手册:X86/网络/无线
介绍
Linux 上的无线网络通常非常简单。有三种方式来配置 WiFi :图形客户端、文本模式和命令行。
最简单的方法是在安装桌面环境后使用图形客户端。大多数图形客户端,例如NetworkManager 都无需多说。他们都提供了很方便地让用户点击的界面,只需几秒钟即可使用户连接网络。
除图形界面以外,NetworkManager 还包含了命令行工具及文字界面。使用
ncurses
USE 标记安装 net-misc/networkmanager 即可。对于不使用 X 或者 Wayland,但仍需要一个简单易用的网络管理工具的人而言,nmtui 会相当有用。也可以通过编辑一些配置文件从命令行配置无线网络。这需要更多的时间来设置,但它仅需下载和安装少量的包。由于图形客户端的使用方法大多是不言自明的(在其主页上有有用的屏幕截图),因此我们将重点介绍命令行替代方案。
共有三种支持命令行驱动无线网络配置的工具:net-wireless/iw、net-wireless/wireless-tools 和 {{Package|net-wireless/wpa_supplicant} }。在这三个中,net-wireless/wpa_supplicant 是首选。要记住的重要一点是,无线网络是在全局基础上配置的,而不是在接口基础上进行配置的。
net-wireless/iw 软件,net-wireless/wireless-tools 的继承者,支持几乎所有的网卡和驱动程序,但它不能连接到 WPA-only 接入点。如果网络仅提供 WEP 加密或完全开放,那么 net-wireless/iw 在简单性方面优于其他软件包。
默认情况下,某些无线网卡处于停用状态。要激活它们,请查阅硬件文档。其中一些网卡可以使用 rfkill 应用程序解锁。如果是这种情况,请使用 rfkill list 查看可用网卡并使用 rfkill unblock INDEX 激活无线功能。如果没有,则可能需要通过笔记本电脑上的按钮、开关或特殊组合键来解锁无线网卡。
WPA supplicant
WPA supplicant project 提供了一个软件包允许用户连接到 WPA 认证的接入点。
root #
emerge --ask net-wireless/wpa_supplicant
必须在内核中启用 CONFIG_PACKET 才能使 wpa_supplicant 工作。要查看它是否在当前内核上启用,请尝试:
root #
zgrep CONFIG_PACKET /proc/config.gz
root #
grep CONFIG_PACKET /usr/src/linux/.config
Depending on the USE flags, wpa_supplicant can install a graphical interface written in Qt5, which will integrate nicely with KDE. To get it, enable
USE="qt5"
for the net-wireless/wpa_supplicant package.接下来,配置 /etc/conf.d/net 以便 wpa_supplicant 模块优先于 wireless-tools(如果两者都安装,则 wireless-tools 是默认值)。
# 优先使用 wpa_supplicant 而非 wireless-tools
modules="wpa_supplicant"
When using the host-ap driver it is necessary to put the card in Managed mode before it can be used with wpa_supplicant correctly. This can be achieved by setting
iwconfig_eth0="mode managed"
in /etc/conf.d/net.接下来配置 wpa_supplicant 本身(考虑到接入点的安全性,这有点棘手)。以下示例取自 wpa_supplicant 附带的 /usr/share/doc/wpa_supplicant-<version>/wpa_supplicant.conf.gz。
# The below line not be changed otherwise wpa_supplicant refuses to work
ctrl_interface=/var/run/wpa_supplicant
# Ensure that only root can read the WPA configuration
ctrl_interface_group=0
# Let wpa_supplicant take care of scanning and AP selection
ap_scan=1
# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
network={
ssid="simple"
psk="very secret passphrase"
# The higher the priority the sooner we are matched
priority=5
}
# Same as previous, but request SSID-specific scanning (for APs that reject
# broadcast SSID)
network={
ssid="second ssid"
scan_ssid=1
psk="very secret passphrase"
priority=2
}
# Only WPA-PSK is used. Any valid cipher combination is accepted
network={
ssid="example"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
priority=2
}
# Plaintext connection (no WPA, no IEEE 802.1X)
network={
ssid="plaintext-test"
key_mgmt=NONE
}
# Shared WEP key connection (no WPA, no IEEE 802.1X)
network={
ssid="static-wep-test"
key_mgmt=NONE
# Keys in quotes are ASCII keys
wep_key0="abcde"
# Keys specified without quotes are hex keys
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
}
# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
# IEEE 802.11 authentication
network={
ssid="static-wep-test2"
key_mgmt=NONE
wep_key0="abcde"
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
auth_alg=SHARED
}
# IBSS/ad-hoc network with WPA-None/TKIP
network={
ssid="test adhoc"
mode=1
proto=WPA
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP
psk="secret passphrase"
}
无线工具
初始设置和管理模式
无线网络工具项目提供了一种将基本无线网络接口配置到 WEP 安全级别的通用方法。虽然 WEP 是一种较弱的安全方法,但它仍然在世界范围内流行。
无线网络工具配置由几个主要变量控制。下面的配置文件示例应该描述了所有需要的内容。要记住的一件事是,没有配置意味着“连接到信号最强的未加密接入点”——无线网络工具总是会尝试将系统连接到某些热点。
root #
emerge --ask net-wireless/wireless-tools
Although net-wireless/iw is the current tool for the wireless stack, net-misc/netifrc before version 0.6.0 does not work with the new commands. net-wireless/wireless-tools must be used with netifrc with earlier versions. For more information consult the variable name documentation.
# Prefer iwconfig over wpa_supplicant
modules="iwconfig"
# Configure WEP keys for Access Points called ESSID1 and ESSID2
# You may configure up to 4 WEP keys, but only 1 can be active at
# any time so we supply a default index of [1] to set key [1] and then
# again afterwards to change the active key to [1]
# We do this incase you define other ESSID's to use WEP keys other than 1
#
# Prefixing the key with s: means it's an ASCII key, otherwise a HEX key
#
# enc open specified open security (most secure)
# enc restricted specified restricted security (least secure)
key_ESSID1="[1] s:yourkeyhere key [1] enc open"
key_ESSID2="[1] aaaa-bbbb-cccc-dd key [1] enc restricted"
# The below only work when we scan for available Access Points
# Sometimes more than one Access Point is visible so we need to
# define a preferred order to connect in
preferred_aps="'ESSID1' 'ESSID2'"
Fine-tune AP selection
It is possible to add some extra options to fine-tune the AP selection, but these are not required.
One way is to configure the system so it only connects to preferred APs. By default if everything configured has failed and wireless-tools can connect to an unencrypted Access Point then it will. This can be controlled by the associate_order variable. Here's a table of values and how they control this.
Value | Description |
---|---|
any | Default behavior. |
preferredonly | Only connect to visible APs in the preferred list. |
forcepreferred | Forceably connect to APs in the preferred order if they are not found in a scan. |
forcepreferredonly | Do not scan for APs - instead just try to connect to each one in order. |
forceany | Same as forcepreferred + connect to any other available AP. |
There is also the blacklist_aps and unique_ap selection. blacklist_aps works in a similar way to preferred_aps. unique_ap is a yes or no value that says if a second wireless interface can connect to the same Access Point as the first interface.
# Sometimes you never want to connect to certain access points
blacklist_aps="'ESSID3' 'ESSID4'"
# If you have more than one wireless card, you can say if you want
# to allow each card to associate with the same Access Point or not
# Values are "yes" and "no"
# Default is "yes"
unique_ap="yes"
Ad-hoc 和主模式
To set the system up as an ad-hoc node when it fails to connect to any Access Point in managed mode, use this as a fallback:
adhoc_essid_eth0="This Adhoc Node"
It is also possible to connect to ad-hoc networks, or to run the system in master mode so it becomes an access point itself.
# Set the mode - can be managed (default), ad-hoc or master
# Not all drivers support all modes
mode_eth0="ad-hoc"
# Set the ESSID of the interface
# In managed mode, this forces the interface to try and connect to the
# specified ESSID and nothing else
essid_eth0="This Adhoc Node"
# We use channel 3 if you don't specify one
channel_eth0="9"
An important resource about channel selection is the BSD wavelan documentation found at the NetBSD documentation. There are 14 channels possible; We are told that channels 1-11 are legal for North America, channels 1-13 for most of Europe, channels 10-13 for France, and only channel 14 for Japan. If in doubt, please refer to the documentation that came with the card or access point. Make sure that the channel selected is the same channel the access point (or the other card in an ad-hoc network) is on. The default for cards sold in North America and most of Europe is 3; the default for cards sold in France is 11, and the default for cards sold in Japan is 14.
无线网络工具故障排除
由于驱动程序或环境问题,还有一些变量可以帮助启动和运行无线网络。这是可以尝试的其他方法的表格。
Variable name | Default value | Description |
---|---|---|
iwconfig_eth0 | See the iwconfig man page for details on what to send iwconfig. | |
iwpriv_eth0 | See the iwpriv man page for details on what to send iwpriv. | |
sleep_scan_eth0 | 0 | The number of seconds to sleep before attempting to scan. This is needed when the driver/firmware needs more time to active before it can be used. |
sleep_associate_eth0 | 5 | The number of seconds to wait for the interface to associate with the Access Point before moving onto the next one. |
associate_test_eth0 | MAC | Some drivers do not reset the MAC address associated with an invalid one when they lose or attempt association. Some drivers do not reset the quality level when they lose or attempt association. Valid settings are MAC, quality and all. |
scan_mode_eth0 | Some drivers have to scan in ad-hoc mode, so if scanning fails try setting ad-hoc here. | |
iwpriv_scan_pre_eth0 | Sends some iwpriv commands to the interface before scanning. See the iwpriv man page for more details. | |
iwpriv_scan_post_eth0 | Sends some iwpriv commands to the interface after scanning. See the iwpriv man page for more details. |
定义每个 ESSID 的网络配置
In this section, we show how to configure network settings based on the ESSID. For instance, with the wireless network with ESSID ESSID1 configure a static IP address while ESSID ESSID2 uses DHCP.
This works with both wpa_supplicant as well as wireless-tools
请查阅变量名文档。
config_ESSID1="192.168.0.3/24 brd 192.168.0.255"
routes_ESSID1="default via 192.168.0.1"
config_ESSID2="dhcp"
fallback_ESSID2="192.168.3.4/24"
fallback_route_ESSID2="default via 192.168.3.1"
# We can define nameservers and other things too
# NOTE: DHCP will override these unless it's told not to
dns_servers_ESSID1="192.168.0.1 192.168.0.2"
dns_domain_ESSID1="some.domain"
dns_search_domains_ESSID1="search.this.domain search.that.domain"
# You override by the MAC address of the Access Point
# This handy if you goto different locations that have the same ESSID
config_001122334455="dhcp"
dhcpcd_001122334455="-t 10"
dns_servers_001122334455="192.168.0.1 192.168.0.2"