DEF CON Logo

Linux Wireless Setup

Wireless Network Information

In order to access the DEF CON 33 Wireless Network, you must have already registered. If you have have not done so, please go here and take care of that first.

Once you have registered, download the DEF CON Wifi Certificate and install locally. You can obtain the certificate here.

Linux Wpa_supplicant

WPA2 Enterprise

Drop the cert you downloaded above into /etc/ssl/certs

Create a new wpa_supplicant profile or add to your existing one at /etc/wpa_supplicant.conf

Enter the following as a base configuration:

network={
ssid="DefCon"
priority=1
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
auth_alg=OPEN
eap=PEAP
identity="YOUR_USERNAME"
password="YOUR_PASSWORD"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
ca_path="/etc/ssl/certs/"
altsubject_match="DNS:wifireg.defcon.org"
}

 Start wpa_supplicant via your choosen method.

And now you're done! Proceed to Flavortown.

Linux Wpa_supplicant

WPA3 Enterprise

Note: This may not work, but if it does you are uber secure on the network. Must be using wpa_supplicant 2.10 or later to even have a chance. Good luck!

Drop the cert you downloaded above into /etc/ssl/certs

Create a new wpa_supplicant profile or add to your existing one at /etc/wpa_supplicant.conf

Enter the following as a base configuration:

ap_scan=1
p2p_disabled=1

# WPA3-Enterprise wpa3-aes-gcm-256
network={
ssid="DefCon-WPA3"
priority=10
key_mgmt=WPA-EAP-SHA256
pairwise=GCMP-256
group=GCMP-256
ieee80211w=2
eap=PEAP
ca_path="/etc/ssl/certs/"
subject_match="CN=wifireg.defcon.org"
altsubject_match="DNS:wifi.defcon.org"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
identity="YOUR_USERNAME"
password="YOUR_PASSWORD"
}

 Start wpa_supplicant via your choosen method.

Note: If you run into trouble, ensure the cert is in your list of trusted certs. This will vary by distro.

And now you are done! Proceed to Flavortown.

Linux Nmcli

Drop the cert you downloaded above into /etc/ssl/certs

- Check that you have a wireless interface

nmcli dev status

- Turn on the wireless interface if it's off

sudo nmcli radio wifi on

- Create "DefCon-Secure" profile

sudo nmcli con add type wifi con-name DefCon-Secure ssid DefCon

- Edit "DefCon-Secure" profile

sudo nmcli con edit DefCon-Secure

- Input commands for secure connection w/ cert checking

set ipv4.method auto
set 802-1x.eap peap
set 802-1x.phase2-auth mschapv2
set 802-1x.identity YOUR_USERNAME
set 802-1x.password YOUR_PASSWORD
set wifi-sec.key-mgmt wpa-eap
set 802-1x.ca-path /etc/ssl/certs/
set 802-1x.altsubject-matches DNS:wifireg.defcon.org
set 802-1x.system-ca-certs yes
set 802-11-wireless-security.proto rsn
set 802-11-wireless-security.pairwise ccmp
set 802-11-wireless-security.group ccmp
set 802-11-wireless-security.auth-alg open
save
quit

 - Connect to network

sudo nmcli con up DefCon-Secure --ask

Warning: The network manager GUI does not show some of these options. Making changes from the GUI can easily invalidate this config.

And now you're done! Proceed to Flavortown.

© 1992- DEF CON Communications, Inc.
All Rights Reserved | DEF CON Policies