My company uses the not-so-popular PEAP-EAP-TLS for wired 802.1x security, where the phase 2 auth is TLS. The connection editor does not allow for this, and only lists MSCHAPv2, MD5, and GTC as phase 2 auth options. It would be great if there was support for this in the editor, since it is supported by the NetworkManager itself, i.e., the following semi-manually crafted config file gets the connection up and running: [connection] id=Wired connection 1 uuid=324df8f5-49e5-3b33-af23-be59d14e45bf type=ethernet autoconnect-priority=-100 permissions= [ethernet] auto-negotiate=true mac-address=xx:xx:xx:xx:xx mac-address-blacklist= [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=ignore [802-1x] eap=peap identity=host/XXXXXXX.domain.local ca-path=/etc/ssl/certs phase1-peapver=0 phase2-autheap=tls phase2-ca-path=/etc/ssl/certs phase2-private-key=file:///etc/wpa_supplicant/XXXXXXXX.domain.local.p12 phase2-private-key-password=xxxxxxxxx
Created attachment 168794 [details] eap-tls option is missing
I had the same problem. I'm not able to choose "eap-tls" only eap and some others. See image. If I add configuration from other computer to /etc/NetworkManager/system-connections than it works. OS Debian 12, NM versions: # dpkg -l|grep -i network-manager ii network-manager 1.42.4-1 amd64 network management framework (daemon and userspace tools) ii network-manager-l2tp 1.20.8-1 amd64 network management framework (L2TP plugin core) ii network-manager-strongswan 1.6.0-1+deb12u1 amd64