Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.3

1.2       schmonz     1: **Contents**
                      2: 
                      3: [[!toc]]
                      4: 
1.3     ! riastrad    5: #  What is WPA/WPA2?
1.2       schmonz     6: 
1.3     ! riastrad    7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
        !             8:  and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
        !             9:  authentication and encryption standards, the successors to the simpler
        !            10:  [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
        !            11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
        !            12:  authentication.
        !            13: On NetBSD, the [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
        !            14:  daemon handles WPA/WPA2.
        !            15: 
        !            16: To configure WPA/WPA2, you must create the file
        !            17:  [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
        !            18: The simplest case is a network, say `my favourite network`, with a
        !            19:  fixed passphrase, say `hunter2`.
        !            20: For this case, fill your `/etc/wpa_supplicant.conf` file with:
        !            21: 
        !            22:    ctrl_interface=/var/run/wpa_supplicant
        !            23:    ctrl_interface_group=wheel
        !            24:    network={
        !            25:            ssid="my favourite network"
        !            26:            psk="hunter2"
        !            27:    }
        !            28: 
        !            29: Then enable wpa_supplicant on your network interface device, say
        !            30:  `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
        !            31:  to add
        !            32: 
        !            33:    wpa_supplicant=YES
        !            34:    wpa_supplicant_flags="${wpa_supplicant_flags} -i iwn0"
        !            35: 
        !            36: If your LAN is configured with DHCP, you will likely also want
        !            37:  `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current).
        !            38: Then start wpa_supplicant with the shell command:
        !            39: 
        !            40:    # /etc/rc.d/wpa_supplicant start
        !            41: 
        !            42: or reboot for the change to take effect.
        !            43: 
        !            44: You can query the current status of WPA/WPA2 with the shell command:
        !            45: 
        !            46:    # wpa_cli status
        !            47: 
        !            48: If you want to configure more 802.11 networks, add more `network`
        !            49:  stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
        !            50:  them:
        !            51: 
        !            52:    # /etc/rc.d/wpa_supplicant reload
        !            53: 
        !            54: #  Do not wait for lease; useful if no network is within reach, so boot will not hang
        !            55: 
        !            56: For a typical laptop, you will usually want to use DHCP to get an IP
        !            57:  address on any network you're on, but you won't always be on the
        !            58:  network.
        !            59: In that case, when you're booting up, you don't want to have to wait
        !            60:  until you can associate with the network and get a DHCP lease.
        !            61: You can pass the `-b` flag to
        !            62:  [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current)
        !            63:  to make it immediately go into the background, by setting
        !            64:  `dhcpcd_flags` in `/etc/rc.conf`:
        !            65: 
        !            66:    dhcpcd_flags="${dhcpcd_flags} -b"
        !            67: 
        !            68: #  Other Network Configurations
        !            69: 
        !            70: wpa_supplicant can also connect to other wireless network
        !            71:  configurations.
        !            72: These networks can be given different priorities using the `priority`
        !            73:  field, with a higher number indicating a higher priority.
        !            74: 
        !            75: ##  Hidden Networks
        !            76: 
        !            77: If the network is hidden, so that the access point does not broadcast
        !            78:  its presence, you must specify the `scan_ssid=1` option:
        !            79: 
        !            80:    network={
        !            81:            ssid="my network"
        !            82:            scan_ssid=1
        !            83:            psk="sekret"
        !            84:    }
        !            85: 
        !            86: ##  Open Networks
        !            87: 
        !            88:    network={
        !            89:            ssid="MYUNPROTECTEDWLAN"
        !            90:            key_mgmt=NONE
        !            91:            priority=100
        !            92:    }
        !            93: 
        !            94: ##  WEP encryption
        !            95: 
        !            96: WEP is the weakest of current 802.11 encryption solutions.
        !            97: It is known to be completely broken: breaking WEP can be done in mere
        !            98:  seconds.
        !            99: However, sometimes there is a need to use WEP in legacy networks.
        !           100: Here is a configuration if you want to do it with wpa_supplicant:
        !           101: 
        !           102:    network={
        !           103:            ssid="MYWEAKLYENCRYPTEDWLAN"
        !           104:            key_mgmt=NONE
        !           105:            wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
        !           106:            wep_tx_keyidx=0
        !           107:    }
        !           108: 
        !           109: Note that you have to use wpa_supplicant to configure WEP: you can also
        !           110:  simply use
        !           111:  [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current):
        !           112: 
        !           113:    ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
        !           114: 
        !           115: ##  Password-Authenticated MSCHAPv2
        !           116: 
        !           117: This seems to be a common configuration for password-authenticated networks:
        !           118: 
        !           119:    network={
        !           120:            ssid="WLANSSID"
        !           121:            key_mgmt=IEEE8021X
        !           122:            eap=PEAP
        !           123:            phase2="auth=MSCHAPV2"
        !           124:            identity="login"
        !           125:            password="password"
        !           126:    }
1.2       schmonz   127: 
1.3     ! riastrad  128: #  See also
1.2       schmonz   129: 
                    130:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
                    131:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
                    132:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb