# FreeBSD and enterprise wireless networks.



## RainbowVodka (Aug 5, 2013)

Hi all,

I was wondering if anyone had experience with using FreeBSD on WPA2 Enterprise networks. I'm thinking about using FreeBSD on my company laptop (we're allowed to do whatever we want). My company has two wireless networks set up, both using PEAPv0 style authentication. The internal wireless uses an RSA token to gain access (along with our username) while the other uses a username and our password. I could see me connecting to the internal network ok but the problem is my job requires me to walk around constantly and there's a few dead spots for wireless coverage on the internal wireless. Would I have to constantly change the `wpa_supplicant.conf` with my current token and reconnect or is there a GUI than I can use that would just pop-up when I lose signal (I was thinking about using KDE as a DE)? This also begs the question, how does FreeBSD handle jumping from access point to access point (I think it's called roaming?)? My other option is to connect to the non-internal network and VPN in but then I lose some functionality and I feel like that's a terrible and very inefficient way of doing things. Thanks in advance!


----------



## ondra_knezour (Aug 5, 2013)

Roaming worked fine for me at least with the Atheros and Intel cards. 

There is net-mgmt/wifimgr.

I don't understand your problem with changing the configuration file. You can fill there the settings for all the networks you will use just once and you are ready to go. If you have to authenticate with some kind of security token with PIN or password protected access, you can probably create devd rule, which will fire on token insert, ask for PIN and reassociate using wpa_cli. Quick Googling shows there is even some support for the PKCS tokens access configuration from wpa_supplicant.conf including PIN entry (at least I would kill you with the coffee spoon, if you try to do that in my network using an unencrypted disk  ). But no personal experience on this subject here.


----------



## vermaden (Aug 5, 2013)

@RainbowVodka,

I use that below in /etc/wpa_supplicant.conf file to connect to WPA2 Enterprice company network:


```
network={
  ssid="C001P"
  scan_ssid=1
  key_mgmt=WPA-EAP
  identity="USERNAME"
  password="PASSWORD"
  eap=PEAP
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
}
```


----------

