WPA2 Enterprise PEAP Support #347
Description
Purpose:
This issue is intended to:
- Track the implementation of basic WPA2-Enterprise (PEAP) support
- Document current understanding and prior exploration
- Serve as a personal progress log for implementation work
Goal:
Enable support for WPA2-Enterprise (PEAP) authentication using username and password on ESP32 powered Airgradient Devices
This initial implementation will not support certificate-based authentication or storage. These features add significant complexity and are not necessary for the majority of enterprise WiFi use cases.
Background and Analysis
- WiFi Manager
Handles WiFi setup and network connection - AgConfigure
Responsible for storing configuration data. Currently uses SPIFFS on ESP32.
Existing Work
- Preliminary PEAP support was added in this experimental WiFiManager branch: https://github.com/tzapu/WiFiManager/pull/1512/files
Known Limitations and Issues
-
ESP32 Only
-
No Automatic Credential Storage
ESP32 does not automatically store credentials for WPA2-Enterprise networks:- WiFi Manager will be getting a custom Storage Routine via NVS
- Library and Code-base review for storage collisions needed (initial search found no collisions)
-
Implementation would be prone to spoofed AP's, do to lack of certificate validation this is not ideal but arguably still better then WPA2-PSK (Unique credential vs Shared Credential).
-
Patching the Library would put it out of sync with active development with library main branch, fortunately the library is stable and code changes are infrequent.
Proposed Implementation Steps:
- Apply PEAP patch from experimental WiFiManager PR
- Resolve any merge issues or incompatibilities
- Test functionality in a simulated environment. (Document Environment for Future Testing)
- Investigate NVS flash usage and check for conflicts
- Validate error handling and fallback behavior when credentials are invalid or AP is unreachable #
Useful References
- WPA2 Enterprise PEAP support tzapu/WiFiManager#1512
- https://github.com/tzapu/WiFiManager/tree/PEAP
- https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-guides/wifi-security.html
- https://github.com/espressif/esp-idf/tree/master/examples/wifi/wifi_enterprise
Note: I'm using this issue both to document and share what I have researched and as motivation to myself to implement it, though I may be unable to commit to it...