Add script to setup easyroam on Ubuntu

2025-01-09 11:12:59 +01:00
parent 03d7052b3f
commit 8116232b7d
1 changed files with 92 additions and 0 deletions
--- a/92
+++ b/92
@ -0,0 +1,92 @@
+#!/bin/bash
+
+# This script is generating an eduroam network configuration using NetworkManager.
+# At first, you have to generate an easyroam profile on https://www.easyroam.de/ that
+# is generating an pkcs12 file as input for this script.
+
+# Usage:   bash configure-eduroam-with-easyroam.sh <YOUR-PKCS12-File>
+
+set -e
+
+# check for nmcli
+
+if ! type nmcli >/dev/null 2>&1; then
+	echo ""
+	echo "ERROR: nmcli not found!" >&2
+	echo "This wizard assumes that your network connections are managed by NetworkManager." >&2
+	echo ""
+	exit 1
+fi
+
+# check for wifi device
+
+if ! nmcli -g TYPE,DEVICE device | grep wifi >/dev/null; then
+	echo ""
+	echo "ERROR: Unable to find any wifi device!" >&2
+	echo ""
+	exit 1
+fi
+
+# check input file
+
+if [ -z "$1" ]; then
+	echo ""
+	echo "Your pkcs12 file is missed as input parameter."
+	echo ""
+	exit 1
+else
+	InputFile="$1"
+fi
+
+# set openssl legacy options if necessary
+
+LegacyOption=
+OpenSSLversion=$(openssl version | awk '{print $2}' | sed -e 's/\..*$//')
+if [ "$OpenSSLversion" -eq "3" ]; then
+	LegacyOption="-legacy"
+fi
+
+# check pkcs12 file
+
+Pwd="pkcs12"
+
+if ! openssl pkcs12 -in "$InputFile" $LegacyOption -info -passin pass: -passout pass:"$Pwd" > /dev/null 2>&1; then
+	echo ""
+	echo "ERROR: The given input file does not seem to be a valid pkcs12 file."
+	echo ""
+	exit 1
+fi
+
+# configure parameters
+
+WLANName="eduroam"
+ConfDir="$HOME/.easyroam"
+[ -d "$ConfDir" ] || mkdir -p "$ConfDir"
+
+# extract key, cert, ca and identity
+
+openssl pkcs12 -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_client_cert.pem"
+openssl pkcs12 -in "$InputFile" $LegacyOption -nocerts -passin pass: -passout pass:"$Pwd" -out "$ConfDir/easyroam_client_key.pem"
+openssl pkcs12 -info -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_root_ca.pem" > /dev/null 2>&1
+Identity=$(openssl x509 -noout -in "$ConfDir/easyroam_client_cert.pem" -subject | awk -F \, '{print $1}' | sed -e 's/.*=//' -e 's/\s*//')
+
+# Remove existing connections
+
+nmcli connection show | \
+	awk '$1==c{ print $2 }' c="$WLANName" | \
+	xargs -rn1 nmcli connection delete uuid
+
+# Create new connection
+
+nmcli connection add \
+	type wifi \
+	con-name "$WLANName" \
+	ssid "$WLANName" \
+	-- \
+	wifi-sec.key-mgmt wpa-eap \
+	802-1x.eap tls \
+	802-1x.identity "$Identity" \
+	802-1x.ca-cert "$ConfDir/easyroam_root_ca.pem" \
+	802-1x.client-cert "$ConfDir/easyroam_client_cert.pem" \
+	802-1x.private-key-password "$Pwd" \
+	802-1x.private-key "$ConfDir/easyroam_client_key.pem"