|
version 1.1, 2011/11/21 03:22:58
|
version 1.2, 2012/02/05 07:14:36
|
|
Line 1
|
Line 1
|
| **Contents**
|
**Contents** |
|
|
|
| [[!toc]]
|
[[!toc]] |
|
|
|
| # What is WPA ?
|
# What is WPA ? |
|
|
|
| Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA.
|
Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA. |
|
|
|
|
|
|
| For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key:
|
For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key: |
|
|
|
| network={
|
network={ |
| ssid="MYWLAN"
|
ssid="MYWLAN" |
| scan_ssid=1
|
scan_ssid=1 |
| key_mgmt=WPA-PSK
|
key_mgmt=WPA-PSK |
| psk="MySecretPassphrase"
|
psk="MySecretPassphrase" |
| }
|
} |
|
|
|
|
|
|
| It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
|
It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current). |
|
|
|
|
|
|
| For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows:
|
For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows: |
|
|
|
| dhclient=YES
|
dhclient=YES |
| # Do not wait for lease; useful if no network is within reach, so boot will not hang
|
# Do not wait for lease; useful if no network is within reach, so boot will not hang |
| dhclient_flags="-nw"
|
dhclient_flags="-nw" |
| wpa_supplicant=YES
|
wpa_supplicant=YES |
| wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
|
wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf" |
|
|
|
|
|
|
| Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example:
|
Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example: |
|
|
|
| critical_filesystems_local="/var /usr"
|
critical_filesystems_local="/var /usr" |
|
|
|
|
|
|
| That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`.
|
That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`. |
|
|
|
| # Using _dhcpcd_ instead of _dhclient_
|
# Using _dhcpcd_ instead of _dhclient_ |
|
|
|
| In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp:
|
In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp: |
|
|
|
| up
|
up |
| dhcp
|
dhcp |
|
|
|
|
|
|
| This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`:
|
This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`: |
|
|
|
|
|
|
| # Do not wait for lease; useful if no network is within reach, so boot will not hang
|
# Do not wait for lease; useful if no network is within reach, so boot will not hang |
| dhcpcd_flags="-q -b"
|
dhcpcd_flags="-q -b" |
| wpa_supplicant=YES
|
wpa_supplicant=YES |
| wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
|
wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf" |
|
|
|
|
|
|
| # Adding a new network
|
# Adding a new network |
|
|
|
| With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config:
|
With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config: |
|
|
|
| wpa_cli reconfigure
|
wpa_cli reconfigure |
|
|
|
|
|
|
| That's it. With
|
That's it. With |
|
|
|
| wpa_cli status
|
wpa_cli status |
|
|
|
|
|
|
| you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease.
|
you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease. |
|
|
|
| If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as:
|
If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as: |
|
|
|
|
|
|
| ctrl_interface=/var/run/wpa_supplicant
|
ctrl_interface=/var/run/wpa_supplicant |
| ctrl_interface_group=wheel
|
ctrl_interface_group=wheel |
|
|
|
|
|
|
| # Other Network Configurations
|
# Other Network Configurations |
|
|
|
| _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority.
|
_wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority. |
|
|
|
| ## Unprotected Networks
|
## Unprotected Networks |
|
|
|
| network={
|
network={ |
| ssid="MYUNPROTECTEDWLAN"
|
ssid="MYUNPROTECTEDWLAN" |
| scan_ssid=1
|
scan_ssid=1 |
| key_mgmt=NONE
|
key_mgmt=NONE |
| priority=100
|
priority=100 |
| }
|
} |
|
|
|
|
|
|
| ## WEP encryption
|
## WEP encryption |
|
|
|
| WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_:
|
WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_: |
|
|
|
| network={
|
network={ |
| ssid="MYWEAKLYENCRYPTEDWLAN"
|
ssid="MYWEAKLYENCRYPTEDWLAN" |
| key_mgmt=NONE
|
key_mgmt=NONE |
| wep_key0="12345" # or 13 characters, or a hexkey starting with 0x
|
wep_key0="12345" # or 13 characters, or a hexkey starting with 0x |
| wep_tx_keyidx=0
|
wep_tx_keyidx=0 |
| }
|
} |
|
|
|
|
|
|
| Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)...
|
Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)... |
|
|
|
|
|
|
| You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily:
|
You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily: |
|
|
|
|
|
|
| ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
|
ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345 |
|
|
|
|
|
|
| ## Password-Authenticated MSCHAPv2
|
## Password-Authenticated MSCHAPv2 |
|
|
|
| This seems to be a common configuration for password-authenticated networks:
|
This seems to be a common configuration for password-authenticated networks: |
|
|
|
| network={
|
network={ |
| ssid="WLANSSID"
|
ssid="WLANSSID" |
| key_mgmt=IEEE8021X
|
key_mgmt=IEEE8021X |
| eap=PEAP
|
eap=PEAP |
| phase2="auth=MSCHAPV2"
|
phase2="auth=MSCHAPV2" |
| identity="login"
|
identity="login" |
| password="password"
|
password="password" |
| }
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ## WPA2
|
## WPA2 |
|
|
|
| **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration:
|
**Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration: |
|
|
|
| wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
|
wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl |
| 1 network={
|
1 network={ |
| 2 ssid="My_world"
|
2 ssid="My_world" |
| 3 #psk="My_secret"
|
3 #psk="My_secret" |
| 4 psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
|
4 psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b |
| 5 }
|
5 } |
|
|
|
|
|
|
| **Step 1:** and add the following changes marked by (+)
|
**Step 1:** and add the following changes marked by (+) |
|
|
|
| +ap_scan=1
|
+ap_scan=1 |
| +ctrl_interface=/var/run/wpa_supplicant
|
+ctrl_interface=/var/run/wpa_supplicant |
| +ctrl_interface_group=0
|
+ctrl_interface_group=0 |
| +
|
+ |
| network={
|
network={ |
| + scan_ssid=1
|
+ scan_ssid=1 |
| + proto=RSN WPA
|
+ proto=RSN WPA |
| + key_mgmt=WPA-PSK
|
+ key_mgmt=WPA-PSK |
| + pairwise=CCMP TKIP
|
+ pairwise=CCMP TKIP |
| + group=CCMP TKIP
|
+ group=CCMP TKIP |
| ssid="My_world"
|
ssid="My_world" |
| #psk="My_secret"
|
#psk="My_secret" |
| psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
|
psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b |
| }
|
} |
| +
|
+ |
|
|
|
|
|
|
| **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values
|
**Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values |
|
|
|
| cat -n /etc/ifconfig.wpi0
|
cat -n /etc/ifconfig.wpi0 |
| 1 inet 192.168.1.23 netmask 255.255.255.0
|
1 inet 192.168.1.23 netmask 255.255.255.0 |
| 2 !route add default 192.168.1.254
|
2 !route add default 192.168.1.254 |
|
|
|
|
|
|
| **Step 3:** and add the following to /etc/defaults/rc.conf
|
**Step 3:** and add the following to /etc/defaults/rc.conf |
|
|
|
| fgrep -i wpa /etc/defaults/rc.conf | nl
|
fgrep -i wpa /etc/defaults/rc.conf | nl |
| 1 # WPA daemons.
|
1 # WPA daemons. |
| 2 wpa_supplicant=YES
|
2 wpa_supplicant=YES |
| 3 wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"
|
3 wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf" |
|
|
|
|
|
|
| # See also
|
# See also |
|
|
|
| * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
|
* [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current) |
| * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
|
* [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current) |
| * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)
|
* [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/) |
![[BACK]](/icons/back.gif){kind=icon}
Return to how_to_use_wpa_supplicant.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials