactivity limit
|
||||
#
|
||||
# If a station does not send anything in ap_max_inactivity seconds, an
|
||||
|
|
Loading…
Reference in a new issue