Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.1
1.1 ! mspo 1: **Contents**
! 2:
! 3: [[!toc]]
! 4:
! 5: # What is WPA ?
! 6:
! 7: Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA.
! 8:
! 9:
! 10: For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key:
! 11:
! 12: network={
! 13: ssid="MYWLAN"
! 14: scan_ssid=1
! 15: key_mgmt=WPA-PSK
! 16: psk="MySecretPassphrase"
! 17: }
! 18:
! 19:
! 20: It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
! 21:
! 22:
! 23: For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows:
! 24:
! 25: dhclient=YES
! 26: # Do not wait for lease; useful if no network is within reach, so boot will not hang
! 27: dhclient_flags="-nw"
! 28: wpa_supplicant=YES
! 29: wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
! 30:
! 31:
! 32: Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example:
! 33:
! 34: critical_filesystems_local="/var /usr"
! 35:
! 36:
! 37: That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`.
! 38:
! 39: # Using _dhcpcd_ instead of _dhclient_
! 40:
! 41: In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp:
! 42:
! 43: up
! 44: dhcp
! 45:
! 46:
! 47: This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`:
! 48:
! 49:
! 50: # Do not wait for lease; useful if no network is within reach, so boot will not hang
! 51: dhcpcd_flags="-q -b"
! 52: wpa_supplicant=YES
! 53: wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
! 54:
! 55:
! 56: # Adding a new network
! 57:
! 58: With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config:
! 59:
! 60: wpa_cli reconfigure
! 61:
! 62:
! 63: That's it. With
! 64:
! 65: wpa_cli status
! 66:
! 67:
! 68: you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease.
! 69:
! 70: If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as:
! 71:
! 72:
! 73: ctrl_interface=/var/run/wpa_supplicant
! 74: ctrl_interface_group=wheel
! 75:
! 76:
! 77: # Other Network Configurations
! 78:
! 79: _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority.
! 80:
! 81: ## Unprotected Networks
! 82:
! 83: network={
! 84: ssid="MYUNPROTECTEDWLAN"
! 85: scan_ssid=1
! 86: key_mgmt=NONE
! 87: priority=100
! 88: }
! 89:
! 90:
! 91: ## WEP encryption
! 92:
! 93: WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_:
! 94:
! 95: network={
! 96: ssid="MYWEAKLYENCRYPTEDWLAN"
! 97: key_mgmt=NONE
! 98: wep_key0="12345" # or 13 characters, or a hexkey starting with 0x
! 99: wep_tx_keyidx=0
! 100: }
! 101:
! 102:
! 103: Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)...
! 104:
! 105:
! 106: You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily:
! 107:
! 108:
! 109: ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
! 110:
! 111:
! 112: ## Password-Authenticated MSCHAPv2
! 113:
! 114: This seems to be a common configuration for password-authenticated networks:
! 115:
! 116: network={
! 117: ssid="WLANSSID"
! 118: key_mgmt=IEEE8021X
! 119: eap=PEAP
! 120: phase2="auth=MSCHAPV2"
! 121: identity="login"
! 122: password="password"
! 123: }
! 124:
! 125:
! 126:
! 127:
! 128:
! 129: ## WPA2
! 130:
! 131: **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration:
! 132:
! 133: wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
! 134: 1 network={
! 135: 2 ssid="My_world"
! 136: 3 #psk="My_secret"
! 137: 4 psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
! 138: 5 }
! 139:
! 140:
! 141: **Step 1:** and add the following changes marked by (+)
! 142:
! 143: +ap_scan=1
! 144: +ctrl_interface=/var/run/wpa_supplicant
! 145: +ctrl_interface_group=0
! 146: +
! 147: network={
! 148: + scan_ssid=1
! 149: + proto=RSN WPA
! 150: + key_mgmt=WPA-PSK
! 151: + pairwise=CCMP TKIP
! 152: + group=CCMP TKIP
! 153: ssid="My_world"
! 154: #psk="My_secret"
! 155: psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
! 156: }
! 157: +
! 158:
! 159:
! 160: **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values
! 161:
! 162: cat -n /etc/ifconfig.wpi0
! 163: 1 inet 192.168.1.23 netmask 255.255.255.0
! 164: 2 !route add default 192.168.1.254
! 165:
! 166:
! 167: **Step 3:** and add the following to /etc/defaults/rc.conf
! 168:
! 169: fgrep -i wpa /etc/defaults/rc.conf | nl
! 170: 1 # WPA daemons.
! 171: 2 wpa_supplicant=YES
! 172: 3 wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"
! 173:
! 174:
! 175: # See also
! 176:
! 177: * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
! 178: * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
! 179: * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to how_to_use_wpa_supplicant.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials