wpa_supplicant

From Gentoo Wiki
Jump to: navigation, search

External resources

wpa_supplicant is a Wifi supplicant to handle authentication.

Installation

Install net-wireless/wpa_supplicant:

→ Information about USE flags
USE flag Default Recommended Description
ap No Add support for access point mode
dbus Yes Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc)
eap-sim No Add support for EAP-SIM authentication algorithm
fasteap No Add support for FAST-EAP authentication algorithm
gnutls No Adds support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
p2p No Add support for Wi-Fi Direct mode
ps3 No Add support for ps3 hypervisor driven gelic wifi
qt4 Yes Adds support for the Qt GUI/Application Toolkit version 4.x
readline Yes Enables support for libreadline, a GNU line-editing library that almost everyone wants
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
smartcard No Add support for smartcards
ssl Yes Adds support for Secure Socket Layer connections
wimax No Add support for Wimax EAP-PEER authentication algorithm
wps No Add support for Wi-Fi Protected Setup
root # emerge --ask wpa_supplicant

Configuration

Setup

For usage with one single wireless interface it will need just one configuration file.

File/etc/wpa_supplicant/wpa_supplicant.conf

# Allow users in the 'wheel' group to control wpa_supplicant
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

# Make this file writable for wpa_gui
update_config=1

Setup for dhcpcd as network manager

Note that if you are using wpa_supplicant-2.0-r2 or older, it needs "env wpa_supplicant_driver=nl80211" in /etc.dhcpcd.conf.[1]

Important
Don't add it to any runlevel. It will be controlled by dhcpcd.[2]

Setup for Gentoo net.* scrips

Tell the network script to use wpa_supplicant.[3][4]

File/etc/conf.d/net

modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211"
config_wlan0="dhcp"

If you are using wpa_supplicant 2.1 or later, second line is no longer required. As of 2.1, wpa_supplicants defaults to using nl80211.[5]
After configuration below, you might want to change the permissions to ensure that WiFi passwords can't be viewed in plaintext by anyone using the computer:[6]

root # chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

Using wpa_gui

The simplest way to configure wpa_supplicant is by using its simple (but sufficient for most uses) user interface called wpa_gui. To enable it, build wpa_supplicant with the the qt4 USE flag enabled.

To allow unprivileged users to control the connection using wpa_gui, make sure you have GROUP=wheel and update_config=1 as mentioned before.

Editing manually

wpa_supplicant can be configured manually. This can be fine if the computer does not need to connect to many different access points.

Examples can be found in the wpa_supplicant.conf(5) man page as well as the example wpa_supplicant.conf in the documentation directory (e.g. /usr/share/doc/wpa_supplicant-1.0)

WPA2 with wpa_supplicant

Connecting to any wireless access point serving YourSSID

File/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
#ap_scan=0
#update_config=1

network={
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=WPA2
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Using bssid to specify which access point it should connect to using its MAC address, in case there are repeaters in place. Remeber to use wpa_passphrase <ssid> [passphrase] to generate the psk

File/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
ap_scan=1

network={
        bssid=00:50:17:31:1a:11
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=WPA2
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Auto-connect to any unsecured network

File/etc/wpa_supplicant/wpa_supplicant.conf

network={
        key_mgmt=NONE
        priority=-999
}

Troubleshooting

In case it does not work as expected try some of the following and analyze the output.

Run wpa_supplicant in debug mode

root # wpa_supplicant -Dnl80211 -iwlan0 -C/var/run/wpa_supplicant/ -c/etc/wpa_supplicant/wpa_supplicant.conf -dd
wpa_supplicant v2.2
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'wlp8s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface '/var/run/wpa_supplicant' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='DIR=/var/run/wpa_supplicant GROUP=wheel'
update_config=1
Line: 6 - start of a new network block

Enable Logging

By default, wpa_supplicant performs very little debugging without the USE flag debug enabled.

root # USE="debug" emerge --ask wpa_supplicant
File/etc/conf.d/net

modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211 -d -f /var/log/wpa_supplicant.log"
config_wlan0="dhcp"

Now, within one terminal issue the command "tail -f /var/log/wpa_supplicant.log" and within another, restart the net.wlan0 device.

Can't Connect to Hidden SSID

This plagued me for several days and I recently found, by an accidental firmware settings reset on my DD-RWT Linksys router, that the settings within DD-WRT can cause havoc for some reason.

So, basically, if you cannot connect to an Access Point (AP) or wireless router using wpa_supplicant, try reseting the AP or wireless router's settings to factory defaults. I know it's a drastic solution, but it solved my issues with trying to connect with a ath9k AR9462 wireless device and WRT54G DD-WRT wireless router [Firmware: DD-WRT v24-sp2 (11/02/09) std]. Some symptoms were, SSID was not broadcasted after setting broadcast to enabled. Setting encryption mode to WPA, didn't allow selecting both WPA Algorithms, and only selected one type. Also, selecting WPA, prevented broadcasting the SSID. Seems to be a firmware glitch and any DD-WRT bug submitter should probably submit this as a possible bug.

References