File:  [NetBSD Developer Wiki] / wikisrc / tutorials / how_to_use_wpa_supplicant.mdwn
Revision 1.2: download - view: text, annotated - select for diffs
Sun Feb 5 07:14:36 2012 UTC (9 years, 3 months ago) by schmonz
Branches: MAIN
CVS tags: HEAD
dos2unix

    1: **Contents**
    2: 
    3: [[!toc]]
    4: 
    5: #  What is WPA ? 
    6: 
    7: Wi-Fi Protected Access (WPA) is a wireless encryption standard and the successor of Wired Equivalent Privacy (WEP). WPA has been supported since NetBSD 4.0. NetBSD uses [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current), a cross-platform framework for WPA. 
    8: 
    9: 
   10: For setting up WPA, create the file `/etc/wpa_supplicant.conf` and paste following code, replacing your own SSID and Key: 
   11:     
   12:     network={
   13:             ssid="MYWLAN"
   14:             scan_ssid=1
   15:             key_mgmt=WPA-PSK
   16:             psk="MySecretPassphrase"
   17:     }
   18:     
   19: 
   20: It's important to set your exact SSID and of course your exact key. Both are case sensitive. For additional parameters in the configuration file, please refer to the manual page [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current). 
   21: 
   22: 
   23: For setting WPA up with [dhclient(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhclient+8+NetBSD-current), make the configuration in [rc.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?rc.conf+5+NetBSD-current) as follows: 
   24:     
   25:     dhclient=YES
   26:     # Do not wait for lease; useful if no network is within reach, so boot will not hang
   27:     dhclient_flags="-nw"
   28:     wpa_supplicant=YES
   29:     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
   30:     
   31: 
   32: Also, note that _wpa_supplicant_ lives in `/usr/sbin`. Depending on your file system layout, you may need to add `/usr` to the `critical_filesystems_local` override in `/etc/rc.conf`. Example: 
   33:     
   34:     critical_filesystems_local="/var /usr"
   35:     
   36: 
   37: That's it. Now you can start _wpa_supplicant_ with `/etc/rc.d/wpa_supplicant start`, then restart your network with `/etc/rc.d/network restart`. 
   38: 
   39: #  Using _dhcpcd_ instead of _dhclient_
   40: 
   41: In NetBSD 5.0, you can also put a new line in `/etc/ifconfig.ath0` that mentions dhcp: 
   42:     
   43:     up
   44:     dhcp
   45:     
   46: 
   47: This will bring the interface up and start [dhcpcd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current), the new DHCP client daemon. If you do this, you can remove _dhclient_ from your configuration and change the `dhclient_flags` to `dhcpcd_flags`: 
   48:     
   49: 
   50: # Do not wait for lease; useful if no network is within reach, so boot will not hang
   51:     dhcpcd_flags="-q -b"
   52:     wpa_supplicant=YES
   53:     wpa_supplicant_flags="-B -i ath0 -c /etc/wpa_supplicant.conf"
   54:     
   55: 
   56: #  Adding a new network 
   57: 
   58: With the above setup, all you have to do is add the configuration to your `wpa_supplicant.conf` and then tell wpa_supplicant to reload its config: 
   59:     
   60:     wpa_cli reconfigure
   61:     
   62: 
   63: That's it. With 
   64:     
   65:     wpa_cli status
   66:     
   67: 
   68: you can track the status, and see if it authenticates. If you wait a moment, _dhcpcd_ will pick up the change and automatically obtain a new lease. 
   69: 
   70: If the `wpa_cli` command generates a "Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory" error, make sure you set the `ctrl_interface` parameter in the [wpa_supplicant.conf(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+8+NetBSD-current) as: 
   71:     
   72: 
   73:     ctrl_interface=/var/run/wpa_supplicant
   74:     ctrl_interface_group=wheel
   75:     
   76: 
   77: #  Other Network Configurations 
   78: 
   79: _wpa_supplicant_ can also connect to other network configurations. These configurations can be given different priorities using the `priority` field, with a higher number indicating a higher priority. 
   80: 
   81: ##  Unprotected Networks 
   82:     
   83:     network={
   84:         ssid="MYUNPROTECTEDWLAN"
   85:         scan_ssid=1
   86:         key_mgmt=NONE
   87:         priority=100
   88:     }
   89:     
   90: 
   91: ##  WEP encryption 
   92: 
   93: WEP is the weakest of current 802.11 encryption solutions. It is known to be completely broken; breaking WEP can be done in mere seconds. However, sometimes there is a need to use WEP in legacy networks. Here is a configuration if you want to do it with _wpa_supplicant_: 
   94:     
   95:     network={
   96:             ssid="MYWEAKLYENCRYPTEDWLAN"
   97:             key_mgmt=NONE
   98:             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
   99:             wep_tx_keyidx=0
  100:     }
  101:     
  102: 
  103: Oddly enough, the `wep_key0` and `wep_tx_keyidx` seem to be undocumented in [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)... 
  104: 
  105: 
  106: You don't have to use wpa_supplicant to do it, though. With [[basics/ifconfig]] you can do it just as easily: 
  107: 
  108: 
  109: ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
  110:     
  111: 
  112: ##  Password-Authenticated MSCHAPv2 
  113: 
  114: This seems to be a common configuration for password-authenticated networks: 
  115:     
  116:     network={
  117:         ssid="WLANSSID"
  118:         key_mgmt=IEEE8021X
  119:         eap=PEAP
  120:         phase2="auth=MSCHAPV2"
  121:         identity="login"
  122:         password="password"
  123:     }
  124:     
  125: 
  126:   
  127: 
  128: 
  129: ##  WPA2 
  130: 
  131: **Step 0:** for NetBSD 5.0.1 use wpa_passphrase() to create a basic configuration: 
  132:     
  133:     wpa_passphrase My_world My_secret | tee /etc/wpa_supplicant.conf | nl
  134:         1  network={
  135:         2          ssid="My_world"
  136:         3          #psk="My_secret"
  137:         4          psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
  138:         5  }
  139:     
  140: 
  141: **Step 1:** and add the following changes marked by (+) 
  142:     
  143:     +ap_scan=1
  144:     +ctrl_interface=/var/run/wpa_supplicant
  145:     +ctrl_interface_group=0
  146:     +
  147:     network={
  148:     +       scan_ssid=1
  149:     +       proto=RSN WPA
  150:     +       key_mgmt=WPA-PSK
  151:     +       pairwise=CCMP TKIP
  152:     +       group=CCMP TKIP
  153:            ssid="My_world"
  154:            #psk="My_secret"
  155:            psk=b7d1304e45ebbdb66ebd458b2d89e6871ac1dcb1efae521beaa76fb78708fe9b
  156:      }
  157:     +
  158:     
  159: 
  160: **Step 2:** and add the following to ifconfig.INTERFACE_NAME with your own address values 
  161:     
  162:     cat -n /etc/ifconfig.wpi0
  163:         1  inet 192.168.1.23 netmask 255.255.255.0
  164:         2  !route add default 192.168.1.254
  165:     
  166: 
  167: **Step 3:** and add the following to /etc/defaults/rc.conf 
  168:     
  169:     fgrep -i wpa /etc/defaults/rc.conf | nl
  170:         1  # WPA daemons.
  171:         2  wpa_supplicant=YES
  172:         3  wpa_supplicant_flags="-B -i wpi0 -c /etc/wpa_supplicant.conf"
  173:     
  174: 
  175: #  See also 
  176: 
  177:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
  178:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
  179:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb