> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# WPA Enterprise: TTLS

> Connect to WPA Enterprise networks using TTLS with PAP, CHAP, or MSCHAPv2 as the inner authentication method.

## Overview

TTLS (Tunneled TLS) establishes a TLS tunnel first, then authenticates inside using a simpler inner method (PAP, CHAP, MSCHAPv2). Less common than PEAP but still present in some enterprise environments.

***

## Config File: TTLS/MSCHAPv2

`wpa-enterprise-ttls.conf`:

```
network={
    ssid="NETWORK-NAME"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="DOMAIN\username"
    anonymous_identity="anonymous"
    password="password"
    phase2="auth=MSCHAPV2"
}
```

***

## Config File: TTLS/PAP

```
network={
    ssid="NETWORK-NAME"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="DOMAIN\username"
    anonymous_identity="anonymous"
    password="password"
    phase2="auth=PAP"
}
```

***

## Connect

```bash theme={"dark"}
sudo wpa_supplicant -Dnl80211 -i <INTERFACE> -c wpa-enterprise-ttls.conf
```

Get an IP address:

```bash theme={"dark"}
sudo dhclient <INTERFACE> -v
```
