Difference between revisions of "WPA Supplicant (Español)"

From ArchWiki
Jump to: navigation, search
(Created page with '{{translateme}} {{i18n_links_start}} {{i18n_entry|English|WPA Supplicant}} {{i18n_entry|简体中文|WPA 客户端}} {{i18n_entry|Русский|WPA Supplicant (Русский)}…')
 
(Redireccionar)
 
(23 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{translateme}}
+
#REDIRECT [[WPA supplicant (Español)]]
 
 
{{i18n_links_start}}
 
{{i18n_entry|English|WPA Supplicant}}
 
{{i18n_entry|简体中文|WPA 客户端}}
 
{{i18n_entry|Русский|WPA Supplicant (Русский)}}
 
{{i18n_entry|Español|WPA Supplicant (Español)}}
 
{{i18n_links_end}}
 
[[Category:Communication and network (English)]]
 
[[Category:Networking (English)]]
 
[[Category:HOWTOs (English)]]
 
 
 
Una red protegida por una llave WEP estatica puede ser facilmente comprometida por un hacker motivado. WPA corrige el problema de la llave estática, by changing it at a packet transmitted/recieved frequency, o después que haya pasado determinado tiempo. Este proceso es realizado por un demonio que esta altamente ligado al hardware wireless.
 
 
 
Drivers inferiores (particularmente aquellos usados mediante ndiswrapper) pueden causar mucha frustración cuando son usados con [http://hostap.epitest.fi/wpa_supplicant/ WPA supplicant], por lo que dentro de lo posible hay que usar hardware con un soporte adecuado y drivers de alta calidad.
 
 
 
==Consideraciones==
 
Este articulo asume que estas familiarizado con tu hardware, y eras capaz de encontrar el camino a travez de archivos de configuración y configurando el sistema. Es también crítico que hayas "leído y entendido" el artículo de [[Wireless Setup]], ya que es la base de todo lo que se explicará aqui.
 
 
 
La versión anterior de este artículo se expandió en el uso de [[Arch Build System]] y los Perfiles de Red mencionados en [[Wireless Setup]]. Asumo que un mejor entendimiento del sistema siempre ayuda, pero tiende a desviar los objetivos, y finalmente afecta el ámbito del documento.
 
 
 
Finalmente, este documento no es un prerequisito si tu hardware funciona out of the box y es manejado por un demonio como networkmanager o similar. Si prefieres conectarte a la red utilizando una herramienta gráfica no deberias estar leyendo esto.
 
 
 
==Instalación==
 
Instala el demonio:
 
# pacman -S wpa_supplicant
 
 
 
Este paquete a sido construido para soportar un amplio rango de hardware wireless. Para tu información, aqui presento una lista, que puede ser obtenida ejecutando '{{Codeline|wpa_supplicant}}':
 
# wpa_supplicant
 
...
 
 
Driver list:
 
 
*HostAP
 
*Prism54
 
*Madwifi
 
*NDISWrapper
 
*AMTEL
 
*IPW (both 2100 and 2200 drivers)
 
*WEXT (Generic Linux wireless extensions)
 
*Wired ethernet
 
 
 
La mayoría del hardware wireless es soportado por wpa_supplicant por defecto. Aún si el fabricante del chipset no esta listado (que es el caso mas probable), puedes hacer uso de las Extensiones Wireless Genericas para conectarte a una red segura con WPA. Basado en mi experiencia particular, un 75% del hardware es soportado por WEXT, un 20% es compatible recompilando wpa_supplicant/drivers de hardware; desafortunadamente, el 5% restante es definitivamente incompatible. Hablaré de las incompatibilidades mas adelante, sin embargo si estas completamente desesperado, ABS siempre es una opción. WPA Supplicant está disponible en: /var/abs/core/support/wpa_supplicant.
 
 
 
==Configurando y conectandose==
 
/etc/wpa_supplicant.conf contiene toda las opciones de configuración para wpa_supplicant. Sus contenidos son bastante simples. aunque el archivo de ejemplo provisto es horriblemente obtuso. Para propositos de simplificación, logueate como root, y renombra el wpa_supplicant.conf por defecto. No es necesario en este punto.
 
# mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.original
 
 
 
===Método dinamico: 'wpa_gui', 'wpa_cli'===
 
Es posible configurar wpa_supplicant justo lo suficiente para que puedas configurar las conexiones de red con wpa_gui o wpa_cli (mira en "Gestión"), en vez de definir tus bloques de red en wpa_supplicant.conf. Necesitaras un archivo de configuración con las lineas:
 
ctrl_interface=/var/run/wpa_supplicant
 
ctrl_interface_group=network
 
update_config=1
 
 
 
Esta configuración permitira a los usuarios en el grupo "network" controlar wpa_supplicant mediante las interfases wpa_gui o wpa_cli, la variable "update_config=1" permite a estos programas (wpa_cli, wpa_gui) modificar wpa_supplicant.conf para guardar nuevas redes o modificaciónes de redes existentes. Ahora debes iniciar wpa_supplicant:
 
# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf -B
 
 
 
donde la opción -D especifica el driver wireless (que casi siempre es wext), -i la interfase (reemplaza wlan0 con el nombre de tu interfase wireless) y -c el archivo de configuración. -B le dice a wpa_supplicant que se ejecute como demonio. Deberas ejecutar wpa_supplicant como root (o con sudo), pero cualquier usuario en el grupo network puede ejecutar wpa_cli o wpa_gui.
 
 
 
Entonces ya deberias poder ejecutar wpa_cli o wpa_gui y agregar algunes redes para conectarte. Si prefieres ejecutar el archivo de configuración manualmente sigue leyendo. De hecho, parte de la siguiente información es algo importante aún si no defines tus redes en wpa_supplicant.conf, asi que deberias leerla de todas formas.
 
 
 
===Classic method: wpa_supplicant.conf===
 
The specified ssid and passphrase for your wpa encrypted wireless network must be encoded into a hexadecimal string.  Achieving this is quite simple, by utilizing the wpa_passphrase utility, which is supplied as part of the wpa_supplicant package. Use the syntax <code>wpa_passphrase [ssid] "[passphrase]"</code>
 
 
 
*An example exercise:
 
# wpa_passphrase mywireless "secretpassphrase"
 
 
 
this should generate something like the below:
 
network={
 
        ssid="mywireless"
 
        #psk="secretpassphrase"
 
        psk=7b271c9a7c8a6ac07d12403a1f0792d7d92b5957ff8dfd56481ced43ec6a6515
 
}
 
 
 
This is the basic configuration required to get wpa working. The first line is the opening statement for the network, the second is the ssid of the base station you are wanting to connect to, the third line the passphrase, and the fourth the hex key which is required to connect.
 
 
 
*Utilizing wpa_passphrase, specify your actual ssid and passphrase, and redirect the output to /etc/wpa_supplicant.conf:
 
# wpa_passphrase mywireless "secretpassphrase" > /etc/wpa_supplicant.conf
 
 
 
changing the details where applicable to your own specific information.  This will then create a basic /etc/wpa_supplicant.conf from the output of the wpa_passphrase command. 
 
 
 
For example if you use the WPA2-personal protocol you will have to add a few lines in the network section:
 
network={
 
        ssid="mywireless"
 
        proto=RSN
 
        key_mgmt=WPA-PSK
 
        pairwise=CCMP TKIP
 
        group=CCMP TKIP
 
        psk=7b271c9a7c8a6ac07d12403a1f0792d7d92b5957ff8dfd56481ced43ec6a6515
 
}
 
 
 
{{Note | Your network information will be stored in plain text format, so you should change the permissions on the newly created /etc/wpa_supplicant.conf file (e.g. <tt>chmod 0600 /etc/wpa_supplicant.conf</tt> to make it readable by root only), depending upon how security conscious you are. }}
 
 
 
Adding an additional WPA encrypted network can be achieved like so:
 
# wpa_passphrase additional_ssid "additional_passphrase" >> /etc/wpa_supplicant.conf
 
The '>>' will redirect and append the output to /etc/wpa_supplicant.conf, without overwriting.
 
 
 
There are a large number of options which are available to set under the network which you can investigate by looking at the original configuration file. In most cases you can use the defaults, and not specify anything further in that section at the moment.
 
 
 
Lastly, specify these additional lines at the top of /etc/wpa_supplicant.conf, with your editor of choice:
 
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
 
 
 
If you need to connect to several networks, just define another network block in the same file. Change the priority at will, recalling that priorities with big numbers are tried first.
 
 
 
Now you can try connecting manually.
 
 
 
First, bring the wifi interface up. For the purposes of this example we will use interface <code>wlan0.</code>
 
#  ifconfig wlan0 up
 
 
 
Next, direct the interface to associate with the access point ssid:
 
# iwconfig wlan0 essid [ssid]
 
 
 
Once ssid association is successful, (after about 10 seconds on average), you need to run wpa_supplicant to complete the encrypted association. Typically, you will be able to use the '''W'''ireless '''EXT'''ensions driver for wpa_supplicant, if you cannot, then you might need to check how to do it with your wireless device on the internet.
 
 
 
Issue the following as root:
 
# wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf
 
 
 
The previous syntax tells wpa_supplicant to use its default hardware configuration (WEXT - Linux '''W'''ireless '''EXT'''ensions) and to associate with the ssid which is specified in /etc/wpa_supplicant.conf. Also, this association should be performed through the wlan0 wireless interface and the process should move to the background, (-B). For verbose output, add '''-d''' or '''-dd''' (for debug) to dump more information to the console. You can find additional examples here [http://www.examplenow.com/wpa_supplicant wpa_supplicant].
 
 
 
In the console output, there should be a line that reads ''''Associated:'''' followed by a MAC address. All that is required now is an IP address.
 
s
 
As root, issue:
 
# dhcpcd wlan0
 
 
 
*Note: *Do not* request the IP inmediately! You must wait to ensure proper asociation.  If you use a script, you can use "sleep 10s" to wait for 10 seconds.
 
 
 
Verify the interface has received an IP address using ifconfig:
 
# ifconfig wlan0
 
 
wlan0    Link encap:Ethernet  HWaddr 00:1C:BF:66:4E:E0
 
          inet addr:192.168.0.62  Bcast:192.168.0.255  Mask:255.255.255.0
 
          inet6 addr: fe80::21c:bfff:fe66:4ee0/64 Scope:Link
 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
 
          RX packets:140387 errors:0 dropped:0 overruns:0 frame:0
 
          TX packets:96902 errors:0 dropped:0 overruns:0 carrier:0
 
          collisions:0 txqueuelen:1000
 
          RX bytes:125513183 (119.6 Mb)  TX bytes:12299192 (11.7 Mb)
 
 
If the output is close to the above, you are now connected.  If so you can investigate using the netcfg2 scripts to setup this on a more permanent arrangement and get it working when you start the machine.
 
Depending to the approach you've chosen to configure your wireless adapter, you can decide to use a graphical --but not invasive-- tool like [[Wicd]] or pick the network profiles provided by netcfg.
 
 
 
More sophisticated configurations, like EAPOL or RADIUS authentication are very well detailed in the wpa_supplicant.conf manpage. These configurations fall out of the scope of this document.
 
 
 
===Fallback: Recompiling wpa_supplicant===
 
Grab a copy of wpa_supplicant source from the homepage or from the ABS. Once downloaded and untarred, have a look at the file '.config' (yeah, it's hidden). The file looks like a kernel config, only much smaller. Have a look at the sections named CONFIG_DRIVER_''DRIVERNAME'' and choose yes or no, depending upon your driver. Be careful with the options chosen, because you will need to specify an additional path to your wireless drivers' source in order to correctly compile the low-level association component. Some weird atheros cards may need a fresh wpa_supplicant build compiled against the latest madwifi-svn relase available. If this is the case, here is an example to enlighten you through the compilation process:
 
 
 
'''madwifi example''': edit the following lines in the config file to look like this.  This assumes that you have built madwifi with abs and that the source from the build is stored in /var/abs/local/madwifi/src/.
 
#Driver interface for madwifi driver
 
CONFIG_DRIVER_MADWIFI=y
 
#Change include directories to match with the local settings
 
CFLAGS += -I/var/abs/local/madwifi/src/madwifi
 
 
 
Once configured, you can proceed with makepkg as usual.
 
 
 
==Management==
 
 
 
===netcfg===
 
The easiest way to have wpa_supplicant start at boot is to use netcfg.  It is not necessary to specify which network SSID you want to connect to (typically you can't do that anyways since the desired network will vary depending on location), wpa_supplicant will automatically connect to an available network from those specified in {{filename|/etc/wpa_supplicant.conf}}.
 
 
 
So, install netcfg if it is not already installed and then create a network profile configuration by copying the example file:
 
 
 
# cp /etc/network.d/examples/wireless-wpa-config /etc/network.d/wpa_suppl
 
 
 
Edit the new file to make sure it specifies the right interface, e.g.
 
