How Can I Configure NetworkManager To Use A Custom Wpa_supplicant Configuration With The Nl80211 Driver On A Fedora 34 Server To Establish A Reliable 802.1X EAP-TLS Connection To A RADIUS Server For Secure Authentication On A Local Area Network With Multiple VLANs?

Apr 25, 2025 by ADMIN 266 views

To configure NetworkManager on a Fedora 34 server for a reliable 802.1X EAP-TLS connection using a custom wpa_supplicant setup with the nl80211 driver, follow these steps:

1. Install Necessary Packages

Ensure wpa_supplicant and NetworkManager are installed:

sudo dnf install wpa_supplicant NetworkManager

2. Create Custom wpa_supplicant Configuration

Create a custom configuration file for wpa_supplicant:

sudo nano /etc/wpa_supplicant/wpa_supplicant-custom.conf

Add the following content, adjusting paths and server details as needed:

global {
    # Use nl80211 driver
    driver = "nl80211"
}
network=
ssid="your_ssid"
key_mgmt=IEEE8021X
eap=TLS
identity="your_identity"
ca_cert="/path/to/ca.crt"
client_cert="/path/to/client.crt"
private_key="/path/to/client.key"
private_key_password="your_password"
eapol_flags=0
# Optional Specify RADIUS server and port
auth_server=radius_server_ip
auth_port=1812
# Optional: NAS Identifier (if required by RADIUS server)
nas_identifier=your_nas_identifier

3. Configure NetworkManager

Create a custom NetworkManager configuration file:

sudo nano /etc/NetworkManager/NetworkManager.conf

Add or modify the following lines:

[main]
plugins=keyfile
dns=none
[ifcfg-rh]
write-connections-extras=true
[device]
wifi.scan-rand-mac-address=no

4. Create a NetworkManager Connection Profile

Use nmcli to create a connection profile for your interface (e.g., enp0s3):

sudo nmcli connection add type ethernet con-name your_connection_name ifname enp0s3 802-1x.eap-tls ca-cert /path/to/ca.crt client-cert /path/to/client.crt private-key /path/to/client.key private-key-password your_password

5. Configure VLAN Support (Optional)

If multiple VLANs are needed, create VLAN interfaces. For each VLAN, create a connection:

sudo nmcli connection add type vlan con-name vlan100 ifname vlan100 parent enp0s3 id 100

6. Restart and Enable NetworkManager

Apply changes by restarting NetworkManager:

sudo systemctl restart NetworkManager
sudo systemctl enable NetworkManager

7. Verify the Connection

Check if the connection is established:

nmcli connection show
nmcli device status

8. Troubleshooting

Check logs for issues:

journalctl -u NetworkManager
journalctl -u wpa_supplicant

Summary

By following these steps, you've configured NetworkManager to use a custom wpa_supplicant setup with the nl80211 driver for a secure 802.1X EAP-TLS connection, suitable for multiple VLANs on a Fedora 34 server. Ensure all paths and certificates are correctly specified and test the connection thoroughly.