Difference between revisions of "WPA supplicant"
m (→Configuration: WORDS) |
(add wpa_cli info) |
||
| Line 18: | Line 18: | ||
Optionally {{Pkg|wpa_supplicant_gui}} can be installed which provides {{ic|wpa_gui}}; a graphical frontend for {{ic|wpa_supplicant}} using the {{pkg|qt4}} toolkit. | Optionally {{Pkg|wpa_supplicant_gui}} can be installed which provides {{ic|wpa_gui}}; a graphical frontend for {{ic|wpa_supplicant}} using the {{pkg|qt4}} toolkit. | ||
| + | |||
| + | == Connecting with wpa_cli == | ||
| + | |||
| + | To associate with a wireless access point (WAP) using {{ic|wpa_supplicant}}, use the including command line tool {{ic|wpa_cli}}. To allow the wheel group to manipulate wpa_supplicant, create a config file containing {{ic|ctrl_interface=GROUP=wheel}}. To enable saving changes made using wpa_cli, append to the configuration {{ic|update_config=1}}. Start wpa_supplicant with | ||
| + | |||
| + | # wpa_supplicant -B -C /run/wpa_supplicant -i ''interface'' -c ''/path/to/config'' | ||
| + | |||
| + | Invoke {{ic|wpa_cli}} with no arguments to get an interactive prompt ({{ic|>}}). The prompt has tab completion and descriptions of completed commands. The command {{ic|scan}} initiates a scan; a notification is issued when the scan is complete. Then: | ||
| + | |||
| + | > scan_results | ||
| + | bssid / frequency / signal level / flags / ssid | ||
| + | 00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID | ||
| + | 11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID | ||
| + | |||
| + | To associate with ''MYSSID'', tell {{ic|wpa_supplicant}} about it. Each network is indexed numerically, so the first network will have index zero. The [http://en.wikipedia.org/wiki/Pre-shared_key PSK] can be provided without quotes as an alternative to providing the passphrase in this example: | ||
| + | |||
| + | > add_network | ||
| + | 0 | ||
| + | > set_network 0 ssid "''MYSSID''" | ||
| + | > set_network 0 psk "''passphrase''" | ||
| + | > enable_network 0 | ||
| + | <2>CTRL-EVENT-CONNECTED - Connection to 00:00:00:00:00:00 completed (reauth) [id=0 id_str=] | ||
| + | |||
| + | To save this network in the configuration file, | ||
| + | |||
| + | > save_config | ||
| + | OK | ||
| + | |||
| + | Now that association with the WAP is complete, obtain an IP address via {{Pkg|dhcpcd}} or using the {{Pkg|iproute2}} tools. | ||
== Configuration == | == Configuration == | ||
Revision as of 14:57, 12 September 2013
Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end
wpa_supplicant is a cross-platform WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN (Robust Secure Network)). It is suitable for both desktop/laptop computers and embedded systems. wpa_supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.
Contents
Installation
Install wpa_supplicant from the official repositories.
Optionally wpa_supplicant_gui can be installed which provides wpa_gui; a graphical frontend for wpa_supplicant using the qt4 toolkit.
Connecting with wpa_cli
To associate with a wireless access point (WAP) using wpa_supplicant, use the including command line tool wpa_cli. To allow the wheel group to manipulate wpa_supplicant, create a config file containing ctrl_interface=GROUP=wheel. To enable saving changes made using wpa_cli, append to the configuration update_config=1. Start wpa_supplicant with
# wpa_supplicant -B -C /run/wpa_supplicant -i interface -c /path/to/config
Invoke wpa_cli with no arguments to get an interactive prompt (>). The prompt has tab completion and descriptions of completed commands. The command scan initiates a scan; a notification is issued when the scan is complete. Then:
> scan_results bssid / frequency / signal level / flags / ssid 00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID 11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID
To associate with MYSSID, tell wpa_supplicant about it. Each network is indexed numerically, so the first network will have index zero. The PSK can be provided without quotes as an alternative to providing the passphrase in this example:
> add_network 0 > set_network 0 ssid "MYSSID" > set_network 0 psk "passphrase" > enable_network 0 <2>CTRL-EVENT-CONNECTED - Connection to 00:00:00:00:00:00 completed (reauth) [id=0 id_str=]
To save this network in the configuration file,
> save_config OK
Now that association with the WAP is complete, obtain an IP address via dhcpcd or using the iproute2 tools.
Configuration
wpa_supplicant provides a reference configuration file located at /etc/wpa_supplicant/wpa_supplicant.conf which contains detailed documentation for the all available options and their utilisation.
In its simplest form, a configuration file requires only a network block. For example:
/etc/wpa_supplicant/foobar.conf
network={
ssid="..."
}
This can easily be generated using the wpa_passphrase tool. For example:
$ wpa_passphrase essid passphrase
network={
ssid="essid"
#psk="passphrase"
psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
}
Now both wpa_supplicant and wpa_passphrase can be combined to associate with almost all WPA2 (Personal) networks:
# wpa_supplicant -B -i interface -c <(wpa_passphrase essid passphrase)
All that remains is to simply connect using a static IP or DHCP. For example:
# dhcpcd -A interface
Maintaining a custom configuration
As discussed above we can make use of wpa_passphrase to generate a basic configuration which we can augment with additional networks and options of our choosing. This may be necessary for more advanced networks employing extensive use of EAP.
Firstly we will use wpa_passphrase to create our basic configuration file.
# wpa_passphrase essid passphrase > /etc/wpa_supplicant/foobar.conf
Next add a ctrl_interface so that we may control the wpa_supplicant daemon. We can allow wpa_cli to edit this configuration by setting update_config=1.
/etc/wpa_supplicant/foobar.conf
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel # allow control for members in the 'wheel' group
update_config=1
network={
ssid="foobarssid"
psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
}
Multiple network blocks may be appended to this configuration.
To start your network simply run the following:
# ip link set interface up # wpa_supplicant -B -D nl80211 -i interface -c /etc/wpa_supplicant/foobar.conf # dhcpcd -A interface
For networks of varying complexity please study the examples provided in the default /etc/wpa_supplicant/wpa_supplicant.conf file.
Enabling with systemd
In order to enable wireless at boot, enable wpa_supplicant on your particular wireless interface. To get connectivity with DHCP, enable dhcpcd.service as well. Finally, to handle possible ethernet connections, install ifplugd and enable it on your ethernet interface. For instance, the invocations might look like
# systemctl enable wpa_supplicant@wlp3s1 # systemctl enable dhcpcd # systemctl enable ifplugd@enp5s2
WPA Supplicant handles roaming for all the SSIDs in its configuration file, and ifplugd will configure ethernet and bring down wireless when an ethernet cable is plugged into the machine. dhcpcd takes care of leasing an IP on all interfaces.
It is likely that wpa_supplicant@.service will have to be modified so that it will read the proper configuration file. To override the ExecStart= line, create the following:
/etc/systemd/system/wpa_supplicant@.service.d/foo.conf
[Service] ExecStart= ExecStart=/usr/bin/wpa_supplicant -c/etc/wpa_supplicant/bar.conf -i%i
The WantedBy= section in the current version is incorrect. If the line in wpa_supplicant@.service does not match your interface name (wlan0), it will be necessary to copy the service file to /etc/systemd/system and edit it to reflect
[Install] WantedBy=multi-user.target
The issue is fixed in this commit