Annotation of wikisrc/tutorials/how_to_use_wpa_supplicant.mdwn, revision 1.9

1.2       schmonz     1: **Contents**
                      2: 
                      3: [[!toc]]
                      4: 
1.3       riastrad    5: #  What is WPA/WPA2?
1.2       schmonz     6: 
1.3       riastrad    7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
                      8:  and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
                      9:  authentication and encryption standards, the successors to the simpler
                     10:  [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
                     11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
                     12:  authentication.
1.9     ! kim        13: On NetBSD, the [wpa_supplicant(8)](//man.NetBSD.org/wpa_supplicant.8)
1.3       riastrad   14:  daemon handles WPA/WPA2.
                     15: 
                     16: To configure WPA/WPA2, you must create the file
1.9     ! kim        17:  [`/etc/wpa_supplicant.conf`](//man.NetBSD.org/wpa_supplicant.conf.5).
1.5       riastrad   18: You can find examples for `/etc/wpa_supplicant.conf` in
                     19:  `/usr/share/examples/wpa_supplicant/wpa_supplicant.conf`.
1.3       riastrad   20: The simplest case is a network, say `my favourite network`, with a
                     21:  fixed passphrase, say `hunter2`.
                     22: For this case, fill your `/etc/wpa_supplicant.conf` file with:
                     23: 
1.4       riastrad   24:     ctrl_interface=/var/run/wpa_supplicant
                     25:     ctrl_interface_group=wheel
                     26:     network={
                     27:             ssid="my favourite network"
                     28:             psk="hunter2"
                     29:     }
1.3       riastrad   30: 
                     31: Then enable wpa_supplicant on your network interface device, say
1.9     ! kim        32:  `iwn0`, by editing [`/etc/rc.conf`](//man.NetBSD.org/wpa_supplicant.conf.5)
1.3       riastrad   33:  to add
                     34: 
1.4       riastrad   35:     wpa_supplicant=YES
1.8       maya       36:     wpa_supplicant_flags="-i iwn0 -c /etc/wpa_supplicant.conf"
1.3       riastrad   37: 
                     38: If your LAN is configured with DHCP, you will likely also want
1.9     ! kim        39:  `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](//man.NetBSD.org/dhcpcd.8).
1.3       riastrad   40: Then start wpa_supplicant with the shell command:
                     41: 
1.4       riastrad   42:     # /etc/rc.d/wpa_supplicant start
1.3       riastrad   43: 
                     44: or reboot for the change to take effect.
                     45: 
                     46: You can query the current status of WPA/WPA2 with the shell command:
                     47: 
1.4       riastrad   48:     # wpa_cli status
1.3       riastrad   49: 
                     50: If you want to configure more 802.11 networks, add more `network`
                     51:  stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
                     52:  them:
                     53: 
1.4       riastrad   54:     # /etc/rc.d/wpa_supplicant reload
1.3       riastrad   55: 
                     56: #  Do not wait for lease; useful if no network is within reach, so boot will not hang
                     57: 
                     58: For a typical laptop, you will usually want to use DHCP to get an IP
                     59:  address on any network you're on, but you won't always be on the
                     60:  network.
                     61: In that case, when you're booting up, you don't want to have to wait
                     62:  until you can associate with the network and get a DHCP lease.
                     63: You can pass the `-b` flag to
1.9     ! kim        64:  [dhcpcd](//man.NetBSD.org/dhcpcd.8)
1.3       riastrad   65:  to make it immediately go into the background, by setting
                     66:  `dhcpcd_flags` in `/etc/rc.conf`:
                     67: 
1.4       riastrad   68:     dhcpcd_flags="${dhcpcd_flags} -b"
1.3       riastrad   69: 
                     70: #  Other Network Configurations
                     71: 
                     72: wpa_supplicant can also connect to other wireless network
                     73:  configurations.
                     74: These networks can be given different priorities using the `priority`
                     75:  field, with a higher number indicating a higher priority.
                     76: 
                     77: ##  Hidden Networks
                     78: 
                     79: If the network is hidden, so that the access point does not broadcast
                     80:  its presence, you must specify the `scan_ssid=1` option:
                     81: 
1.4       riastrad   82:     network={
                     83:             ssid="my network"
                     84:             scan_ssid=1
                     85:             psk="sekret"
                     86:     }
1.3       riastrad   87: 
                     88: ##  Open Networks
                     89: 
1.4       riastrad   90:     network={
                     91:             ssid="MYUNPROTECTEDWLAN"
                     92:             key_mgmt=NONE
                     93:             priority=100
                     94:     }
1.3       riastrad   95: 
                     96: ##  WEP encryption
                     97: 
                     98: WEP is the weakest of current 802.11 encryption solutions.
                     99: It is known to be completely broken: breaking WEP can be done in mere
                    100:  seconds.
                    101: However, sometimes there is a need to use WEP in legacy networks.
                    102: Here is a configuration if you want to do it with wpa_supplicant:
                    103: 
1.4       riastrad  104:     network={
                    105:             ssid="MYWEAKLYENCRYPTEDWLAN"
                    106:             key_mgmt=NONE
                    107:             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
                    108:             wep_tx_keyidx=0
                    109:     }
1.3       riastrad  110: 
1.7       riastrad  111: Note that you don't have to use wpa_supplicant to configure WEP -- you
                    112:  can also simply use
1.9     ! kim       113:  [ifconfig(8)](//man.NetBSD.org/ifconfig.8):
1.3       riastrad  114: 
1.4       riastrad  115:     ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
1.3       riastrad  116: 
                    117: ##  Password-Authenticated MSCHAPv2
                    118: 
                    119: This seems to be a common configuration for password-authenticated networks:
                    120: 
1.4       riastrad  121:     network={
                    122:             ssid="WLANSSID"
                    123:             key_mgmt=IEEE8021X
                    124:             eap=PEAP
                    125:             phase2="auth=MSCHAPV2"
                    126:             identity="login"
                    127:             password="password"
                    128:     }
1.2       schmonz   129: 
1.3       riastrad  130: #  See also
1.2       schmonz   131: 
1.9     ! kim       132:   * [wpa_supplicant(8)](//man.NetBSD.org/wpa_supplicant.8)
        !           133:   * [wpa_supplicant.conf(5)](//man.NetBSD.org/wpa_supplicant.conf.5)
1.2       schmonz   134:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb