Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.4

1.2       schmonz     1: **Contents**
                      2: 
                      3: [[!toc]]
                      4: 
1.3       riastrad    5: #  What is WPA/WPA2?
1.2       schmonz     6: 
1.3       riastrad    7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
                      8:  and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
                      9:  authentication and encryption standards, the successors to the simpler
                     10:  [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
                     11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
                     12:  authentication.
                     13: On NetBSD, the [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
                     14:  daemon handles WPA/WPA2.
                     15: 
                     16: To configure WPA/WPA2, you must create the file
                     17:  [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
                     18: The simplest case is a network, say `my favourite network`, with a
                     19:  fixed passphrase, say `hunter2`.
                     20: For this case, fill your `/etc/wpa_supplicant.conf` file with:
                     21: 
1.4     ! riastrad   22:     ctrl_interface=/var/run/wpa_supplicant
        !            23:     ctrl_interface_group=wheel
        !            24:     network={
        !            25:             ssid="my favourite network"
        !            26:             psk="hunter2"
        !            27:     }
1.3       riastrad   28: 
                     29: Then enable wpa_supplicant on your network interface device, say
                     30:  `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
                     31:  to add
                     32: 
1.4     ! riastrad   33:     wpa_supplicant=YES
        !            34:     wpa_supplicant_flags="${wpa_supplicant_flags} -i iwn0"
1.3       riastrad   35: 
                     36: If your LAN is configured with DHCP, you will likely also want
                     37:  `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current).
                     38: Then start wpa_supplicant with the shell command:
                     39: 
1.4     ! riastrad   40:     # /etc/rc.d/wpa_supplicant start
1.3       riastrad   41: 
                     42: or reboot for the change to take effect.
                     43: 
                     44: You can query the current status of WPA/WPA2 with the shell command:
                     45: 
1.4     ! riastrad   46:     # wpa_cli status
1.3       riastrad   47: 
                     48: If you want to configure more 802.11 networks, add more `network`
                     49:  stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
                     50:  them:
                     51: 
1.4     ! riastrad   52:     # /etc/rc.d/wpa_supplicant reload
1.3       riastrad   53: 
                     54: #  Do not wait for lease; useful if no network is within reach, so boot will not hang
                     55: 
                     56: For a typical laptop, you will usually want to use DHCP to get an IP
                     57:  address on any network you're on, but you won't always be on the
                     58:  network.
                     59: In that case, when you're booting up, you don't want to have to wait
                     60:  until you can associate with the network and get a DHCP lease.
                     61: You can pass the `-b` flag to
                     62:  [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current)
                     63:  to make it immediately go into the background, by setting
                     64:  `dhcpcd_flags` in `/etc/rc.conf`:
                     65: 
1.4     ! riastrad   66:     dhcpcd_flags="${dhcpcd_flags} -b"
1.3       riastrad   67: 
                     68: #  Other Network Configurations
                     69: 
                     70: wpa_supplicant can also connect to other wireless network
                     71:  configurations.
                     72: These networks can be given different priorities using the `priority`
                     73:  field, with a higher number indicating a higher priority.
                     74: 
                     75: ##  Hidden Networks
                     76: 
                     77: If the network is hidden, so that the access point does not broadcast
                     78:  its presence, you must specify the `scan_ssid=1` option:
                     79: 
1.4     ! riastrad   80:     network={
        !            81:             ssid="my network"
        !            82:             scan_ssid=1
        !            83:             psk="sekret"
        !            84:     }
1.3       riastrad   85: 
                     86: ##  Open Networks
                     87: 
1.4     ! riastrad   88:     network={
        !            89:             ssid="MYUNPROTECTEDWLAN"
        !            90:             key_mgmt=NONE
        !            91:             priority=100
        !            92:     }
1.3       riastrad   93: 
                     94: ##  WEP encryption
                     95: 
                     96: WEP is the weakest of current 802.11 encryption solutions.
                     97: It is known to be completely broken: breaking WEP can be done in mere
                     98:  seconds.
                     99: However, sometimes there is a need to use WEP in legacy networks.
                    100: Here is a configuration if you want to do it with wpa_supplicant:
                    101: 
1.4     ! riastrad  102:     network={
        !           103:             ssid="MYWEAKLYENCRYPTEDWLAN"
        !           104:             key_mgmt=NONE
        !           105:             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
        !           106:             wep_tx_keyidx=0
        !           107:     }
1.3       riastrad  108: 
                    109: Note that you have to use wpa_supplicant to configure WEP: you can also
                    110:  simply use
                    111:  [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current):
                    112: 
1.4     ! riastrad  113:     ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
1.3       riastrad  114: 
                    115: ##  Password-Authenticated MSCHAPv2
                    116: 
                    117: This seems to be a common configuration for password-authenticated networks:
                    118: 
1.4     ! riastrad  119:     network={
        !           120:             ssid="WLANSSID"
        !           121:             key_mgmt=IEEE8021X
        !           122:             eap=PEAP
        !           123:             phase2="auth=MSCHAPV2"
        !           124:             identity="login"
        !           125:             password="password"
        !           126:     }
1.2       schmonz   127: 
1.3       riastrad  128: #  See also
1.2       schmonz   129: 
                    130:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
                    131:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
                    132:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb