Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.1

1.1     ! mspo        1: **Contents**
        !             2: 
        !             3: [[!toc]]
        !             4: 
        !             5: #  What is WPA ? 
        !             6: 
        !             7: Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA. 
        !             8: 
        !             9: 
        !            10: For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key: 
        !            11:     
        !            12:     network={
        !            13:             ssid="MYWLAN"
        !            14:             scan_ssid=1
        !            15:             key_mgmt=WPA-PSK
        !            16:             psk="MySecretPassphrase"
        !            17:     }
        !            18:     
        !            19: 
        !            20: It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current). 
        !            21: 
        !            22: 
        !            23: For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows: 
        !            24:     
        !            25:     dhclient=YES
        !            26:     # Do not wait for lease; useful if no network is within reach, so boot will not hang
        !            27:     dhclient_flags="-nw"
        !            28:     wpa_supplicant=YES
        !            29:     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
        !            30:     
        !            31: 
        !            32: Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example: 
        !            33:     
        !            34:     critical_filesystems_local="/var /usr"
        !            35:     
        !            36: 
        !            37: That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`. 
        !            38: 
        !            39: #  Using _dhcpcd_ instead of _dhclient_
        !            40: 
        !            41: In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp: 
        !            42:     
        !            43:     up
        !            44:     dhcp
        !            45:     
        !            46: 
        !            47: This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`: 
        !            48:     
        !            49: 
        !            50: # Do not wait for lease; useful if no network is within reach, so boot will not hang
        !            51:     dhcpcd_flags="-q -b"
        !            52:     wpa_supplicant=YES
        !            53:     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
        !            54:     
        !            55: 
        !            56: #  Adding a new network 
        !            57: 
        !            58: With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config: 
        !            59:     
        !            60:     wpa_cli reconfigure
        !            61:     
        !            62: 
        !            63: That's it. With 
        !            64:     
        !            65:     wpa_cli status
        !            66:     
        !            67: 
        !            68: you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease. 
        !            69: 
        !            70: If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as: 
        !            71:     
        !            72: 
        !            73:     ctrl_interface=/var/run/wpa_supplicant
        !            74:     ctrl_interface_group=wheel
        !            75:     
        !            76: 
        !            77: #  Other Network Configurations 
        !            78: 
        !            79: _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority. 
        !            80: 
        !            81: ##  Unprotected Networks 
        !            82:     
        !            83:     network={
        !            84:         ssid="MYUNPROTECTEDWLAN"
        !            85:         scan_ssid=1
        !            86:         key_mgmt=NONE
        !            87:         priority=100
        !            88:     }
        !            89:     
        !            90: 
        !            91: ##  WEP encryption 
        !            92: 
        !            93: WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_: 
        !            94:     
        !            95:     network={
        !            96:             ssid="MYWEAKLYENCRYPTEDWLAN"
        !            97:             key_mgmt=NONE
        !            98:             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
        !            99:             wep_tx_keyidx=0
        !           100:     }
        !           101:     
        !           102: 
        !           103: Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)... 
        !           104: 
        !           105: 
        !           106: You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily: 
        !           107: 
        !           108: 
        !           109: ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
        !           110:     
        !           111: 
        !           112: ##  Password-Authenticated MSCHAPv2 
        !           113: 
        !           114: This seems to be a common configuration for password-authenticated networks: 
        !           115:     
        !           116:     network={
        !           117:         ssid="WLANSSID"
        !           118:         key_mgmt=IEEE8021X
        !           119:         eap=PEAP
        !           120:         phase2="auth=MSCHAPV2"
        !           121:         identity="login"
        !           122:         password="password"
        !           123:     }
        !           124:     
        !           125: 
        !           126:   
        !           127: 
        !           128: 
        !           129: ##  WPA2 
        !           130: 
        !           131: **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration: 
        !           132:     
        !           133:     wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
        !           134:         1  network={
        !           135:         2          ssid="My_world"
        !           136:         3          #psk="My_secret"
        !           137:         4          psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
        !           138:         5  }
        !           139:     
        !           140: 
        !           141: **Step 1:** and add the following changes marked by (+) 
        !           142:     
        !           143:     +ap_scan=1
        !           144:     +ctrl_interface=/var/run/wpa_supplicant
        !           145:     +ctrl_interface_group=0
        !           146:     +
        !           147:     network={
        !           148:     +       scan_ssid=1
        !           149:     +       proto=RSN WPA
        !           150:     +       key_mgmt=WPA-PSK
        !           151:     +       pairwise=CCMP TKIP
        !           152:     +       group=CCMP TKIP
        !           153:            ssid="My_world"
        !           154:            #psk="My_secret"
        !           155:            psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
        !           156:      }
        !           157:     +
        !           158:     
        !           159: 
        !           160: **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values 
        !           161:     
        !           162:     cat -n /etc/ifconfig.wpi0
        !           163:         1  inet 192.168.1.23 netmask 255.255.255.0
        !           164:         2  !route add default 192.168.1.254
        !           165:     
        !           166: 
        !           167: **Step 3:** and add the following to /etc/defaults/rc.conf 
        !           168:     
        !           169:     fgrep -i wpa /etc/defaults/rc.conf | nl
        !           170:         1  # WPA daemons.
        !           171:         2  wpa_supplicant=YES
        !           172:         3  wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"
        !           173:     
        !           174: 
        !           175: #  See also 
        !           176: 
        !           177:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
        !           178:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
        !           179:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb