Difference between revisions of "WPA supplicant"

From ArchWiki
Jump to: navigation, search
m (Configuration: Grammar)
(Maintaining a custom configuration: Slated to be rewritten)
Line 43: Line 43:
  
 
==Maintaining a custom configuration==
 
==Maintaining a custom configuration==
 +
{{Poor writing|This section is planned to be rewritten with a clearer structure and direction and more attention will be given to maintaining networks and controlling them effectively.}}
 
{{Note|To discover your network interface name, issue the '''ip link''' command.}}
 
{{Note|To discover your network interface name, issue the '''ip link''' command.}}
 
As discussed above we can make use of {{ic|wpa_passphrase}} to generate a basic configuration which we can augment with additional networks and options of our choosing. This may be necessary for more advanced networks employing extensive use of [https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol EAP].
 
As discussed above we can make use of {{ic|wpa_passphrase}} to generate a basic configuration which we can augment with additional networks and options of our choosing. This may be necessary for more advanced networks employing extensive use of [https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol EAP].

Revision as of 20:56, 13 August 2013

Summary help replacing me
Setup and usage of wpa_supplicant
Related
Network Configuration
Wireless Setup

wpa_supplicant is a cross-platform WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN (Robust Secure Network)). It is suitable for both desktop/laptop computers and embedded systems. wpa_supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.

Installation

Install wpa_supplicant from the official repositories.

Optionally wpa_supplicant_gui can be installed which provides wpa_gui; a graphical frontend for wpa_supplicant using the qt4 toolkit.

Configuration

wpa_supplicant provides a reference configuration file located at /etc/wpa_supplicant/wpa_supplicant.conf which contains detailed documentation for the all available options and their utilisation.

In its simplest form all the configuration file requires is a network block, for example:

/etc/wpa_supplicant/foobar.conf
network={
    ssid="..."
  }

This can easily be generated using the wpa_passphrase tool. For example:

$ wpa_passphrase foobarssid foobarspassword
network={
   ssid="foobarssid"
   #psk="foobarspassword"
   psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
}

Now both wpa_supplicant and wpa_passphrase can be combined to associate with almost all WPA2 (Personal) networks:

# wpa_supplicant -B -i [interface] -c <(wpa_passphrase [essid] [passphrase])

All that remains is to simply connect using a static IP or DHCP. For example:

# dhcpcd -A [interface]

Maintaining a custom configuration

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: This section is planned to be rewritten with a clearer structure and direction and more attention will be given to maintaining networks and controlling them effectively. (Discuss in Talk:WPA supplicant#)
Note: To discover your network interface name, issue the ip link command.

As discussed above we can make use of wpa_passphrase to generate a basic configuration which we can augment with additional networks and options of our choosing. This may be necessary for more advanced networks employing extensive use of EAP.

Firstly we will use wpa_passphrase to create our basic configuration file.

# wpa_passphrase foobarssid foobarspassword > /etc/wpa_supplicant/foobar.conf
Tip: Some unusually complex passphrases may require input from a file: # wpa_passphrase foobarssid < passphrase.txt > /etc/wpa_supplicant/foobar.conf

Next add a ctrl_interface so that we may control the wpa_supplicant daemon. We can allow wpa_cli to edit this configuration by setting update_config=1. We will also allow wpa_supplicant to initiate AP (Access Point) scanning and selection with ap_scan=1.

/etc/wpa_supplicant/foobar.conf
  ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel # allow control for members in the 'wheel' group
  update_config=1
  ap_scan=1

  network={
     ssid="foobarssid"
     psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
  }

Multiple network blocks may be appended to this configuration.

To start your network simply run the following:

# ip link set [interface] up
# wpa_supplicant -B -D nl80211 -i [interface] -c /etc/wpa_supplicant/foobar.conf
# dhcpcd -A [interface]
Note: nl80211 is preferred over the deprecated wext driver. For a list of supported drivers simply run wpa_supplicant without an argument.

For networks of varying complexity please study the examples provided in the default /etc/wpa_supplicant/wpa_supplicant.conf file.

Enabling with systemd

In order to enable wireless at boot, enable wpa_supplicant on your particular wireless interface. To get connectivity with DHCP, enable dhcpcd.service as well. Finally, to handle possible ethernet connections, install ifplugd and enable it on your ethernet interface. For instance, the invocations might look like

 # systemctl enable wpa_supplicant@wlp3s1
 # systemctl enable dhcpcd
 # systemctl enable ifplugd@enp5s2

WPA Supplicant handles roaming for all the SSIDs in its configuration file, and ifplugd will configure ethernet and bring down wireless when an ethernet cable is plugged into the machine. dhcpcd takes care of leasing an IP on all interfaces.

It is likely that wpa_supplicant@.service will have to be modified so that it will read the proper configuration file. To override the ExecStart= line, create the following:

/etc/systemd/system/wpa_supplicant@.service.d/foo.conf
  [Service]
  ExecStart=
  ExecStart=/usr/bin/wpa_supplicant -c/etc/wpa_supplicant/bar.conf -i%i

The WantedBy= section in the current version is incorrect. If the line in wpa_supplicant@.service does not match your interface name (wlan0), it will be necessary to copy the service file to /etc/systemd/system and edit it to reflect

 [Install]
 WantedBy=multi-user.target

The issue is fixed in this commit

Related Links