Wpa supplicant

wpa_supplicant is WiFi supplicant]] to handle the authentication part of network management, optionally also bringing up interfaces.

Installation
As a precondition, wireless support might need to be activated in the kernel as described in Wifi/IEEE_802.11 as well as necessary wireless device drivers.

Emerge
After USE flags have been reviewed, install using Portage's  command:

Setup for wireless interface
For usage with a single wireless interface only one configuration file will be needed.

To allow unprivileged users to control the connection using /, make sure the users are in the  group.

This file does not exist by default; a well documented template configuration file can be copied from where the value of the P variable is the name and version of the currently emerged wpa_supplicant:

Setup wired 802.1X
It's possible to have wired connections handled via wpa_supplicant, which is useful for networks using 802.1X. Create a separate configuration file containing the wired configuration. Below example use certificates for authentication, check the wpa_supplicant.conf man page for examples of other methods.

Since the configuration file contains sensitive information, chmod accordingly.

wpa_supplicant needs some extra parameters to apply above configuration to the wired interface (eth0) Note that below wpa_supplicant arguments assumes wpa_supplicant is version >=2.6-r2 (-M, CONFIG_MATCH_IFACE=y)

Let wpa_supplicant handle start/stop of the interfaces by removing them from /etc/init.d and enabling the wpa_supplicant daemon

Check the status of the wired interface via wpa_cli

Setup the network manager
Be sure to choose the corresponding setup.

Setup for dhcpcd as network manager
In case the deprecated WEXT driver is needed, changing the wireless driver can help resolve cases where it associates then immediately disconnects with reason 3. Run to see a list of the available drivers that were built at compile-time.

Setup for Gentoo net.* scripts
Tell the network script to use wpa_supplicant:

After configuration below it is a good idea to change the permissions to ensure that WiFi passwords can not be viewed in plaintext by anyone using the computer:

Setup for NetworkManager
NetworkManager configured with wpa_supplicant as WiFi backend is able to use D-Bus to start wpa_supplicant when needed. Therefore it is recommended to keep the wpa_supplicant service itself stopped at boot time.

Using wpa_gui
The simplest way to use wpa_supplicant is by using its interface called. To enable it, build wpa_supplicant with the USE flag enabled.

Using wpa_cli
Wpa_supplicant also has a command-line user interface. Typing starts its interactive mode with tab-completion. Typing  at this prompt will list the commands available (click "Expand" to view the output for the  command below):

More details on how to connect can be found in the Arch Linux wiki.

Using wpa_passphrase
wpa_supplicant includes a tool to quickly write a network block from the command line for pre-shared key (WPA-PSK aka password) networks,.

The SSID is required. If omitted, the passphrase can be entered when prompted.

The resulting output can then be copied or piped to.

Editing manually
Of course, the configuration file could also be edited manually. However this can be very laborious if the computer needs to connect to many different access points.

Examples can be found in and.

WPA2 with wpa_supplicant
Connecting to any wireless access point serving YourSSID

Using bssid to specify which access point it should connect to using its MAC address, in case there are repeaters in place. Remember to use wpa_passphrase [passphrase] to generate the psk

Troubleshooting
In case it does not work as expected try some of the following and analyze the output.

Check for known bugs

 * Upstream's mailing list archive
 * Upstream's mailing list archive

Run wpa_supplicant in debug mode
Be sure to stop any running instance of the supplicant:

Something like the following options can be used for debugging (click "Expand" to view the output below):

Enable logging for Gentoo net.* scripts
Now, within one terminal issue a command to monitor output and restart the  device in another:

External resources

 * HOWTO: Remote access point with wpa_supplicant (Gentoo Forums)
 * Extensible Authentication Protocol (Wikipedia)
 * Extensible Authentication Protocol (wiki.freeradius.org)
 * wpa_supplicant upstream just accepted patch to allow interface matching
 * https://www.kb.cert.org/vuls/id/CHEU-AQNN3Z