Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.8
1.2 schmonz 1: **Contents**
2:
3: [[!toc]]
4:
1.3 riastrad 5: # What is WPA/WPA2?
1.2 schmonz 6:
1.3 riastrad 7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
8: and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
9: authentication and encryption standards, the successors to the simpler
10: [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
12: authentication.
13: On NetBSD, the [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
14: daemon handles WPA/WPA2.
15:
16: To configure WPA/WPA2, you must create the file
17: [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
1.5 riastrad 18: You can find examples for `/etc/wpa_supplicant.conf` in
19: `/usr/share/examples/wpa_supplicant/wpa_supplicant.conf`.
1.3 riastrad 20: The simplest case is a network, say `my favourite network`, with a
21: fixed passphrase, say `hunter2`.
22: For this case, fill your `/etc/wpa_supplicant.conf` file with:
23:
1.4 riastrad 24: ctrl_interface=/var/run/wpa_supplicant
25: ctrl_interface_group=wheel
26: network={
27: ssid="my favourite network"
28: psk="hunter2"
29: }
1.3 riastrad 30:
31: Then enable wpa_supplicant on your network interface device, say
32: `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
33: to add
34:
1.4 riastrad 35: wpa_supplicant=YES
1.8 ! maya 36: wpa_supplicant_flags="-i iwn0 -c /etc/wpa_supplicant.conf"
1.3 riastrad 37:
38: If your LAN is configured with DHCP, you will likely also want
39: `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current).
40: Then start wpa_supplicant with the shell command:
41:
1.4 riastrad 42: # /etc/rc.d/wpa_supplicant start
1.3 riastrad 43:
44: or reboot for the change to take effect.
45:
46: You can query the current status of WPA/WPA2 with the shell command:
47:
1.4 riastrad 48: # wpa_cli status
1.3 riastrad 49:
50: If you want to configure more 802.11 networks, add more `network`
51: stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
52: them:
53:
1.4 riastrad 54: # /etc/rc.d/wpa_supplicant reload
1.3 riastrad 55:
56: # Do not wait for lease; useful if no network is within reach, so boot will not hang
57:
58: For a typical laptop, you will usually want to use DHCP to get an IP
59: address on any network you're on, but you won't always be on the
60: network.
61: In that case, when you're booting up, you don't want to have to wait
62: until you can associate with the network and get a DHCP lease.
63: You can pass the `-b` flag to
64: [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current)
65: to make it immediately go into the background, by setting
66: `dhcpcd_flags` in `/etc/rc.conf`:
67:
1.4 riastrad 68: dhcpcd_flags="${dhcpcd_flags} -b"
1.3 riastrad 69:
70: # Other Network Configurations
71:
72: wpa_supplicant can also connect to other wireless network
73: configurations.
74: These networks can be given different priorities using the `priority`
75: field, with a higher number indicating a higher priority.
76:
77: ## Hidden Networks
78:
79: If the network is hidden, so that the access point does not broadcast
80: its presence, you must specify the `scan_ssid=1` option:
81:
1.4 riastrad 82: network={
83: ssid="my network"
84: scan_ssid=1
85: psk="sekret"
86: }
1.3 riastrad 87:
88: ## Open Networks
89:
1.4 riastrad 90: network={
91: ssid="MYUNPROTECTEDWLAN"
92: key_mgmt=NONE
93: priority=100
94: }
1.3 riastrad 95:
96: ## WEP encryption
97:
98: WEP is the weakest of current 802.11 encryption solutions.
99: It is known to be completely broken: breaking WEP can be done in mere
100: seconds.
101: However, sometimes there is a need to use WEP in legacy networks.
102: Here is a configuration if you want to do it with wpa_supplicant:
103:
1.4 riastrad 104: network={
105: ssid="MYWEAKLYENCRYPTEDWLAN"
106: key_mgmt=NONE
107: wep_key0="12345" # or 13 characters, or a hexkey starting with 0x
108: wep_tx_keyidx=0
109: }
1.3 riastrad 110:
1.7 riastrad 111: Note that you don't have to use wpa_supplicant to configure WEP -- you
112: can also simply use
1.3 riastrad 113: [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current):
114:
1.4 riastrad 115: ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
1.3 riastrad 116:
117: ## Password-Authenticated MSCHAPv2
118:
119: This seems to be a common configuration for password-authenticated networks:
120:
1.4 riastrad 121: network={
122: ssid="WLANSSID"
123: key_mgmt=IEEE8021X
124: eap=PEAP
125: phase2="auth=MSCHAPV2"
126: identity="login"
127: password="password"
128: }
1.2 schmonz 129:
1.3 riastrad 130: # See also
1.2 schmonz 131:
132: * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
133: * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
134: * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to how_to_use_wpa_supplicant.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials