https://wiki.archlinux.org/api.php?action=feedcontributions&user=Exploreroot&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:23:59ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=GoAgent_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)&diff=346693GoAgent (简体中文)2014-11-27T08:54:12Z<p>Exploreroot: /* 服务器端 */</p>
<hr />
<div>[[Category:简体中文]]<br />
[[Category:Networking (简体中文)]]<br />
GoAgent 是使用 [[Python]] 和 Google App Engine SDK 编写的免费代理软件,利用 Google App Engine 充当代理服务器。<br />
<br />
GoAgent 的运行原理于其他代理工具基本相同,其借由 Google App Engine 的服务器作为中传,将数据数据包后传送至 Google 服务器,再由 Google 服务器转发至目的服务器,接收数据时方法也类似。相对其他代理工具而言 GoAgent 要稳定许多。<br />
<br />
==安装==<br />
[[Official repositories (简体中文)|官方软件源]]已收录 {{Pkg|goagent}},直接用 [[pacman (简体中文)|pacman]] 安装即可.<br />
<br />
==配置==<br />
<br />
===服务器端===<br />
申请 Google Appengine 并创建 appid 。具体教程可参考[http://www.douban.com/note/262773856/ 此]。<br />
<br />
{{注意|appid请勿包含android/ios等关键词,否则有可能被某些网站识别为移动设备用户。}}<br />
<br />
上传(使用root用户,否则会出现权限不够的问题):<br />
{{bc|# python2 /usr/share/goagent/server/uploader.py}}<br />
{{注意|原来的uploader.zip在新版本已经不存在了,代替它的是uploader.py。如出现不能上传的情况可以去github上git下来用里面的那个uploader.py试试}}<br />
{{注意|无效的 hosts 可能会导致上传失败,可尝试清空 {{ic|/etc/resolv.conf}} 再上传。<br />
将来的版本更新可能会要求重新上传。请参看[https://code.google.com/p/goagent/#更新历史_2013 官方的更新历史],带有[是]标记的则需要重新上传。此外是否需要重新上传是相对于前一版的,若您之前版本与当前版本之间某一版或多版带有[是]仍然需要重新上传}}<br />
{{提示|首次上传后,可以再任意修改 Appid,无需再重新上传,不过最好重启以生效}}<br />
<br />
执行时会要求您再输入 appid ,请保持与 {{ic|proxy.ini}} 中已有的一致;接着还要输入 Google 邮箱及密码。<br />
<br />
{{注意|若您的 Google 账户有开通两步验证功能,则密码应为16位的应用程序专用密码。}}<br />
<br />
至此,代理服务器 127.0.0.1:8087 已搭建完毕。现在以 [[Chromium (简体中文)|Chrome/Chromium]] 为例,示范使用代理服务器的方法。<br />
<br />
{{注意|若浏览器类软件要通过 GoAgent 代理访问 Internet,可能均需要导入证书}}<br />
<br />
===客户端===<br />
{{提示|goagent 3.1.2-2 引入了用户配置文件(goagent.user.ini), 配置方法有所变动. 如果您是从旧版本升级, 可以在按照如下方法配置后放心删除以前的 /etc/goagent.pacsave. 此次变动之后, 您将不再需要在每次升级后合并该配置文件.}}<br />
打开 {{ic|/etc/goagent}} (默认情况下该文件为空), 增加类似下面的段落:<br />
<br />
[gae]<br />
appid = your_appid<br />
password = yourpassword<br />
<br />
修改 {{ic|your_appid}} 为您所申请的 appid。如果您申请了多个 appid 用于负载均衡, 用竖线 | 分隔多个id (不含空格).<br />
如果您使用的服务端没有配置密码, 可以省略掉 {{ic|code=password =}} 开头的一整行.<br />
<br />
goagent 3.1.5-1 新增 dnsproxy 功能, 基本配置依然是修改 {{ic|/etc/goagent}} 文件, 加入类似以下内容:<br />
<br />
[dns]<br />
enable = 1<br />
listen = 127.0.0.1:5353<br />
<br />
如果希望 DNS 服务跑在 53 端口, 需要使用 root 用户运行服务. 新增 {{ic|/etc/systemd/system/goagent.service.d/use_root.conf}} 文件, 加入以下内容即可:<br />
<br />
[Service]<br />
User=root<br />
<br />
====Chrome/Chromium====<br />
请安装 [https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm SwitchySharp 插件],接着导入[https://goagent.googlecode.com/files/SwitchyOptions.bak 该设置]。可参考[https://code.google.com/p/switchysharp/wiki/SwitchySharp_GFW_List_2 该扩展提供的图解流程]。<br />
<br />
打开设置-管理证书-授权中心-Authorities,导入 {{ic|/usr/share/goagent/local/CA.crt}},弹出窗口的三条选项均勾选。<br />
<br />
{{注意|如果第一次安装 GoAgent 尝试到此步骤时发现该文件不存在,请先启动一次 GoAgent 后再重新尝试。}}<br />
<br />
====亚全局====<br />
在 Unix 和 GNU/Linux 中,大多 HTTP 应用程序均支持调用环境变量 {{ic|http_proxy}} 和 {{ic|https_proxy}} 进行代理,就像 lynx、 [[wget]] 和 curl,甚至也包括了 [[Chromium (简体中文)]] 和 [[git (简体中文)]]。此外该环境变量的大小写其实并没有统一标准,有个别程序就只支持全大写的环境变量。所以为方便起见,直接在 {{ic|~/.bash_profile}} 或 {{ic|~/.zshenv}} 添加以下即可:<br />
<br />
export http_proxy=http://127.0.0.1:8087/<br />
export https_proxy=$http_proxy<br />
export HTTP_PROXY=$http_proxy<br />
export HTTPS_PROXY=$HTTP_PROXY<br />
<br />
{{注意|虽然 Chrome 浏览器也可以通过其环境变量进行全局代理从而不再需要 Proxy Extension,但不建议这么做,因为会导致访问国内网站的速度下降,甚至个别网站就拒绝境外代理访问,例如收录了大量版权视频的网站。}}<br />
<br />
再执行以下命令,以导入证书进 Arch Linux。至此,就可以实现 Arch Linux 亚全局代理:<br />
<br />
# mkdir /usr/share/ca-certificates/goagent<br />
# cp /usr/share/goagent/local/CA.crt /usr/share/ca-certificates/goagent/GoAgent.crt<br />
# echo 'goagent/GoAgent.crt' >> /etc/ca-certificates/conf.d/goagent.conf<br />
# update-ca-certificates<br />
<br />
==运行==<br />
===以 daemon 形式运行 (推荐)===<br />
# systemctl start goagent<br />
若想开机自启动,执行:<br />
# systemctl enable goagent<br />
<br />
{{提示|可通过{{ic|# journalctl -u goagent}}来查询日志}}<br />
<br />
====屏蔽日志输出====<br />
如果不想让 GoAgent 的输出信息进入日志,可以通过屏蔽 goagent.service 里的对应行解决,方法如下:<br />
<br />
1. 创建目录 {{ic|/etc/systemd/system/goagent.service.d}}<br />
<br />
2. 创建文件 {{ic|/etc/systemd/system/goagent.service.d/nostdout.conf}}, 写入如下内容:<br />
[Service]<br />
StandardOutput=null<br />
<br />
====日志输出至TTY====<br />
如果不想让 GoAgent 的输出信息进入日志,但是又想得到 GoAgent 的运行情况,可以通过修改 goagent.service 里的对应行解决,方法如下:<br />
<br />
1. 创建目录 {{ic|/etc/systemd/system/goagent.service.d}}<br />
<br />
2. 创建文件 {{ic|/etc/systemd/system/goagent.service.d/totty.conf}}, 写入如下内容:<br />
[Service]<br />
StandardOutput=tty<br />
StandardError=tty<br />
TTYPath=/dev/ttyX #X为数字,ttyX不能正在被使用,推荐为1-12之间的整数,用Ctrl+Alt+FX切换至<br />
#TTYVTDisallocate=yes #若需要在启动前清理所在TTY的虚拟终端,取消本行前的注释<br />
<br />
3.运行:<br />
# systemctl daemon-reload && systemctl restart goagent<br />
<br />
===手动运行(不推荐+不支持)===<br />
由于不明原因,总有个别用户无法成功以 daemon 形式运行GoAgent,可改试手动运行:<br />
$ sudo -u nobody python2 /usr/share/goagent/local/goagent<br />
<br />
若是在更新后发生问题,可尝试清空{{ic|/usr/share/goagent/local/certs}}目录,甚至卸载并手动删除{{ic|/etc/}}和{{ic|/usr/share/}}下的有关文件,然后重新安装和配置。<br />
<br />
==疑难解答==<br />
<br />
===Firefox 31.0 及以上版本提示安全连接失败:证书包含未知的关键扩展。===<br />
<br />
从 Firefox 31.0 开始默认使用新的 mozilla::pkix 为证书验证库。GoAgent 证书已被证实和此证书验证机制不兼容。新证书认证会导致提示“安全连接失败:证书包含未知的关键扩展。 (错误码: sec_error_unknown_critical_extension)”。解决的方法有两种,推荐使用解决方法 1 。<br />
<br />
====解决方法 1 (推荐)====<br />
<br />
=====重新生成新的 GoAgent 证书=====<br />
取得 Root 权限并执行以下命令:<br />
<br />
# rm /usr/share/goagent/local/CA.crt<br />
# rm -rf /usr/share/goagent/local/certs<br />
# systemctl restart goagent<br />
<br />
=====在 Firefox 中导入新证书=====<br />
在 Firefox 中点击右上角的菜单按钮(三道杠),在弹出的菜单中点击“首选项”(齿轮图标),打开首选项页面,点击"高级"-"证书"-"查看证书“,弹出一个新窗口,点击”证书机构“,在列表中找到"GoAgent CA"项并选中该项,点击"删除或不信任",即完成删除原来的证书。点击"导入",弹出文件选择窗口,进入目录 /usr/share/goagent/local/ ,选择文件 CA.crt 并点击打开,即完成导入新证书。点击确定关闭弹出窗口,重新启动 Firefox 即可。<br />
<br />
====解决方法 2====<br />
在 Firefox 的地址栏上输入 about:config ,在输入框中输入 security.use_mozillapkix_verification ,在下面的列表中找到该项并双击修改为 false 。<br />
<br />
==参阅==<br />
* [https://code.google.com/p/goagent/ GoAgent 在 Google Code 的主页]<br />
* [https://github.com/goagent/goagent GoAgent 在 GitHub 的主页]<br />
* 两位开发者的 Twitter 帐号:[https://twitter.com/hewigovens @hewigovens],[https://twitter.com/phuslu @phuslu]<br />
* [https://groups.google.com/forum/#!topic/archlinux-cn/_PPW2dZHltE 讨论亚全局代理的 Email List]</div>Exploreroothttps://wiki.archlinux.org/index.php?title=Wpa_supplicant_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)&diff=256721Wpa supplicant (简体中文)2013-05-12T04:52:46Z<p>Exploreroot: /* 安装 */</p>
<hr />
<div>[[Category:简体中文]]<br />
[[Category:Wireless Networking (简体中文)]]<br />
[[en:WPA supplicant]]<br />
[[es:WPA supplicant]]<br />
[[it:WPA supplicant]]<br />
[[ru:WPA Supplicant]]<br />
{{translateme (简体中文)}}<br />
<br />
阅读本章之前,我们假设您对您的硬件非常熟悉,并且能够找到相关配置文件的位置并且可以配置您的系统。在此之前,认真阅读并理解[[Wireless Setup]]也是非常重要的,这是本章节讲解的基础。<br />
<br />
本章之前的版本详述了[[Arch Build System]]的使用以及[[Wireless Setup]]中提及的网络配置文件。对系统的更好的了解是有益的,而且有助于扩展文档写作的视野。<br />
<br />
最后,如果您的网卡开箱即用并且通过networkmanager或者类似的守护进程连接上了网络,您可以略过本文。如果您更偏向于使用图形化的工具来连接网络,请关闭本页面。<br />
==WPA Supplicant是啥? ==<br />
<br />
您可能听说过WEP的缺点。黑客可以非常容易的破解一个经过静态WEP加密的网络。WPA解决了静态密钥所带来的问题,它可以在每个包传输/接收的时候改变,或者每隔一段时间改变。这个过程通过一个与您的无线网卡紧密相关的守护进程来实现。<br />
<br />
不合适的网卡驱动(尤其是使用ndiswrapper的亲们)在使用wpa_supplicant连接网络时会很麻烦,所以,安装合适的并且高质量的网卡驱动是很有必要的。<br />
<br />
要想获得WPA Supplicant的更多的信息,可以访问其主页:http://hostap.epitest.fi/wpa_supplicant/<br />
<br />
==安装==<br />
<br />
如果您在安装时选择了安装“base”软件包组,wpa_supplicant默认已经安装了。通过pacman,这个包可以通过如下方式安装:<br />
pacman -S wpa_supplicant<br />
<br />
这个软件包可以支持非常多的无线网卡。在您的终端中键入'wpa_supplicant',您应该可以看到如下的列表,键入时注意将前面的#号去掉:<br />
<br />
# wpa_supplicant<br />
...<br />
<br />
Driver list:<br />
<br />
*HostAP<br />
*Prism54<br />
*Madwifi<br />
*NDISWrapper<br />
*AMTEL<br />
*IPW (both 2100 and 2200 drivers)<br />
*WEXT (Generic Linux wireless extensions)<br />
*Wired ethernet<br />
<br />
wpa_supplicant默认支持大部分的无线网卡。即便您的芯片制造商不在列表中,您仍然可以通过使用Generic Wireless Extensions来连接到一个经过WPA加密的网络。基于个人的经验,WEXT支持75%的网卡,重新编译安装wpa_supplicant/hw将有助于解决另外的20%的网卡,很不幸的是,剩下的5%是完全不兼容的。这5%的情况将在后面讨论。如果您非常迫切的话,可以考虑一下ABS。WPA Supplicant在/var/abs/core/support/wpa_supplicant。<br />
<br />
==Configuring and connecting==<br />
WPA Supplicant is packaged with a sample configuration file: {{ic|/etc/wpa_supplicant/wpa_supplicant.conf}}. It is well commented and provides many details about network mechanics. All the variables used in this article are described in this file. It also features a lot of configuration samples. It is highly recommended to read it, as well as the manpages {{ic|man wpa_supplicant}} and {{ic|man wpa_supplicant.conf}}.<br />
<br />
A WPA_Supplicant configuration file contains all configuration settings for {{Ic|wpa_supplicant}}. You can create as many as you want and put them anywhere you want, since you must specify which config file to use on each {{ic|wpa_supplicant}} call. Its content is quite simple:<br />
* The first part is the global config. It is a serie of ''key-value'' lines.<br />
* The second part is composed of ''network blocks'', one for each "profile" you want to set.<br />
<br />
For the purpose of simplifying, we will leave the sample config file where it is and work on a brand new file {{ic|/etc/wpa_supplicant.conf}}.<br />
<br />
There are several ways to manage wpa_supplicant configuration. You can choose among one of the following methods.<br />
<br />
===Manual===<br />
<br />
====Configuration file====<br />
<br />
First you must retrieve all parameters needed to connect to your access point.<br />
# iw wlan0 scan<br />
More details [[Wireless Setup#Access point discovery|here]].<br />
<br />
So now you should know the following parameters for wpa_supplicant:<br />
* ssid<br />
* proto (optional on unencrypted networks)<br />
* key_mgmt<br />
* pairwise<br />
* group<br />
Additionally, you may need authentication parameters (EAP, PEAP, etc.) if you are on such a network, as it is often the case in universities for example.<br />
<br />
'''First touch'''<br />
<br />
Now you can create a network block in the config file:<br />
{{hc|wpa_supplicant.conf|<nowiki><br />
network={<br />
ssid="mywireless_ssid"<br />
psk="secretpassphrase"<br />
# Additional parameters (proto, key_mgmt, etc.)<br />
}</nowiki><br />
}}<br />
<br />
This is the basic configuration required to get WPA working. The first line is the opening statement for the network block, the second is the SSID of the base station you are wanting to connect to, the third line is the passphrase.<br />
<br />
{{Warning|Do not forget the double quotes around the SSID and the PSK.}}<br />
<br />
'''Passphrase and PSK'''<br />
<br />
The astute reader may have noticed that a PSK should be an hexadecimal string. Indeed, the passphrase and the PSK are not exactly the same thing. The passphrase is a human-readable key which is used with the SSID to generate the machine-friendly key known as "PSK". On the network-level, the passphrase is never directly used, it is only a convenient way to handle the key for humans.<br />
<br />
You may provide the hex version directly by utilizing the {{Ic|wpa_passphrase}} utility, which is supplied as part of the {{Pkg|wpa_supplicant}} package. Use the syntax {{Ic|wpa_passphrase "[ssid]" "[passphrase]"}}<br />
<br />
*An example exercise:<br />
# wpa_passphrase "mywireless_ssid" "secretpassphrase"<br />
<br />
This should generate the following network block:<br />
network={<br />
ssid="mywireless_ssid"<br />
#psk="secretpassphrase"<br />
psk=7b271c9a7c8a6ac07d12403a1f0792d7d92b5957ff8dfd56481ced43ec6a6515<br />
}<br />
<br />
The third line is the passphrase (human-readable key), and the fourth line is the PSK (hexadecimal key) which is required to connect. The {{ic|#}} is a comment (the passphrase will not get used since we provided the PSK).<br />
<br />
{{Note|The hexadecimal PSK must not be between quotes.}}<br />
<br />
*Utilizing {{Ic|wpa_passphrase}}, specify your actual SSID and passphrase, and redirect the output to {{ic|/etc/wpa_supplicant.conf}}:<br />
# wpa_passphrase mywireless_ssid "secretpassphrase" >> /etc/wpa_supplicant.conf<br />
The {{Ic|>>}} will redirect and append the output to {{ic|/etc/wpa_supplicant.conf}}, without overwriting.<br />
You can add as many network blocks as you want. wpa_supplicant will know which one to use based upon the detected SSIDs in the area.<br />
<br />
'''Network block options'''<br />
<br />
All of the security parameters need to be specified here. Note that if you are unsure about which value your access point requires, you can use several of them, wpa_supplicant will automatically use the one that works. For example, you can add<br />
proto=WEP WPA<br />
so that if your access point uses WEP or WPA, it will work in both case. But if it uses RSN (aka WPA2) it will not find it by itself, you have to append it to the other values.<br />
<br />
If the SSID is hidden, add the following option to the block:<br />
scan_ssid=1<br />
If you need to connect to several networks, just define another network block in the same file.<br />
You can specify a priority for each network block:<br />
priority=17<br />
Change the priority at will, recalling that priorities with big numbers are tried first.<br />
<br />
There are a large number of options which are available to set under the network which you can investigate by looking at the original configuration file. In most cases you can use the defaults, and not specify anything further in that section at the moment.<br />
<br />
'''Global options'''<br />
<br />
Lastly, you will need to specify some global options.<br />
Specify these additional lines at the top of {{ic|/etc/wpa_supplicant.conf}}, with your editor of choice. The following is mandatory.<br />
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel<br />
<br />
{{Note|1=For use with {{Pkg|netcfg}}>=2.6.1-1, this should be {{ic|/run/wpa_supplicant}} (note: ''not'' {{ic|/var/run/wpa_supplicant}}). This will, however, break the default for {{Ic|wpa_cli}} (use the {{Ic|-p}} option to override). If this is not changed, one gets errors like "Failed to connect to wpa_supplicant - wpa_ctrl_open: no such file or directory".}}<br />
<br />
There is a lot of optional parameters (have a look at {{ic|/etc/wpa_supplicant/wpa_supplicant.conf}}). For example:<br />
ap_scan=0<br />
fast_reauth=1<br />
<br />
{{Note|Your network information will be stored in plain text format; therefore, it may be desirable to change permissions on the newly created {{ic|/etc/wpa_supplicant.conf}} file (e.g. {{Ic|chmod 0600 /etc/wpa_supplicant.conf}} to make it readable by root only), depending upon how security conscious you are.}}<br />
<br />
'''Complete example'''<br />
{{hc|wpa_supplicant.conf|<nowiki><br />
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel<br />
fast_reauth = 1<br />
ap_scan = 1<br />
<br />
network ={<br />
ssid = "mySSID"<br />
proto = RSN<br />
key_mgmt = WPA-EAP<br />
pairwise = TKIP CCMP<br />
auth_alg = OPEN<br />
group = TKIP<br />
eap = PEAP<br />
identity = "myUsername"<br />
password = "********"<br />
}</nowiki><br />
}}<br />
<br />
More sophisticated configurations, like EAPOL or RADIUS authentication are very well detailed in the {{ic|wpa_supplicant.conf}} man page ({{ic|man wpa_supplicant.conf}}). Do not forget to have a look at {{ic|/etc/wpa_supplicant/wpa_supplicant.conf}}. These configurations fall out of the scope of this document.<br />
<br />
==== Connection ====<br />
<br />
Now you can try connecting manually.<br />
<br />
First, bring the Wi-Fi interface up. For the purposes of this example, we will use the interface ''wlan0''.<br />
# ip link set wlan0 up<br />
<br />
Typically, you will be able to use the '''W'''ireless '''EXT'''ensions driver for wpa_supplicant; if you cannot, then you might need to check how to do it with your specific wireless device on the Internet.<br />
<br />
Issue the following as root:<br />
# wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf <br />
<br />
The previous syntax tells wpa_supplicant to use its default hardware configuration (WEXT - Linux '''W'''ireless '''EXT'''ensions) and to associate with the SSID which is specified in {{ic|/etc/wpa_supplicant.conf}}. Also, this association should be performed through the ''wlan0'' wireless interface, and the process should move to the background, ({{Ic|-B}}). For verbose output, add {{Ic|-d}} or {{Ic|-dd}} (for debug) to dump more information to the console. You can find additional examples [http://www.examplenow.com/wpa_supplicant here].<br />
<br />
In the console output, there should be a line that reads ''''Associated:'''' followed by a MAC address. All that is required now is an IP address.<br />
<br />
{{Note|If you don't want or need to touch {{ic|/etc/wpa_supplicant.conf}} (e.g., when installing Arch), you can pipe {{ic|wpa_passphrase}} to {{ic|wpa_supplicant}}:<br />
{{bc|wpa_passphrase essid pass <nowiki>|</nowiki> wpa_supplicant -B -i wlan0 -c /dev/stdin}} }}<br />
<br />
As root, issue:<br />
# dhcpcd wlan0<br />
<br />
{{Note|*Do not* request an IP address immediately! You must wait to ensure that you are properly associated with the access point. If you use a script, you can use {{Ic|sleep 10s}} to wait for 10 seconds.}}<br />
<br />
Verify the interface has received an IP address using the {{Ic|iproute}} package:<br />
# ip addr show wlan0<br />
<br />
wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000<br />
link/ether 00:1C:BF:66:4E:E0 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.0.62/24 brd 192.168.0.255 scope global eth0<br />
inet6 fe80::224:2bff:fed3:759e/64 scope link <br />
valid_lft forever preferred_lft forever<br />
<br />
If the output is close to the above, you are now connected.<br />
<br />
===wpa_gui and wpa_cli===<br />
<br />
There are two frontends to wpa_supplicant actually written by the wpa_supplicant developers themselves, "wpa_cli", and "wpa_gui". wpa_cli is, as you might expect, a command line front end, while "wpa_gui" is a Qt-based frontend to wpa_supplicant. wpa_cli is included with the {{Ic|wpa_supplicant}} package, whereas {{Ic|wpa_supplicant_gui}} is its own package.<br />
<br />
<br />
wpa_gui or wpa_cli require a very minimal {{ic|/etc/wpa_supplicant.conf}}. A simple example:<br />
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network<br />
update_config=1<br />
<br />
This configuration will allow users in the {{Ic|network}} group to control {{Ic|wpa_supplicant}} via the wpa_gui/wpa_cli frontends. The {{Ic|update_config<nowiki>=</nowiki>1}} variable allows these programs {wpa_cli, wpa_gui} to automatically modify the {{ic|/etc/wpa_supplicant.conf}} file, to save new networks, or to make modifications to existing networks. <br />
<br />
Start wpa_supplicant:<br />
# wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B<br />
<br />
where the {{Ic|-D}} option specifies your wireless driver (which is almost always {{Ic|wext}}), {{Ic|-i}} specifies the interface (replace {{Ic|wlan0}} with your wireless interface's name) and {{Ic|-c}} specifies the configuration file to use (normally {{ic|/etc/wpa_supplicant.conf}}). {{Ic|-B}} instructs wpa_supplicant to run as a daemon. You will have to run wpa_supplicant as root (or with root permissions using [[sudo]]), but any user in the {{Ic|network}} group can run wpa_gui or wpa_cli.<br />
<br />
wpa_gui or wpa_cli should now be operable. <br />
<br />
{{Ic|wpa_cli}}, when invoked without options, will give you a prompt environment, try typing {{Ic|help}} for help.<br />
<br />
wpa_gui is quite straightforward. If you hit "scan", you will be presented with a list of detected SSIDs, you can double click to add one, you will be given a dialogue box that will let you enter information that you need to associate with your network. Most likely, you will only have to enter your pre-shared key (PSK) if you use WPA/WPA2 or your {{Ic|key0}} for a WEP connection. The protocol for WPA/WPA2/WEP/Unencrypted should be automatically detected. Things like 802.1X will require a bit more configuration.<br />
<br />
{{Warning|WEP is ''seriously'' broken and should ''never'' be used outside of a laboratory/testing environment. Use ''at least'' WPA (WPA2 is recommended) for a more secure wireless network.}}<br />
<br />
After you add a network, you can modify it if you do something like changing the PSK. Switch to the 'Manage Networks' tab and select the network you want to Edit / Remove. You can also add a network without scanning, which you will need to do if you do not broadcast your SSID.<br />
<br />
{{Note|Configuring your wireless network to not broadcast its SSID does '''not''' increase the security of your wireless network. It is a trivial exercise to identify hidden SSIDs.}}<br />
<br />
{{Note|wpa_cli and wpa_gui will not get you an IP address or set up a proper routing table. They will ''only'' associate you with a wireless access point. }}<br />
<br />
==== Action script ====<br />
<br />
Write a script like this:<br />
{{hc|~/libexec/wpa_cli-action.sh|<br />
case $2 in<br />
CONNECTED)<br />
dhcpcd -x $1 >/dev/null<br />
dhcpcd $1 >/dev/null<br />
;;<br />
esac<br />
}}<br />
<br />
Make it executable and launch {{Ic|wpa_supplicant}} with the preferred configuration file:<br />
# wpa_supplicant -B -c /etc/wpa_supplicant.conf -i wlan0<br />
{{Note|The configuration file must have the {{Ic|ctrl_interface}} setting so that {{Ic|wpa_cli}} can work.}}<br />
<br />
Now launch {{Ic|wpa_cli}} in daemon mode, pointing it to the previously saved script:<br />
# wpa_cli -B -a ~/libexec/wpa_cli-action.sh<br />
<br />
=== Automatically start at boot ===<br />
<br />
Note that the whole process we have been through is ''not'' permanent. It means that on next reboot you will have to provide all the commands again. Here are some method to make the change permanent.<br />
<br />
==== Using boot script ====<br />
{{Out of date|Should change to systemd service.}}<br />
To automatically start {{Ic|wpa_supplicant}} & {{Ic|wpa_cli}} at boot, add the following lines to {{ic|/etc/rc.local}}:<br />
wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf<br />
wpa_cli -B -a /path/to/your/wpa_cli-action.sh<br />
<br />
==== Using wpa auto ====<br />
The {{AUR|wpa_auto}} scripts from the [[AUR]] can be used to start {{Ic|wpa_supplicant}} at boot and automatically run a DHCP client to configure your network connection after you associate to a wireless network, or you could write your own scripts to do so. Higher level wireless/network management utilities are also available that are capable of managing both wireless and wired connections.<br />
<br />
==== netcfg====<br />
<br />
[[Pacman|Install]] {{Pkg|netcfg}} from the official repositories.<br />
<br />
Create a network profile configuration by copying the example file:<br />
# cp /etc/network.d/examples/wireless-wpa-config /etc/network.d/wpa_suppl<br />
<br />
Edit the new file to make sure it specifies the right interface, e.g.<br />
<br />
INTERFACE="wlan0"<br />
<br />
The rest of the file should be left as-is. <br />
<br />
Next, edit {{ic|/etc/conf.d/netcfg}}. Add the network profile to the NETWORKS array:<br />
<br />
NETWORKS=(... wpa_suppl)<br />
<br />
Finally, add the net-profiles to {{Pkg|systemd}}:<br />
# systemctl enable netcfg@wpa_suppl<br />
<br />
On the next reboot, the wireless interface will be brought up and wpa_supplicant started. If a known network is available, a connection will be established. For more information on netcfg see [[Network Profiles]].<br />
<br />
==== Wicd ====<br />
Install {{Pkg|wicd}} from the official repositories.<br />
<br />
Wicd is very straightforward; scan for networks, fill in the required data and connect. You might need to add {{ic|/usr/lib/wicd/autoconnect.py}} to init and power management scripts for reconnecting to networks if auto-connection behavior is expected.<br />
<br />
==Troubleshooting==<br />
<br />
{{Accuracy}}<br />
<br />
Most of the issues are related to the association process; therefore, you should have a deep look at wpa_supplicant's output when you suspect it is misbehaving. Add {{Ic|-d}} (for debug) to increase the verbosity. Usually {{Ic|-dd}} is enough. {{Ic|-dddd}} might be overkill.<br />
<br />
When you are inspecting the log, have a look at entries like this one:<br />
ioctl[''WHATEVER'']: Operation not supported<br />
<br />
If this is the case, you are experiencing a driver issue. Upgrade your WLAN drivers, or change the {{Ic|-D}} parameter for wpa_supplicant.<br />
<br />
Another common problem is ''No suitable AP found'' messages. wpa_supplicant seems to have trouble finding hidden ESSIDs. Usually, setting {{Ic|scan_ssid<nowiki>=</nowiki>1}} in your {{Ic|network}} block will take care of this.<br />
<br />
===Fallback: Recompiling wpa_supplicant===<br />
Grab a copy of wpa_supplicant's source code from the homepage or from the [[ABS]]. Once downloaded and extracted, have a look at the file '{{ic|.config}}' (yes, it is hidden). The file looks like a kernel configuration file, only much smaller. Have a look at the sections named {{Ic|CONFIG_DRIVER_''DRIVERNAME''}} and choose yes or no, depending upon your driver. Be careful with the options chosen, because you will need to specify an additional path to your wireless drivers' source code in order to correctly compile the low-level association component. Some weird Atheros-based cards may need a fresh wpa_supplicant build compiled against the latest {{Ic|madwifi-svn}} release available. If this is the case, here is an example to help you through the compilation process:<br />
<br />
'''madwifi example''': edit the following lines in the configuration file to look like this. This assumes that you have built madwifi with the ABS and that the source code from the build is stored in {{ic|/var/abs/local/madwifi/src/}}.<br />
#Driver interface for madwifi driver<br />
CONFIG_DRIVER_MADWIFI=y<br />
#Change include directories to match with the local settings<br />
CFLAGS += -I/var/abs/local/madwifi/src/madwifi<br />
<br />
Once configured, you can proceed with makepkg as usual.<br />
<br />
=== Unable to use wpa_gui for configuring new networks ===<br />
By default the {{Ic|ap_scan}} variable is set to {{Ic|0}}, which means that wpa_supplicant lets the wireless LAN driver perform AP scanning. If your driver does not support scanning, wpa_supplicant will quit when prompted to scan for wireless networks. <br />
In this case, add:<br />
ap_scan=1<br />
to your {{ic|/etc/wpa_supplicant.conf}}<br />
<br />
=== No IP Address from the DHCP Server ===<br />
If you can not get an IP address from the DHCP server when runing {{ic|dhcpcd wlan0}}, use the following command to stop wpa_supplicant and try again:<br />
# wpa_cli terminate<br />
# iwconfig wlan0 essid "myEssid" key on #maybe "key on" is optional<br />
# sleep 15; dhcpcd wlan0<br />
<br />
=== Netcfg association error on boot ===<br />
The following is a personal experience. My Broadcom BCM4322 WLAN card is quite slow in associating with the access point on boot up.<br />
In {{ic|/etc/network.d/<your_profile>}}, try adding the following line:<br />
TIMEOUT=30<br />
Reboot to see if that helps.<br />
{{Note|{{Ic|TIMEOUT<nowiki>=</nowiki>30}} may be a bit high, but you can always adjust the value to an ideal timeout for your own configuration.}}<br />
<br />
=== Wireless connection frequently drops ===<br />
If you connection frequently drops and dmesg show this message:<br />
wlan0: deauthenticating from XX:XX:XX:XX:XX:XX by local choice (reason=3)<br />
A workaround is trying disable "group key update interval" option from your router.<br />
<br />
==Common Issues==<br />
99.9% of the issues are related to the association. So, have a deep look at wpa_supplicant's output when you suspect its misbehaving. Add '-d' (for debug) to increase the verbosity. Usually '-dd' is enough. '-dddd' might be overkill.<br />
<br />
When you're inspecting the log, have a look at entries like this one:<br />
<br />
ioctl['''WHATEVER''']: Operation not supported<br />
<br />
If this is the case, you're experiencing a driver issue. Upgrade drivers, or change the -D parameter.<br />
<br />
Another common problem is ''No suitable AP found'' messages. Wpa_supplicant seems to have trouble finding hidden ESSIDs. Usually setting scan_ssid=1 in your network block will take care of this.</div>Exploreroot