I’ve recently spent some time configuring vyos for at&t fiber (directly connected to ONT):
While i expected to end up keeping some configuration outside of vyos config (eg. wpa certs/configs), i was a bit surprised to eventually having to edit linux configs for wired wpa_supplicant.
Just wanted to understand, are those cases going to be sooner or later addressed / contribution accepted / included to roadmap. Any clarifications or considerations are appreciated.
As we now utilize wpa_supplicant also for MACsec it should not be too hard to port this over for 802.1x client support.
Hardcoded NA=1 and PD=2 are only utilized if temporary address is not selected or prefix-delegation is enabled. Those could be made configurable (⚓ T2677 Proposal for clearer DHCPv6-PD configuration options). We are more then happy for any contribution, the best thing would be discussion on Phabricator or “more realtime” via Slack.
@c-po, just curious, do you know if there are any plans to support 802.1X on VyOS? I am using macsec (802.1AE) but would like to use a more flexible key management process such as Radius in the future.