wpa_supplicant

From Gentoo Wiki
Jump to: navigation, search

External resources

wpa_supplicant is a Wifi supplicant to handle authentication.

Installation

Install net-wireless/wpa_supplicant:

→ Information about USE flags
USE flag Default Recommended Description
ap No Add support for access point mode
dbus Yes Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc)
eap-sim No Add support for EAP-SIM authentication algorithm
fasteap No Add support for FAST-EAP authentication algorithm
gnutls No Adds support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
p2p No Add support for Wi-Fi Direct mode
ps3 No Add support for ps3 hypervisor driven gelic wifi
qt4 Yes Adds support for the Qt GUI/Application Toolkit version 4.x
readline Yes Enables support for libreadline, a GNU line-editing library that almost everyone wants
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
smartcard No Add support for smartcards
ssl Yes Adds support for Secure Socket Layer connections
wimax No Add support for Wimax EAP-PEER authentication algorithm
wps No Add support for Wi-Fi Protected Setup
root # emerge --ask wpa_supplicant

Configuration

Netifrc setup for wlan0

File/etc/conf.d/net

modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211"
config_wlan0="dhcp"

After configuration below, you might want to change the permissions to ensure that WiFi passwords can't be viewed in plaintext by anyone using the computer:

root # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

Using wpa_gui

The simplest way to configure wpa_supplicant is by using its simple (but sufficient for most uses) user interface called wpa_gui. To enable it, build wpa_supplicant with the the qt4 USE flag enabled.

To allow unprivileged users to control the connection using wpa_gui, add the following at the beginning of your /etc/wpa_supplicant/wpa_supplicant.conf:

File/etc/wpa_supplicant/wpa_supplicant.conf

# Allow users in the 'wheel' group to control wpa_supplicant
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

# Allow user-made changes to be saved (e.g. add networks)
update_config=1

Editing manually

wpa_supplicant can be configured manually. This can be fine if the computer does not need to connect to many different access points.

Examples can be found in the wpa_supplicant.conf(5) man page as well as the example wpa_supplicant.conf in the documentation directory (e.g. /usr/share/doc/wpa_supplicant-1.0)

WPA2 with wpa_supplicant

Connecting to any wireless access point serving YourSSID

File/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
#ap_scan=0
#update_config=1

network={
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=WPA2
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Using bssid to specify which access point it should connect to using its MAC address, in case there are repeaters in place. Remeber to use wpa_passphrase <ssid> [passphrase] to generate the psk

File/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
ap_scan=1

network={
        bssid=00:50:17:31:1a:11
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=WPA2
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Auto-connect to any unsecured network

File/etc/wpa_supplicant/wpa_supplicant.conf

network={
        key_mgmt=NONE
        priority=-999
}

Troubleshooting

Enable Logging

By default, wpa_supplicant performs very little debugging without the USE flag debug enabled.

root # USE="debug" emerge --ask wpa_supplicant
File/etc/conf.d/net

modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211 -d -f /var/log/wpa_supplicant.log"
config_wlan0="dhcp"

Now, within one terminal issue the command "tail -f /var/log/wpa_supplicant.log" and within another, restart the net.wlan0 device.

Can't Connect to Hidden SSID

This plagued me for several days and I recently found, by an accidental firmware settings reset on my DD-RWT Linksys router, that the settings within DD-WRT can cause havoc for some reason.

So, basically, if you cannot connect to an Access Point (AP) or wireless router using wpa_supplicant, try reseting the AP or wireless router's settings to factory defaults. I know it's a drastic solution, but it solved my issues with trying to connect with a ath9k AR9462 wireless device and WRT54G DD-WRT wireless router [Firmware: DD-WRT v24-sp2 (11/02/09) std]. Some symptoms were, SSID was not broadcasted after setting broadcast to enabled. Setting encryption mode to WPA, didn't allow selecting both WPA Algorithms, and only selected one type. Also, selecting WPA, prevented broadcasting the SSID. Seems to be a firmware glitch and any DD-WRT bug submitter should probably submit this as a possible bug.