WPA supplicant (简体中文)

From ArchWiki
Revision as of 02:29, 17 June 2012 by Jstjohn (Talk | contribs) (updated link; formatting updates)

Jump to: navigation, search

Tango-preferences-desktop-locale.png本页面需要更新翻译,内容可能已经与英文脱节。要贡献翻译,请访问简体中文翻译组Tango-preferences-desktop-locale.png

附注: please use the first argument of the template to provide more detailed indications.

阅读本章之前,我们假设您对您的硬件非常熟悉,并且能够找到相关配置文件的位置并且可以配置您的系统。在此之前,认真阅读并理解Wireless Setup也是非常重要的,这是本章节讲解的基础。

本章之前的版本详述了Arch Build System的使用以及Wireless Setup中提及的网络配置文件。对系统的更好的了解是有益的,而且有助于扩展文档写作的视野。

最后,如果您的网卡开箱即用并且通过networkmanager或者类似的守护进程连接上了网络,您可以略过本文。如果您更偏向于使用图形化的工具来连接网络,请关闭本页面。

WPA Supplicant是啥?

您可能听说过WEP的缺点。黑客可以非常容易的破解一个经过静态WEP加密的网络。WPA解决了静态密钥所带来的问题,它可以在每个包传输/接收的时候改变,或者每隔一段时间改变。这个过程通过一个与您的无线网卡紧密相关的守护进程来实现。

不合适的网卡驱动(尤其是使用ndiswrapper的亲们)在使用wpa_supplicant连接网络时会很麻烦,所以,安装合适的并且高质量的网卡驱动是很有必要的。

要想获得WPA Supplicant的更多的信息,可以访问其主页:http://hostap.epitest.fi/wpa_supplicant/

安装

如果您在安装时选择了安装“base”软件包组,wpa_supplicant默认已经安装了。通过pacman,这个包可以通过如下方式安装:

pacman -S wpa_supplicant

这个软件包可以支持非常多的无限网卡。在您的终端中键入'wpa_supplicant',您应该可以看到如下的列表,键入时注意将前面的#号去掉:

# wpa_supplicant
...

Driver list:

*HostAP
*Prism54
*Madwifi
*NDISWrapper
*AMTEL
*IPW (both 2100 and 2200 drivers)
*WEXT (Generic Linux wireless extensions)
*Wired ethernet

wpa_supplicant默认支持大部分的无线网卡。即便您的芯片制造商不在列表中,您仍然可以通过使用Generic Wireless Extensions来连接到一个经过WPA加密的网络。基于个人的经验,WEXT支持75%的网卡,重新编译安装wpa_supplicant/hw将有助于解决另外的20%的网卡,很不幸的是,剩下的5%是完全不兼容的。这5%的情况将在后面讨论。如果您非常迫切的话,可以考虑一下ABS。WPA Supplicant在/var/abs/core/support/wpa_supplicant。

Procedure

/etc/wpa_supplicant.conf contains all configuration settings for wpa_supplicant. Its contents are quite simple, although the sample file that is provided is horribly obtuse. For the purpose of simplifying, login as root, and rename the default wpa_supplicant.conf file. It is not needed at this point.

# mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.original

The specified ssid and passphrase for your wpa encrypted wireless network must be encoded into a hexadecimal string. Achieving this is quite simple, by utilizing the wpa_passphrase utility, which is supplied as part of the wpa_supplicant package. Use the syntax wpa_passphrase [ssid] [passphrase]

  • An example exercise:
# wpa_passphrase mywireless secretpassphrase

this should generate something like the below:

network={
       ssid="mywireless"
       #psk="secretpassphrase"
       psk=b90e230f1f2f5361a9b2d3acf276745ee3c751c0724a3b0052d6df15ec420e69
}

This is the basic configuration required to get WPA working. The first line is the opening statement for the network, the second is the SSID of the base station you are wanting to connect to, the third line the passphrase, and the fourth the hex key which is required to connect.

  • Utilizing wpa_passphrase, specify your actual SSID and passphrase, and redirect the output to /etc/wpa_supplicant.conf:
# wpa_passphrase myssid mypassphrase > /etc/wpa_supplicant.conf

changing the details where applicable to your own specific information. This will then create a basic /etc/wpa_supplicant.conf from the output of the wpa_passphrase command.

Note: Your network information will be stored in plain text format, so you may want to change the permissions on the newly created /etc/wpa_supplicant.conf file, depending upon how security conscious you are.

Adding an additional WPA encrypted network can be achieved like so:

# wpa_passphrase additional_ssid additional_passphrase >> /etc/wpa_supplicant.conf

The '>>' will redirect and append the output to /etc/wpa_supplicant.conf, without overwriting.

There are a large number of options which are available to set under the network which you can investigate by looking at the original configuration file. In most cases you can use the defaults, and not specify anything further in that section at the moment.

Lastly, specify these additional lines at the top of /etc/wpa_supplicant.conf, with your editor of choice:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

If you need to connect to several networks, just define another network block in the same file. Change the priority at will, recalling that priorities with big numbers are tried first.

Now you can try connecting manually.

First, bring the wifi interface up. For the purposes of this example we will use interface wlan0.

#  ifconfig wlan0 up

Next, direct the interface to associate with the access point ssid:

# iwconfig wlan0 essid [ssid]

Once ssid association is successful, (after about 10 seconds on average), you need to run wpa_supplicant to complete the encrypted association. Typically, you will be able to use the Wireless EXTensions driver for wpa_supplicant, if you cannot, then you might need to check how to do it with your wireless device on the internet.

Issue the following as root:

# wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf 

The previous syntax tells wpa_supplicant to use its default hardware configuration (WEXT - Linux Wireless EXTensions) and to associate with the ssid which is specified in /etc/wpa_supplicant.conf. Also, this association should be performed through the wlan0 wireless interface and the process should move to the background, (-B). For verbose output, add -d or -dd (for debug) to dump more information to the console.

In the console output, there should be a line that reads 'Associated:' followed by a MAC address. All that is required now is an IP address. s As root, issue:

# dhcpcd wlan0
  • Note: *Do not* request the IP inmediately! You must wait to ensure proper asociation. If you use a script, you can use "sleep 10s" to wait for 10 seconds.

Verify the interface has received an IP address using ifconfig:

# ifconfig wlan0

wlan0     Link encap:Ethernet  HWaddr 00:1C:BF:66:4E:E0 
         inet addr:192.168.0.62  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::21c:bfff:fe66:4ee0/64 Scope:Link
         UP BROADCAST MULTICAST  MTU:1500  Metric:1
         RX packets:140387 errors:0 dropped:0 overruns:0 frame:0
         TX packets:96902 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:125513183 (119.6 Mb)  TX bytes:12299192 (11.7 Mb)

If the output is close to the above, you are now connected. If so you can investigate using the netcfg2 scripts to setup this on a more permanent arrangement and get it working when you start the machine. Depending to the approach you've chosen to configure your wireless adapter, you can decide to use a graphical --but not invasive-- tool like Wicd or pick the network profiles provided by netcfg.

More sophisticated configurations, like EAPOL or RADIUS authentication are very well detailed in the wpa_supplicant.conf manpage. These configurations fall out of the scope of this document.

But man, that didn't work for me - (Rebuilding wpa_supplicant from scratch)

Grab a copy of wpa_supplicant source from the homepage or from the ABS. Once downloaded and untarred, have a look at the file '.config' (yeah, it's hidden). The file looks like a kernel config, only much smaller. Have a look at the sections named CONFIG_DRIVER_DRIVERNAME and choose yes or no, depending upon your driver. Be careful with the options chosen, because you will need to specify an additional path to your wireless drivers' source in order to correctly compile the low-level association component. Some weird atheros cards may need a fresh wpa_supplicant build compiled against the latest madwifi-svn relase available. If this is the case, here is an example to enlighten you through the compilation process:

madwifi example: edit the following lines in the config file to look like this. This assumes that you have built madwifi with abs and that the source from the build is stored in /var/abs/local/madwifi/src/.

#Driver interface for madwifi driver
CONFIG_DRIVER_MADWIFI=y
#Change include directories to match with the local settings
CFLAGS += -I/var/abs/local/madwifi/src/madwifi

Once configured, you can proceed with makepkg as usual.

Management

Wicd

Installation:

# pacman -S wicd

Very straightforward. Scan for networks, fill in the required data and connect. You might need to add

/usr/lib/wicd/autoconnect.py

to your init and power-managing scripts to reconnect to those networks if autoconnection behavior is expected.

netcfg

This is a very minimalist option which works most times. I say 'most times' due to the fact that I have seen some connection issues in some setups which I have been unable to debug. Most of these issues are DHCP related (timeouts) which can be fixed reissuing the dhcpcd command. YMMV.

The profile configuration is pretty straightforward. Edit the profile according to your needs paying special attention to:

SECURITY="wpa"
KEY="yourpassphrase"

This configuration should work on most systems. If your hardware is showing any sign of resistance, you might consider changing the value associated with the wpa_supplicant driver.

Example profile using ralink card connecting to the wekonet network on channel 11

#
# Network Profile
#

DESCRIPTION="Example WPA Network Profile"

# Network Settings
INTERFACE=ra0
HOSTNAME=wekonet

# Interface Settings (use IFOPTS="dhcp" for DHCP)
IFOPTS="dhcp"
#GATEWAY=192.168.0.1

# DNS Settings (optional)
#DOMAIN=localdomain
#DNS1=192.168.0.1
#DNS2=

# Wireless Settings (optional)
ESSID=wekonet
#KEY=
IWOPTS="mode managed essid $ESSID channel 11"

#WIFI_INTERFACE=wlan0   # use this if you have a special wireless interface
                        # that is linked to the real $INTERFACE

#WIFI_WAIT=5            # seconds to wait for the wireless card to
                        # associate before bringing the interface up

USEWPA="yes"            # start wpa_supplicant with the profile
WPAOPTS="-D ralink"     # use "" for normal operation or specify additional
                        # options (eg, "-D ipw")
                        # see /etc/wpa_supplicant.conf for configuration

Common Issues

99.9% of the issues are related to the association. So, have a deep look at wpa_supplicant's output when you suspect its misbehaving. Add '-d' (for debug) to increase the verbosity. Usually '-dd' is enough. '-dddd' might be overkill.

When you're inspecting the log, have a look at entries like this one:

ioctl[WHATEVER]: Operation not supported

If this is the case, you're experiencing a driver issue. Upgrade drivers, or change the -D parameter.

Another common problem is No suitable AP found messages. Wpa_supplicant seems to have trouble finding hidden ESSIDs. Usually setting scan_ssid=1 in your network block will take care of this.