Post-it: PROXIMUS AUTO FON and TelenetWifree (Belgium) from GNU/Linux (or Windows 7)

Posted on 2 mins read

(This is an old post kept because it’s linked from several places. I have no idea if it’s still applicable.)

The Belgian ISPs Proximus and Telenet both provide access to a network of hotspots. A nice recent addition is the use of alternative ssids for “automatic” connections instead of a captive portal where you login through a webpage. Sadly, their support pages provide next to no information to make a safe connection to these hotspots.

Proximus is a terrible offender. According to their support page on a PC only Windows 8.1 is supported. Linux, OSX and Windows 8 (!) or 7 users are kindly encouraged to use the open wifi connection and login through the captive portal. Oh, and no certification information is given for Windows 8.1 either. That’s pretty silly, as they use EAP-TTLS. Here is the setup to connect from whatever OS you use (terminology from gnome-network-manager):

SSID: PROXIMUS_AUTO_FON
Security: WPA2 Enterprise
Authentication: Tunneled TLS (TTLS)
Anonymous identity: what_ever_you_wish_here@proximusfon.be
Certificate: GlobalSign Root CA
(in Debian/Ubuntu in /usr/share/ca-certificates/mozilla/)
Inner Authentication: MSCHAPv2
Usename: your_fon_username_here@proximusfon.be
Password: your_password_here
RADIUS server certificate (optional): radius.isp.belgacom.be

Telenet’s support page is slightly better (not a fake Windows 8.1 restriction), but pretty useless as well with no certificate information whatsoever. Here is the information needed to use TelenetWifree using PEAP:

SSID: TelenetWifree
Security: WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity:what_ever_you_wish_here@telenet.be
Certificate: GlobalSign Root CA
(in Debian/Ubuntu in /usr/share/ca-certificates/mozilla/)
Inner Authentication: MSCHAPv2
Usename: your_fon_username_here@telenet.be
Password: your_password_here
RADIUS server certificate (optional): authentic.telenet.be

If you’re interested, screenshots of the relevant parts of the wireshark trace are attached here:

telenet dump proximus dump

(Post moved from nxadm.wordpress.com.)