# WiFi

Students have an open access to WiFi connection at school. EPITA provides two
differents networks with various specifications detailled below.

```nohighlight
Your Bocal logins are required to connect to the WiFi network.
```

## IONIS

The IONIS WiFi hotspot **requires a 5 Ghz WiFi card**. The IONIS WiFi is
recommended as it provides a faster and more stable connection.

To connect on IONIS, follow these steps:

1. Connect to the IONIS WiFi hotspot
2. You will be asked for your logins. You need to log with your epita's email address and *Bocal*'s password.

## Archlinux configuration

This section assumes you want to connect to the IONIS WiFi on an Archlinux
distribution, and have an activated WiFi interface.
To get the name of your WiFi interface you can type: `$ iw dev`.

This configuration is using **netctl**, a profile-based network manager
for Archlinux.
Thus, you will have to configure a network _profile_. A simple profile is
presented below. For more information, please visit the
[Archlinux wiki on netctl](https://wiki.archlinux.org/index.php/netctl).

1. Create a file in `/etc/netctl/`. Its name should be self-explanatory.
   A good name would be \<interface\>-IONIS.
2. Fill it with the following configuration, with your parameters:
```sh
Description='EPITA IONIS profile'
Interface=<interface>
ESSID='IONIS'
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="IONIS"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'identity="<epita_email_address>"'
    'password="<bocal_password>"'
)
```
3. Start the profile.
`$ netctl start <file_name>`
You can also enable it, to automatically try to connect to IONIS at boot.
`$ netctl enable <file_name>`

If you wish to avoid having a password stored in plain text, you may want to
try _wpa\_passphrase_ to make a pre-shared key instead, calculated from an input
passphrase and the SSID. Please refer to this
[netctl section](https://wiki.archlinux.org/index.php/netctl#Obfuscate_wireless_passphrase).

You can find other configuration examples in `/etc/netctl/examples/`.

## Troubleshooting

### TLS 1.0/1.1

TLS versions 1.0 and 1.1 are still in use and are being deprecated and disabled
by some operating systems. If `journalctl -e -u wpa_supplicant.service` (the
service name may change depending on your distribution) reports something like:

```
wlp2s0: SME: Trying to authenticate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
wlp2s0: Trying to associate with 9c:5d:12:de:c4:e4 (SSID='IONIS' freq=5180 MHz)
wlp2s0: Associated with 9c:5d:12:de:c4:e4
wlp2s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp2s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlp2s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
wlp2s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
```

You have to allow explicitly the legacy security policies. For Fedora 33+, see
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2.