Diff for /wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn between versions 1.1 and 1.2

version 1.1, 2011/11/21 03:22:58 version 1.2, 2012/02/05 07:14:36
Line 1 Line 1
 **Contents**  **Contents**
   
 [[!toc]]  [[!toc]]
   
 #  What is WPA ?  #  What is WPA ? 
   
 Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA.  Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA. 
   
   
 For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key:  For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key: 
          
     network={      network={
             ssid="MYWLAN"              ssid="MYWLAN"
             scan_ssid=1              scan_ssid=1
             key_mgmt=WPA-PSK              key_mgmt=WPA-PSK
             psk="MySecretPassphrase"              psk="MySecretPassphrase"
     }      }
          
   
 It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).  It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current). 
   
   
 For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows:  For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows: 
          
     dhclient=YES      dhclient=YES
     # Do not wait for lease; useful if no network is within reach, so boot will not hang      # Do not wait for lease; useful if no network is within reach, so boot will not hang
     dhclient_flags="-nw"      dhclient_flags="-nw"
     wpa_supplicant=YES      wpa_supplicant=YES
     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"      wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
          
   
 Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example:  Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example: 
          
     critical_filesystems_local="/var /usr"      critical_filesystems_local="/var /usr"
          
   
 That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`.  That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`. 
   
 #  Using _dhcpcd_ instead of _dhclient_  #  Using _dhcpcd_ instead of _dhclient_
   
 In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp:  In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp: 
          
     up      up
     dhcp      dhcp
          
   
 This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`:  This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`: 
          
   
 # Do not wait for lease; useful if no network is within reach, so boot will not hang  # Do not wait for lease; useful if no network is within reach, so boot will not hang
     dhcpcd_flags="-q -b"      dhcpcd_flags="-q -b"
     wpa_supplicant=YES      wpa_supplicant=YES
     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"      wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
          
   
 #  Adding a new network  #  Adding a new network 
   
 With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config:  With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config: 
          
     wpa_cli reconfigure      wpa_cli reconfigure
          
   
 That's it. With  That's it. With 
          
     wpa_cli status      wpa_cli status
          
   
 you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease.  you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease. 
   
 If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as:  If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as: 
          
   
     ctrl_interface=/var/run/wpa_supplicant      ctrl_interface=/var/run/wpa_supplicant
     ctrl_interface_group=wheel      ctrl_interface_group=wheel
          
   
 #  Other Network Configurations  #  Other Network Configurations 
   
 _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority.  _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority. 
   
 ##  Unprotected Networks  ##  Unprotected Networks 
          
     network={      network={
         ssid="MYUNPROTECTEDWLAN"          ssid="MYUNPROTECTEDWLAN"
         scan_ssid=1          scan_ssid=1
         key_mgmt=NONE          key_mgmt=NONE
         priority=100          priority=100
     }      }
          
   
 ##  WEP encryption  ##  WEP encryption 
   
 WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_:  WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_: 
          
     network={      network={
             ssid="MYWEAKLYENCRYPTEDWLAN"              ssid="MYWEAKLYENCRYPTEDWLAN"
             key_mgmt=NONE              key_mgmt=NONE
             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x              wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
             wep_tx_keyidx=0              wep_tx_keyidx=0
     }      }
          
   
 Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)...  Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)... 
   
   
 You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily:  You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily: 
   
   
 ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345  ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
          
   
 ##  Password-Authenticated MSCHAPv2  ##  Password-Authenticated MSCHAPv2 
   
 This seems to be a common configuration for password-authenticated networks:  This seems to be a common configuration for password-authenticated networks: 
          
     network={      network={
         ssid="WLANSSID"          ssid="WLANSSID"
         key_mgmt=IEEE8021X          key_mgmt=IEEE8021X
         eap=PEAP          eap=PEAP
         phase2="auth=MSCHAPV2"          phase2="auth=MSCHAPV2"
         identity="login"          identity="login"
         password="password"          password="password"
     }      }
          
   
      
   
   
 ##  WPA2  ##  WPA2 
   
 **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration:  **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration: 
          
     wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl      wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
         1  network={          1  network={
         2          ssid="My_world"          2          ssid="My_world"
         3          #psk="My_secret"          3          #psk="My_secret"
         4          psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b          4          psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
         5  }          5  }
          
   
 **Step 1:** and add the following changes marked by (+)  **Step 1:** and add the following changes marked by (+) 
          
     +ap_scan=1      +ap_scan=1
     +ctrl_interface=/var/run/wpa_supplicant      +ctrl_interface=/var/run/wpa_supplicant
     +ctrl_interface_group=0      +ctrl_interface_group=0
     +      +
     network={      network={
     +       scan_ssid=1      +       scan_ssid=1
     +       proto=RSN WPA      +       proto=RSN WPA
     +       key_mgmt=WPA-PSK      +       key_mgmt=WPA-PSK
     +       pairwise=CCMP TKIP      +       pairwise=CCMP TKIP
     +       group=CCMP TKIP      +       group=CCMP TKIP
            ssid="My_world"             ssid="My_world"
            #psk="My_secret"             #psk="My_secret"
            psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b             psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
      }       }
     +      +
          
   
 **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values  **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values 
          
     cat -n /etc/ifconfig.wpi0      cat -n /etc/ifconfig.wpi0
         1  inet 192.168.1.23 netmask 255.255.255.0          1  inet 192.168.1.23 netmask 255.255.255.0
         2  !route add default 192.168.1.254          2  !route add default 192.168.1.254
          
   
 **Step 3:** and add the following to /etc/defaults/rc.conf  **Step 3:** and add the following to /etc/defaults/rc.conf 
          
     fgrep -i wpa /etc/defaults/rc.conf | nl      fgrep -i wpa /etc/defaults/rc.conf | nl
         1  # WPA daemons.          1  # WPA daemons.
         2  wpa_supplicant=YES          2  wpa_supplicant=YES
         3  wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"          3  wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"
          
   
 #  See also  #  See also 
   
   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)    * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)    * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)    * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb