File:  [NetBSD Developer Wiki] / wikisrc / tutorials / how_to_use_wpa_supplicant.mdwn
Revision 1.3: download - view: text, annotated - select for diffs
Thu Apr 14 20:10:26 2016 UTC (4 years, 9 months ago) by riastradh
Branches: MAIN
CVS tags: HEAD
Rewrite WPA/WPA2 tutorial.

Remove outdated dreck and needless editorial commentary.

    1: **Contents**
    2: 
    3: [[!toc]]
    4: 
    5: #  What is WPA/WPA2?
    6: 
    7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
    8:  and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
    9:  authentication and encryption standards, the successors to the simpler
   10:  [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
   11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
   12:  authentication.
   13: On NetBSD, the [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
   14:  daemon handles WPA/WPA2.
   15: 
   16: To configure WPA/WPA2, you must create the file
   17:  [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
   18: The simplest case is a network, say `my favourite network`, with a
   19:  fixed passphrase, say `hunter2`.
   20: For this case, fill your `/etc/wpa_supplicant.conf` file with:
   21: 
   22:    ctrl_interface=/var/run/wpa_supplicant
   23:    ctrl_interface_group=wheel
   24:    network={
   25:            ssid="my favourite network"
   26:            psk="hunter2"
   27:    }
   28: 
   29: Then enable wpa_supplicant on your network interface device, say
   30:  `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
   31:  to add
   32: 
   33:    wpa_supplicant=YES
   34:    wpa_supplicant_flags="${wpa_supplicant_flags} -i iwn0"
   35: 
   36: If your LAN is configured with DHCP, you will likely also want
   37:  `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current).
   38: Then start wpa_supplicant with the shell command:
   39: 
   40:    # /etc/rc.d/wpa_supplicant start
   41: 
   42: or reboot for the change to take effect.
   43: 
   44: You can query the current status of WPA/WPA2 with the shell command:
   45: 
   46:    # wpa_cli status
   47: 
   48: If you want to configure more 802.11 networks, add more `network`
   49:  stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
   50:  them:
   51: 
   52:    # /etc/rc.d/wpa_supplicant reload
   53: 
   54: #  Do not wait for lease; useful if no network is within reach, so boot will not hang
   55: 
   56: For a typical laptop, you will usually want to use DHCP to get an IP
   57:  address on any network you're on, but you won't always be on the
   58:  network.
   59: In that case, when you're booting up, you don't want to have to wait
   60:  until you can associate with the network and get a DHCP lease.
   61: You can pass the `-b` flag to
   62:  [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current)
   63:  to make it immediately go into the background, by setting
   64:  `dhcpcd_flags` in `/etc/rc.conf`:
   65: 
   66:    dhcpcd_flags="${dhcpcd_flags} -b"
   67: 
   68: #  Other Network Configurations
   69: 
   70: wpa_supplicant can also connect to other wireless network
   71:  configurations.
   72: These networks can be given different priorities using the `priority`
   73:  field, with a higher number indicating a higher priority.
   74: 
   75: ##  Hidden Networks
   76: 
   77: If the network is hidden, so that the access point does not broadcast
   78:  its presence, you must specify the `scan_ssid=1` option:
   79: 
   80:    network={
   81:            ssid="my network"
   82:            scan_ssid=1
   83:            psk="sekret"
   84:    }
   85: 
   86: ##  Open Networks
   87: 
   88:    network={
   89:            ssid="MYUNPROTECTEDWLAN"
   90:            key_mgmt=NONE
   91:            priority=100
   92:    }
   93: 
   94: ##  WEP encryption
   95: 
   96: WEP is the weakest of current 802.11 encryption solutions.
   97: It is known to be completely broken: breaking WEP can be done in mere
   98:  seconds.
   99: However, sometimes there is a need to use WEP in legacy networks.
  100: Here is a configuration if you want to do it with wpa_supplicant:
  101: 
  102:    network={
  103:            ssid="MYWEAKLYENCRYPTEDWLAN"
  104:            key_mgmt=NONE
  105:            wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
  106:            wep_tx_keyidx=0
  107:    }
  108: 
  109: Note that you have to use wpa_supplicant to configure WEP: you can also
  110:  simply use
  111:  [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current):
  112: 
  113:    ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
  114: 
  115: ##  Password-Authenticated MSCHAPv2
  116: 
  117: This seems to be a common configuration for password-authenticated networks:
  118: 
  119:    network={
  120:            ssid="WLANSSID"
  121:            key_mgmt=IEEE8021X
  122:            eap=PEAP
  123:            phase2="auth=MSCHAPV2"
  124:            identity="login"
  125:            password="password"
  126:    }
  127: 
  128: #  See also
  129: 
  130:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
  131:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
  132:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb