"Quote from: adamrc on August 06, 2024, 09:18:08 PM
I'm back up and running as well. I scrapped everything and went to the 8311 Discord channel for bypassing and got the proper info. Here are the files and contents that I used. Netgraph is no longer used/needed anymore.
/usr/local/etc/rc.syshook.d/early/04-wpa (make sure to chmod +x this file)Code Select#!/bin/sh
env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf
/conf/wpa/openssl.confCode Selectopenssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0
/conf/wpa/wpa_supplicant.confCode Select# Generated by 802.1x Credential Extraction Tool
# Copyright (c) 2018-2019 devicelocksmith.com
# Version: 1.04 windows 386
#
# Change file names to absolute paths
ctrl_interface=DIR=/var/run/wpa_supplicant
openssl_ciphers=DEFAULT@SECLEVEL=0
eapol_version=2
ap_scan=0
fast_reauth=1
network={
ca_cert="/conf/wpa/ca.pem"
client_cert="/conf/wpa/client.pem"
eap=TLS
eapol_flags=0
identity="REDACTED" # Internet (ONT) interface MAC address must match this value
key_mgmt=IEEE8021X
phase1="allow_canned_success=1"
private_key="/conf/wpa/private.pem"
}
Thank you for posting this. I just moved to OPNsense from pFsense and was struggling with the ngeth0 method. The method you referenced worked perfectly.
