--- wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn 2016/04/14 20:10:26 1.3 +++ wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn 2016/04/14 20:33:04 1.5 @@ -15,41 +15,43 @@ On NetBSD, the [wpa_supplicant(8)](http: To configure WPA/WPA2, you must create the file [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current). +You can find examples for `/etc/wpa_supplicant.conf` in + `/usr/share/examples/wpa_supplicant/wpa_supplicant.conf`. The simplest case is a network, say `my favourite network`, with a fixed passphrase, say `hunter2`. For this case, fill your `/etc/wpa_supplicant.conf` file with: - ctrl_interface=/var/run/wpa_supplicant - ctrl_interface_group=wheel - network={ - ssid="my favourite network" - psk="hunter2" - } + ctrl_interface=/var/run/wpa_supplicant + ctrl_interface_group=wheel + network={ + ssid="my favourite network" + psk="hunter2" + } Then enable wpa_supplicant on your network interface device, say `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current) to add - wpa_supplicant=YES - wpa_supplicant_flags="${wpa_supplicant_flags} -i iwn0" + wpa_supplicant=YES + wpa_supplicant_flags="${wpa_supplicant_flags} -i iwn0" If your LAN is configured with DHCP, you will likely also want `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current). Then start wpa_supplicant with the shell command: - # /etc/rc.d/wpa_supplicant start + # /etc/rc.d/wpa_supplicant start or reboot for the change to take effect. You can query the current status of WPA/WPA2 with the shell command: - # wpa_cli status + # wpa_cli status If you want to configure more 802.11 networks, add more `network` stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of them: - # /etc/rc.d/wpa_supplicant reload + # /etc/rc.d/wpa_supplicant reload # Do not wait for lease; useful if no network is within reach, so boot will not hang @@ -63,7 +65,7 @@ You can pass the `-b` flag to to make it immediately go into the background, by setting `dhcpcd_flags` in `/etc/rc.conf`: - dhcpcd_flags="${dhcpcd_flags} -b" + dhcpcd_flags="${dhcpcd_flags} -b" # Other Network Configurations @@ -77,19 +79,19 @@ These networks can be given different pr If the network is hidden, so that the access point does not broadcast its presence, you must specify the `scan_ssid=1` option: - network={ - ssid="my network" - scan_ssid=1 - psk="sekret" - } + network={ + ssid="my network" + scan_ssid=1 + psk="sekret" + } ## Open Networks - network={ - ssid="MYUNPROTECTEDWLAN" - key_mgmt=NONE - priority=100 - } + network={ + ssid="MYUNPROTECTEDWLAN" + key_mgmt=NONE + priority=100 + } ## WEP encryption @@ -99,31 +101,31 @@ It is known to be completely broken: bre However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with wpa_supplicant: - network={ - ssid="MYWEAKLYENCRYPTEDWLAN" - key_mgmt=NONE - wep_key0="12345" # or 13 characters, or a hexkey starting with 0x - wep_tx_keyidx=0 - } + network={ + ssid="MYWEAKLYENCRYPTEDWLAN" + key_mgmt=NONE + wep_key0="12345" # or 13 characters, or a hexkey starting with 0x + wep_tx_keyidx=0 + } Note that you have to use wpa_supplicant to configure WEP: you can also simply use [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current): - ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345 + ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345 ## Password-Authenticated MSCHAPv2 This seems to be a common configuration for password-authenticated networks: - network={ - ssid="WLANSSID" - key_mgmt=IEEE8021X - eap=PEAP - phase2="auth=MSCHAPV2" - identity="login" - password="password" - } + network={ + ssid="WLANSSID" + key_mgmt=IEEE8021X + eap=PEAP + phase2="auth=MSCHAPV2" + identity="login" + password="password" + } # See also