T_X
Does anyone know, if there is a #QR code app capable of reading and applying #WPA Enterprise settings from such a code?
Found this, but this library seems deprecated now? https://github.com/zxing/zxing/pull/865
Implement support for WPA2 Enterprise (EAP) by steffen-kiess · Pull Request #865 · zxing/zxing

This adds support for parsing QR codes which contain information about an WPA2 enterprise (EAP) network. For WPA2 enterprise, strings will be of the form: WIFI:T:WPA2-EAP;S:[network SSID];H:[hidden...

GitHub
Jun 1, 2024 at 5:30pmWeb
Show threadT_XJun 2, 2024
Thanks to @loeb found out about the great #binaryeye QR code app by @markusfisch: https://github.com/markusfisch/BinaryEye. Seems to use a (more actively maintained?) port of the #ZXING library, namely #ZXING-CPP: https://github.com/zxing-cpp/zxing-cpp
On my HTC U11, Android 9, it seems to scan a #WPA Enterprise code and configure things fine (haven't tried connecting yet though). On @loeb 's phone with the same version of binary eye, but with #Android 14, it strangely seems to have difficulties with parsing/setting it though.
GitHub - markusfisch/BinaryEye: Yet another barcode scanner for Android

Yet another barcode scanner for Android. Contribute to markusfisch/BinaryEye development by creating an account on GitHub.

GitHub
Show threadT_XJun 2, 2024
@loeb @markusfisch and very strangely I can't find my previous QR scanner app on neither the Google Play Store nor F-droid anymore. It's just called "QR Scanner" and has version 1.28.02.1. Seems like it got kicked out from the Play Store somehow?
Show threadT_XJun 2, 2024
@loeb @markusfisch and for context, why I was looking into QR Code support for #WPA Enterprise in the first place: Looking into implementing #WPAoverIP / #WPAoverL2TP tunneling for #Freifunk, as a both easier and more flexible solution than traditional #VPN s for the client side: https://www.open-mesh.org/projects/open-mesh/wiki/OpenHarbors. Also more #Freifunk compatible than #Passpoint or #OpenRoaming. And should make the #Gluon "Private Wifi" feature work over the mesh (or even internet), too: https://gluon.readthedocs.io/en/latest/features/private-wlan.html
OpenHarbors - Open-Mesh - Open Mesh

Redmine

Show threadJPLJun 2, 2024
@T_X @loeb @markusfisch wtf! That's a weirdly fascinating approach. Sadly, it would add yet another tunnel to the stack, since it has to reach the internet through the existing mesh first.
Show threadT_XJun 2, 2024
@jpl @loeb @markusfisch could - but does not necessarily have to add overhead. For instance I'd use it to install a local internet exit gateway for a trailer park here, for an alternative, faster, direct but encrypted exit and a safely shared printer. Which could still use the mesh but would not go over the Gluon Mesh-VPN.
Show threadT_XJun 2, 2024
@jpl @loeb @markusfisch one could probably also do WPAoverEthertype/GRE directly for many cases when using batman-adv, including this local-exit use-case. But I find the flexibility/possibilities of WPAoverIP very intriguing :-). And wanted to have this feature available to mesh networks with a layer 3 routing protocol, too.
Show threadJPLJun 2, 2024

@T_X @loeb @markusfisch Hm, yes, when the exit gateway is reachable through the mesh without VPN. Niche case, but nice.

Of course you could just use any VPN for that, too. 😅

Show threadT_XJun 2, 2024
@jpl @loeb @markusfisch the nice thing is that all these operating systems have WPA Enterprise available already. So I'd hope that this would be a lot more accessible to non-technical people, especially with a QR-Code app capable of reading/configuring WPA-Enterprise settings. And a lot less maintenance overhead than an app for each OS (for maybe even multiple VPN protocols).
Show threadT_XJun 2, 2024

I could also imagine that maybe we could provide preflashed Freifunk routers, with both the AP and gateway side enabled by default on a Gluon router. And then put a QR Code sticker for the "Extended Private Wifi" on the device.

Then I think even my parents could install that access on their smartphone on their own: Scan the code, click connect, done. And whenever they'd connect to another Freifunk node or other AP anywhere with OpenHarbors ESSID then they be encrypted right back to home.

Show threadT_XJun 2, 2024

@jpl @loeb @markusfisch 1 more niche case/wild thought: I could imagine that a VPN-via-WPA-Enterprise might actually be closer to some #FIPS certification than many other VPN protocols. Which could be what some gov/blue lights orgs might care about / might require (though I'm not really a fan of FIPS myself, have seen non-sense requirements which even worsened security). But maybe for @thw?

Anyway, I think there could be so many small use-cases, that it might add up to a cool, bigger thing :-).

Show threadtxt.fileJun 2, 2024
Today I learned (got a pointer by @T_X ): The MeCard-like text for WiFi connection details is specific to be able to provide WPA-EAP details.
https://github.com/zxing/zxing/wiki/Barcode-Contents#wi-fi-network-config-android-ios-11
Barcode Contents

ZXing ("Zebra Crossing") barcode scanning library for Java, Android - zxing/zxing

GitHub