Difference between revisions of "WPA supplicant"

From ArchWiki
Jump to: navigation, search
(Connecting with wpa_cli: update)
(Maintaining a custom configuration: rm useless section)
Line 101: Line 101:
  > save_config
  > save_config
=== Maintaining a custom configuration ===
{{Poor writing|This section is planned to be rewritten with a clearer structure and direction and more attention will be given to maintaining networks and controlling them effectively.}}
As discussed above we can make use of ''wpa_passphrase'' to generate a basic configuration which we can augment with additional networks and options of our choosing. This may be necessary for more advanced networks employing extensive use of [[wikipedia:Extensible_Authentication_Protocol|EAP]].
Firstly we will use ''wpa_passphrase'' to create our basic configuration file.
# wpa_passphrase ''essid'' ''passphrase'' > /etc/wpa_supplicant/wpa_supplicant-''interface''.conf
Next add a {{ic|ctrl_interface}} so that we may control the ''wpa_supplicant'' daemon. We can allow ''wpa_cli'' to edit this configuration by setting {{ic|1=update_config=1}}.
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel # allow control for members in the 'wheel' group
Multiple network blocks may be appended to this configuration.
To start your network simply run the following:
# ip link set ''interface'' up
# wpa_supplicant -B -D nl80211 -i ''interface'' -c /etc/wpa_supplicant/wpa_supplicant-''interface''.conf
# dhcpcd -A ''interface''
== Starting with systemd ==
== Starting with systemd ==

Revision as of 19:13, 11 October 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end

wpa_supplicant is a cross-platform WPA Supplicant with support for WEP, WPA and WPA2 (IEEE 802.11i / RSN (Robust Secure Network)). It is suitable for both desktop and laptop computers and even embedded systems.

wpa_supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wireless driver.


Install wpa_supplicant from the official repositories.

Optionally wpa_supplicant_gui can be installed which provides wpa_gui, a graphical frontend for wpa_supplicant using the qt4 toolkit.


wpa_supplicant provides a reference configuration file located at /etc/wpa_supplicant/wpa_supplicant.conf which contains detailed documentation for all the available options and their utilisation.

In its simplest form, a configuration file requires only a network block. For example:


This can easily be generated using the wpa_passphrase tool. For example:

$ wpa_passphrase essid passphrase
Tip: Some unusually complex passphrases may require input from a file:
# wpa_passphrase essid < passphrase.txt > /etc/wpa_supplicant/wpa_supplicant-interface.conf

Once you have a configuration file, you can run wpa_supplicant daemon and connect to the wireless network:

# wpa_supplicant -B -i interface -c configuration_file

You might need to specify a driver to be used. For a list of supported drivers see the output of wpa_supplicant -h, nl80211 is preferred over the deprecated wext driver. Use the -D switch to specify the driver:

# wpa_supplicant -B -i interface -c configuration_file -D driver
Tip: Both wpa_supplicant and wpa_passphrase can be combined to associate with almost all WPA2 (Personal) networks:
# wpa_supplicant -B -i interface -c <(wpa_passphrase essid passphrase)

All that remains is to simply connect using a static IP or DHCP. For example:

# dhcpcd interface

Using wpa_cli

wpa_supplicant can be controlled manually at runtime using the wpa_cli utility. In order to use wpa_cli, the wpa_supplicant daemon must be configured to create a "control interface" (socket). This is done in the configuration file using the ctrl_interface variable, the following example will create the socket in /run/wpa_supplicant/ and allow the members of adm group to access it:

ctrl_interface=DIR=/run/wpa_supplicant GROUP=adm

It is possible to enable wpa_supplicant to modify the configuration file when a command from wpa_cli is received. This is useful to manually add new networks to the roaming configuration file without the need to restart wpa_supplicant daemon. Simply add the following to the configuration file:


After the wpa_supplicant daemon is started, you can start wpa_cli. It will try to find the socket file, use the -p option if it fails. You can specify the interface that will be configured with the -i option, otherwise the first found wireless interface managed by wpa_supplicant will be used. When wpa_cli is invoked, you will get an interactive prompt (>). The prompt has tab completion and descriptions of completed commands.

Adding new network

Initiate a scan, a notification is showed when the scan is complete:

> scan

Show scan results:

> scan_results
bssid / frequency / signal level / flags / ssid
00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID
11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID

To associate with MYSSID, tell wpa_supplicant about it. Each network is indexed numerically, so the first network will have index zero. The PSK can be provided without quotes as an alternative to providing the passphrase in this example:

> add_network
> set_network 0 ssid "MYSSID"
> set_network 0 psk "passphrase"
> enable_network 0
<2>CTRL-EVENT-CONNECTED - Connection to 00:00:00:00:00:00 completed (reauth) [id=0 id_str=]

Write the changes to the configuration file:

> save_config

Starting with systemd

Most common configuration involves enabling wpa_supplicant and dhcpcd on a particular interface (see systemd#Using units for details):

# systemctl enable wpa_supplicant@interface
# systemctl enable dhcpcd@interface

The [Install] section of systemd services in the current version of wpa_supplicant is incorrect (bug report). If your interface name is not wlan0, it will be necessary to copy the service file to /etc/systemd/system/ and replace the [Install] section with:


See systemd#Editing provided unit files for help with the editing.

Note: If you use dhcpcd@.service, you might also want to replace the -w flag with -b so that it does not wait until it is assigned an address before forking to the background.

See also