Argon, particle-cli & WPA2 Enterprise (PEAP/MSCHAPv2)


#1

Hello, I just received my Mesh order yesterday! I wanted to play around with it a bit on my University network, and I know that at some point recently WPA2 Enterprise support was added for the Particle Photon, so I figured that it might also be available to the Argon.

However, there’s one problem; the only way that’s available to set this up is with particle-cli (see the docs). I just installed the latest particle-cli for Windows (with the installer) and ran particle serial wifi… But WPA2 Enterprise is never an option when selecting security types; only WEP, WPA, WPA2, and Unsecured are available; I chose WPA2, and I am only given the cipher choices and never the opportunity to enter the various PEAP/MSCHAPv2 information as referenced in the docs.

Am I missing something? Is WPA2 Enterprise support not a thing anymore? Or is it only for the Photon?

[edit] Maybe the Particle CLI’s particle serial wifi is not updated to support the 3rd Gen hardware, as Will notes in this post


#2

The Argon does not support WPA2 Enterprise at this time.

I don’t have any information about if or when it might be implemented, but I’ll see if I can find out.


#3

Quick question - have you got WPA2 Enterprise PEAP/MSCHAPv2 working on the Photon in your University Environment.

Perhaps the Ethernet Featherwing is a more sensible route for now!


#4

No, back when the Photon came out and I brought it into the University environment to play with - the WPA2 Enterprise support hadn’t yet been developed. I just left them at home :slight_smile:


#5

The word is that WPA2 Enterprise support will be added, however not immediately. All of the effort is on stability and reliability at this point. Once things look stable we’ll add in the missing features like BLE, WPA2 Enterprise, etc…


#6

I am working on devices/products for use in Universities - they all want WPA2 Enterprise security but I haven’t been able to get it to work 0.8.0-RC.11 with my test WAP and RADIUS server. I believe that there is an issue still with the program space to fit in different signature methods for when the RADIUS server does not use the one the Photon can support. However, with the extra space that the Argon has this shouldn’t be such an issue :wink:


#7

I have to say I am pretty disappointed that the Argon which is supposed to replace the Photon, does not support the same connection features of it’s predecessor.


#8

@jeaimehp, the Argon was never designed to replace the Photon. It is designed primarily as a WiFi gateway for Mesh. It is also early days for Mesh devices and support for WPA2 Enterprise may well be on Particle’s todo list for the Argon.


#9

Any advance on WPA2 Enterprise on Argon? It would help our our project, thanks!


#10

Unfortunately not, the priority has been BLE and NFC for 1.2.0.

Just to confirm - do you have a photon and are you currently able to connect using WPA2 Enterprise with PEAP/MSCHAPv2? If so, it would be helpful to share the router and Radius server used.


#11

Is there any movement on Argon WPA2 Enterprise (PEAP/MSCHAPv2) connection? This is essential for using it in industry.


#12

For the photon at least, Device OS 1.4.1 has been a huge step forward in terms of WPA/WPA2 Enterprise working. It is a very complicated area - at least the setups of Enterprise WAP/Radius Servers are a lot more variable than with WPA2. This experience with 1.4.1 should make it quicker to implement Enterprise security on the Argon with its ESP32 based WiFi comms. For an exact timescale you would need to get a reply from someone in Product Management at Particle.


#13

Thanks for the update. I want to use the Argon’s as a gateway for Xenon in a mesh network connected to eduroam. That alone would be awesome for education applications. Much smaller target with respect to WPA2 Enterprise etc. I’m guessing it’s not possible to set this up on the Argon’s in code using wifi.setCredentials?


#14

I would expect that the same WiFiCredentials class will be implemented. [https://docs.particle.io/reference/device-os/firmware/photon/#wificredentials-class]

I will let you know about eduroam soon - I am not expecting any issues myself but I haven’t setup a test AP yet.


#15

On Aug 26 I filed an internal enhancement request asking for WPA/2-E “sooner rather than later” on the Argon. It has not yet been scheduled, but I periodically bring it up just to keep visibility on it. I’ve spent so much time trying to debug this stuff over the last year with various customers (with 1.4.1 being the first real progress we’ve made in that time), that I’m not going to easily give up championing it. I can’t promise anything for the moment, but I did want you to know that it’s very much on my mind quite a bit.

BTW the workaround that’s in 1.4.1+ is just not messing with trying to negotiate using TLS 1.2 at all, and using 1.1 or even (if I understand things correctly) 1.0 instead. Obviously that’s not ideal, but you should know that TLS 1.2 may never work with the Photon.

Hopefully the story will be a lot better with the Argon.


#16

Thanks much appreciated!


#17

Did you ever receive an update on this?


#18

Sorry about my delayed response. If you’re asking whether I’ve heard anything more about getting WPAx Enterprise implemented on the Argon, the answer is no. I have asked the engineering team again about what the plan is, and I will report back with what I find out.


#19

Thanks! I hope you get good news.