<nav type="pills" justified="false">
  * [[:user_manuals|Back to Documentation]]
  * [[:technical:pp-linux|Linux and Hotspot 2.0/Passpoint]]
</nav>

----- 

====== Linux and Hotspot 2.0/Passpoint ======
===== Introduction =====
  * The Hotspot2.0/Passpoint support is probably the most difficult when compared to the other operating systems.
  * You will need to get your hands dirty and create a config file for the wpa_supplicant program that it can use to connect to a Hotspot2.0/Passpoint network.
  * If you are familiar with the standard wpa_supplicant config file then the learning curve will be less steep.

===== Sample wpa_supplicant config file =====
  * Below is a sample config file that is used to connect as a client to a Hotspot2.0/Passpoint network.
<file bash wpa_supplicant-wbw.conf>
country=ZA
interworking=1
hs20=1
auto_interworking=1
cred={
   realm="radiusdesk.com"
   ca_cert="/etc/ssl/certs/ca-certificates.crt"
   username="koos@hotspottwo"
   password="testing123"
   domain_suffix_match="mesh-manager.com;radiusdesk.com;openwrt.org"
   phase2="auth=MSCHAPV2"
   eap=TTLS
}

network={
   scan_ssid=1
   ssid="_Passpoint"
   key_mgmt=WPA-EAP WPA-EAP-SHA256
   ca_cert="/etc/ssl/certs/ca-certificates.crt"
   identity="koos@hotspottwo"
   anonymous_identity="anonymous@uam.mesh-manager.com"
   password="testing123"
   domain_suffix_match="mesh-manager.com;radiusdesk.com;openwrt.org"
   phase2="auth=MSCHAPV2"
   eap=TTLS
   proto=RSN
   ieee80211w=1
   beacon_int=100
}
</file>

===== cred Section =====
  * The **cred** section is specifically to connect to Hotspot2.0/Passpoint networks.
  * There are more detail here: https://web.mit.edu/freebsd/head/contrib/wpa/wpa_supplicant/README-HS20

===== network Section =====
  * The network section is pretty standard and covered many places where wpa_supplicant is discussed.
  * There is one item to take note of and that is the **ssid**. Although it is not used in Hotspot 2.0, we still need to specify it.
  * We use a convention of **_Passpoint**.
  * You will also note that some items listed under network is also listed under cred. That is normal.

===== Selecting the network =====
  * By default, wpa_supplicant is not using automatic network selection unless requested explicitly with the interworking_select command. This can be changed with the **auto_interworking=1** parameter to perform network selection automatically whenever trying to find a network for connection and none of the enabled network blocks match with the scan results.
  * **interworking** and **hs20** both has to be specified as active in the config file.

===== Log output on startup =====
  * With the following log output you can see how wpa_supplicant finds and connects to an SSID.
<code bash>
Wed Jul 23 10:28:09 2025 daemon.notice netifd: Network device 'zro0' link is down
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: Starting ANQP fetch for 82:af:ca:18:22:48 (HESSID 00:00:00:01:02:03)
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: GAS-QUERY-START addr=82:af:ca:18:22:48 dialog_token=33 freq=2412
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: GAS-QUERY-DONE addr=82:af:ca:18:22:48 dialog_token=33 freq=2412 status_code=0 result=SUCCESS
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: RX-ANQP 82:af:ca:18:22:48 ANQP Capability list
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: RX-ANQP 82:af:ca:18:22:48 NAI Realm list
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: RX-HS20-ANQP 82:af:ca:18:22:48 HS Capability List
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: ANQP-QUERY-DONE addr=82:af:ca:18:22:48 result=SUCCESS
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: ANQP fetch completed
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: INTERWORKING-AP 82:af:ca:18:22:48 type=unknown id=2 priority=0 sp_priority=0
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: INTERWORKING-SELECTED 82:af:ca:18:22:48
Wed Jul 23 10:28:13 2025 daemon.notice wpa_supplicant[1837]: wbw: SME: Trying to authenticate with 82:af:ca:18:22:48 (SSID='HotspotTwo Wireless' freq=2412 MHz)
Wed Jul 23 10:28:14 2025 kern.info kernel: [45847.860419] wbw: authenticate with 82:af:ca:18:22:48 (local address=82:af:ca:6d:64:d0)
Wed Jul 23 10:28:14 2025 kern.info kernel: [45847.868519] wbw: send auth to 82:af:ca:18:22:48 (try 1/3)
Wed Jul 23 10:28:14 2025 kern.info kernel: [45847.880117] wbw: authenticated
</code>

  * Here you can see ANQP and GAS working together to locate an SSID it can connect to.