 
 
INTERFACE="wlan0"
 
 
 
The rest of the file should be left as it is.  Next, edit {{filename|/etc/rc.conf}}.  Add the network profile to the NETWORKS array:
 
 
 
NETWORKS=(wpa_suppl)
 
 
 
And, add the net-profiles daemon to the list of daemons started at boot:
 
 
 
DAEMONS=(... @net-profiles)
 
 
 
That's it.  On the next reboot, the wireless interface will be brought up and wpa_supplicant started.  If a known network is available, a connection will be established.  For more information on netcfg see [[Network Profiles]].
 
 
 
===Wireless management only===
 
 
 
As mentioned above, there are two frontends to wpa_supplicant actually written by the wpa_supplicant developers themselves, "wpa_cli", and "wpa_gui".  wpa_cli is, as you might expect, a command line front end, while "wpa_gui" is a qt-based frontend to wpa_supplicant.  wpa_cli is include with the wpa_supplicant package, wpa_supplicant_gui is it's own package.  The details on how to setup wpa supplicant to work w/ either wpa_cli or wpa_supplicant are in section [[#Dynamic method:'wpa_gui', 'wpa_cli']].
 
 
 
wpa_cli, when invoked without options, will give you a prompt environment, try typing "help" for help.
 
 
 
wpa_gui is pretty straightforward, If you hit "scan" you will be presented with a list of detected SSIDs, you can double click to add one, you will be given a dialogue box that will let you enter information that you need to associate with your network, most likely, you will only have to enter your PSK if you use wpa/wpa2 or your "key0" for a WEP connection.  The protocal for WPA/WPA2/WEP/Unencrypted should be autodetected.  Things like 802.1x will require a bit more configuration.
 
 
 
After you add a network you can modify it if you do something like changing the PSK, switch to the 'Manage Networks' tab and select the network you want to Edit / Remove.  You can also add a network without scanning, which you will need to do if you don't broadcast your SSID.
 
 
 
'''Note:''' wpa_cli and wpa_gui will not get you an ip address or set up a proper routeing table, they will '''only''' associate you with a wireless access point.  The wpa_auto scripts from the aur can be used to start wpa_supplicant at boot and automatically run dhcp to configure your network connection after you associate to a wireless network, or you might right your own scripts.  Higher level, wireless/network management utilites are also available, that are capable of managing both wireless connections and wired connections:
 
 
 
===Wicd===
 
Install [[Wicd]]:
 
# pacman -S wicd
 
 
 
Wicd is very straightforward; scan for networks, fill in the required data and connect. You might need to add {{filename|/usr/lib/wicd/autoconnect.py}} to init and power management scripts for reconnecting to networks if auto-connection behavior is expected.
 
 
 
==Troubleshooting==
 
Most of the issues are related to the association. So, have a deep look at wpa_supplicant's output when you suspect it's misbehaving. Add '-d' (for debug) to increase the verbosity. Usually '-dd' is enough. '-dddd' might be overkill.
 
 
 
When you're inspecting the log, have a look at entries like this one:
 
ioctl['''WHATEVER''']: Operation not supported
 
 
 
If this is the case, you're experiencing a driver issue. Upgrade drivers, or change the -D parameter.
 
 
 
Another common problem is ''No suitable AP found'' messages.  Wpa_supplicant seems to have trouble finding hidden essids.  Usually setting scan_ssid=1 in your network block will take care of this.
 
 
 
 
 
=== No IP from DHCP Server ===
 
The following is a personal experience. I don't know why it works this way but maybe orthers have the same issue:
 
After
 
 
 
ifconfig wlan0
 
iwconfig wlan0 essid "myEssid"
 
wpa_supplicant -B -D wext  -i wlan0 -c /etc/wpa_supplicant.conf
 
sleep 15; dhcpcd wlan0 #or dhclient wlan0
 
 
 
I don't get an IP adress.
 
I use this Workaround (after the stuff just mentioned has been done):
 
killall wpa_supplicant -SIGHUP
 
iwconfig wlan0 essid "myEssid" key on #maybe "key on" is optional
 
sleep 15; dhcpcd wlan0
 
 
 
When I do
 
ps aux | grep wpa
 
I get a running wpa_supplicant even though i just killed it. Seems like iwconfig started the service for me.
 
 
 
My wireless card:
 
Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02)
 

Latest revision as of 22:11, 15 April 2013