Contents

  1. What is WPA ?
  2. Using dhcpcd instead of dhclient
  3. Do not wait for lease; useful if no network is within reach, so boot will not hang
  4. Adding a new network
  5. Other Network Configurations
  6. See also

What is WPA ?

Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses wpa_supplicant(8), a cross-platform framework for WPA.

For setting up WPA, create the file /etc/wpa_supplicant.conf and paste following code, replacing your own SSID and Key:

network={
        ssid="MYWLAN"
        scan_ssid=1
        key_mgmt=WPA-PSK
        psk="MySecretPassphrase"
}

It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page wpa_supplicant.conf(5).

For setting WPA up with dhclient(8), make the configuration in rc.conf(5) as follows:

dhclient=YES
# Do not wait for lease; useful if no network is within reach, so boot will not hang
dhclient_flags="-nw"
wpa_supplicant=YES
wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"

Also, note that wpa_supplicant lives in /usr/sbin. Depending on your file system layout, you may need to add /usr to the critical_filesystems_local override in /etc/rc.conf. Example:

critical_filesystems_local="/var /usr"

That's it. Now you can start wpa_supplicant with /etc/rc.d/wpa_supplicant start, then restart your network with /etc/rc.d/network restart.

Using dhcpcd instead of dhclient

In NetBSD 5.0, you can also put a new line in /etc/ifconfig.ath0 that mentions dhcp:

up
dhcp

This will bring the interface up and start dhcpcd(8), the new DHCP client daemon. If you do this, you can remove dhclient from your configuration and change the dhclient_flags to dhcpcd_flags:

Do not wait for lease; useful if no network is within reach, so boot will not hang

dhcpcd_flags="-q -b"
wpa_supplicant=YES
wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"

Adding a new network

With the above setup, all you have to do is add the configuration to your wpa_supplicant.conf and then tell wpa_supplicant to reload its config:

wpa_cli reconfigure

That's it. With

wpa_cli status

you can track the status, and see if it authenticates. If you wait a moment, dhcpcd will pick up the change and automatically obtain a new lease.

If the wpa_cli command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the ctrl_interface parameter in the wpa_supplicant.conf(8) as:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

Other Network Configurations

wpa_supplicant can also connect to other network configurations. These configurations can be given different priorities using the priority field, with a higher number indicating a higher priority.

Unprotected Networks

network={
    ssid="MYUNPROTECTEDWLAN"
    scan_ssid=1
    key_mgmt=NONE
    priority=100
}

WEP encryption

WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with wpa_supplicant:

network={
        ssid="MYWEAKLYENCRYPTEDWLAN"
        key_mgmt=NONE
        wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
        wep_tx_keyidx=0
}

Oddly enough, the wep_key0 and wep_tx_keyidx seem to be undocumented in wpa_supplicant.conf(5)...

You don't have to use wpa_supplicant to do it, though. With ?ifconfig you can do it just as easily:

ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345

Password-Authenticated MSCHAPv2

This seems to be a common configuration for password-authenticated networks:

network={
    ssid="WLANSSID"
    key_mgmt=IEEE8021X
    eap=PEAP
    phase2="auth=MSCHAPV2"
    identity="login"
    password="password"
}

WPA2

Step 0: for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration:

wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
    1  network={
    2          ssid="My_world"
    3          #psk="My_secret"
    4          psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
    5  }

Step 1: and add the following changes marked by (+)

+ap_scan=1
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=0
+
network={
+       scan_ssid=1
+       proto=RSN WPA
+       key_mgmt=WPA-PSK
+       pairwise=CCMP TKIP
+       group=CCMP TKIP
       ssid="My_world"
       #psk="My_secret"
       psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
 }
+

Step 2: and add the following to ifconfig.INTERFACE_NAME with your own address values

cat -n /etc/ifconfig.wpi0
    1  inet 192.168.1.23 netmask 255.255.255.0
    2  !route add default 192.168.1.254

Step 3: and add the following to /etc/defaults/rc.conf

fgrep -i wpa /etc/defaults/rc.conf | nl
    1  # WPA daemons.
    2  wpa_supplicant=YES
    3  wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"

See also

Add a comment