File:  [NetBSD Developer Wiki] / wikisrc / tutorials / how_to_use_wpa_supplicant.mdwn
Revision 1.8: download - view: text, annotated - select for diffs
Sat Apr 15 05:51:41 2017 UTC (3 years, 2 months ago) by maya
Branches: MAIN
CVS tags: HEAD
specify rc.conf flags which work.

    1: **Contents**
    2: 
    3: [[!toc]]
    4: 
    5: #  What is WPA/WPA2?
    6: 
    7: [Wi-Fi Protected Access (WPA)](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access)
    8:  and Wi-Fi Protected Accesss II (WPA2) are 802.11 wireless
    9:  authentication and encryption standards, the successors to the simpler
   10:  [Wired Equivalent Privacy (WEP)](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy).
   11: Most "closed" or "locked" 802.11 wireless networks use WPA/WPA2
   12:  authentication.
   13: On NetBSD, the [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
   14:  daemon handles WPA/WPA2.
   15: 
   16: To configure WPA/WPA2, you must create the file
   17:  [`/etc/wpa_supplicant.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current).
   18: You can find examples for `/etc/wpa_supplicant.conf` in
   19:  `/usr/share/examples/wpa_supplicant/wpa_supplicant.conf`.
   20: The simplest case is a network, say `my favourite network`, with a
   21:  fixed passphrase, say `hunter2`.
   22: For this case, fill your `/etc/wpa_supplicant.conf` file with:
   23: 
   24:     ctrl_interface=/var/run/wpa_supplicant
   25:     ctrl_interface_group=wheel
   26:     network={
   27:             ssid="my favourite network"
   28:             psk="hunter2"
   29:     }
   30: 
   31: Then enable wpa_supplicant on your network interface device, say
   32:  `iwn0`, by editing [`/etc/rc.conf`](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
   33:  to add
   34: 
   35:     wpa_supplicant=YES
   36:     wpa_supplicant_flags="-i iwn0 -c /etc/wpa_supplicant.conf"
   37: 
   38: If your LAN is configured with DHCP, you will likely also want
   39:  `dhcpcd=YES` in `/etc/rc.conf` to run [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current).
   40: Then start wpa_supplicant with the shell command:
   41: 
   42:     # /etc/rc.d/wpa_supplicant start
   43: 
   44: or reboot for the change to take effect.
   45: 
   46: You can query the current status of WPA/WPA2 with the shell command:
   47: 
   48:     # wpa_cli status
   49: 
   50: If you want to configure more 802.11 networks, add more `network`
   51:  stanzas to `/etc/wpa_supplicant.conf`, and notify wpa_supplicant of
   52:  them:
   53: 
   54:     # /etc/rc.d/wpa_supplicant reload
   55: 
   56: #  Do not wait for lease; useful if no network is within reach, so boot will not hang
   57: 
   58: For a typical laptop, you will usually want to use DHCP to get an IP
   59:  address on any network you're on, but you won't always be on the
   60:  network.
   61: In that case, when you're booting up, you don't want to have to wait
   62:  until you can associate with the network and get a DHCP lease.
   63: You can pass the `-b` flag to
   64:  [dhcpcd](http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd+8+NetBSD-current)
   65:  to make it immediately go into the background, by setting
   66:  `dhcpcd_flags` in `/etc/rc.conf`:
   67: 
   68:     dhcpcd_flags="${dhcpcd_flags} -b"
   69: 
   70: #  Other Network Configurations
   71: 
   72: wpa_supplicant can also connect to other wireless network
   73:  configurations.
   74: These networks can be given different priorities using the `priority`
   75:  field, with a higher number indicating a higher priority.
   76: 
   77: ##  Hidden Networks
   78: 
   79: If the network is hidden, so that the access point does not broadcast
   80:  its presence, you must specify the `scan_ssid=1` option:
   81: 
   82:     network={
   83:             ssid="my network"
   84:             scan_ssid=1
   85:             psk="sekret"
   86:     }
   87: 
   88: ##  Open Networks
   89: 
   90:     network={
   91:             ssid="MYUNPROTECTEDWLAN"
   92:             key_mgmt=NONE
   93:             priority=100
   94:     }
   95: 
   96: ##  WEP encryption
   97: 
   98: WEP is the weakest of current 802.11 encryption solutions.
   99: It is known to be completely broken: breaking WEP can be done in mere
  100:  seconds.
  101: However, sometimes there is a need to use WEP in legacy networks.
  102: Here is a configuration if you want to do it with wpa_supplicant:
  103: 
  104:     network={
  105:             ssid="MYWEAKLYENCRYPTEDWLAN"
  106:             key_mgmt=NONE
  107:             wep_key0="12345"  # or 13 characters, or a hexkey starting with 0x
  108:             wep_tx_keyidx=0
  109:     }
  110: 
  111: Note that you don't have to use wpa_supplicant to configure WEP -- you
  112:  can also simply use
  113:  [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current):
  114: 
  115:     ifconfig ath0 ssid MYWEAKLYENCRYPTEDWLAN nwkey 12345
  116: 
  117: ##  Password-Authenticated MSCHAPv2
  118: 
  119: This seems to be a common configuration for password-authenticated networks:
  120: 
  121:     network={
  122:             ssid="WLANSSID"
  123:             key_mgmt=IEEE8021X
  124:             eap=PEAP
  125:             phase2="auth=MSCHAPV2"
  126:             identity="login"
  127:             password="password"
  128:     }
  129: 
  130: #  See also
  131: 
  132:   * [wpa_supplicant(8)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant+8+NetBSD-current)
  133:   * [wpa_supplicant.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf+5+NetBSD-current)
  134:   * [Official wpa_supplicant site](http://hostap.epitest.fi/wpa_supplicant/)

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb