wpa_supplicant

From Gentoo Wiki
Jump to: navigation, search


Resources

wpa_supplicant is a Wifi supplicant to handle authentication.

Installation

USE flags

Optional USE flags for net-wireless/wpa_supplicant:
USE flag (what is that?) Default Recommended Description
ap No Add support for access point mode
dbus Yes Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc)
eap-sim No Add support for EAP-SIM authentication algorithm
fasteap No Add support for FAST-EAP authentication algorithm
gnutls No Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
hs2-0 No Add support for 802.11u and Passpoint for HotSpot 2.0
p2p No Add support for Wi-Fi Direct mode
ps3 No Add support for ps3 hypervisor driven gelic wifi
qt4 Yes Add support for the Qt GUI/Application Toolkit version 4.x
readline Yes Enable support for libreadline, a GNU line-editing library that almost everyone wants
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
smartcard No Add support for smartcards
ssl Yes Add support for Secure Socket Layer connections
tdls No Add support for Tunneled Direct Link Setup (802.11z)
uncommon-eap-types No Add support for Wi-Fi Protected Setup
wimax No Add support for Wimax EAP-PEER authentication algorithm
wps No Add support for Wi-Fi Protected Setup

Emerge

After USE flags have been reviewed, install net-wireless/wpa_supplicant using Portage's emerge command:

root #emerge --ask wpa_supplicant

Configuration

The necessary wireless device drivers need to be installed. For usage with a single wireless interface only one configuration file will be needed:

FILE /etc/wpa_supplicant/wpa_supplicant.conf
# Allow users in the 'wheel' group to control wpa_supplicant
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
 
# Make this file writable for wpa_gui
update_config=1

To allow unprivileged users to control the connection using wpa_gui / wpa_cli, make sure GROUP=wheel and update_config=1.

Setup for dhcpcd as network manager

No special setup is needed for operating wpa_supplicant with dhcpcd.

Important
Do not add wpa_supplicant to any runlevel. It will be controlled by dhcpcd.

Setup for Gentoo net.* scripts

Tell the network script to use wpa_supplicant:

FILE /etc/conf.d/net
modules_wlan0="wpa_supplicant"
config_wlan0="dhcp"

After configuration below it is a good idea change the permissions to ensure that WiFi passwords can not be viewed in plaintext by anyone using the computer:[1]

root #chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

Usage

Using wpa_gui

The simplest way to use wpa_supplicant is by using its interface called wpa_gui. To enable it, build wpa_supplicant with the the qt4 flag enabled.

Using wpa_cli

Wpa_supplicant also has a command-line user interface. Typing wpa_cli starts its interactive mode with tab-completion.

user $wpa_cli

wpa_cli v2.3 Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> and contributors

This software may be distributed under the terms of the BSD license. See README for more details.


Selected interface 'wlp8s0'

Interactive mode

>

Typing help at this prompt will list the commands available. More details on how to connect can be found in the Arch Linux wiki.[2]

Editing manually

wpa_supplicant can be configured manually. This works well if the computer does not need to connect to many different access points.

Examples can be found in the wpa_supplicant.conf(5) man page as well as the example wpa_supplicant.conf in the documentation directory (e.g. /usr/share/doc/wpa_supplicant-1.0).

WPA2 with wpa_supplicant

Connecting to any wireless access point serving YourSSID

FILE /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
#ap_scan=0
#update_config=1
 
network={
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Using bssid to specify which access point it should connect to using its MAC address, in case there are repeaters in place. Remember to use wpa_passphrase <ssid> [passphrase] to generate the psk

FILE /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
ap_scan=1
 
network={
        bssid=00:50:17:31:1a:11
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Auto-connect to any unsecured network

FILE /etc/wpa_supplicant/wpa_supplicant.conf
network={
        key_mgmt=NONE
        priority=-999
}

Troubleshooting

In case it does not work as expected try some of the following and analyze the output.

Run wpa_supplicant in debug mode

root #wpa_supplicant -Dnl80211 -iwlan0 -C/var/run/wpa_supplicant/ -c/etc/wpa_supplicant/wpa_supplicant.conf -dd
wpa_supplicant v2.2
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'wlp8s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface '/var/run/wpa_supplicant' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='DIR=/var/run/wpa_supplicant GROUP=wheel'
update_config=1
Line: 6 - start of a new network block

Enable Logging

By default, wpa_supplicant performs very little debugging without the debug flag enabled.

root #USE="debug" emerge --ask wpa_supplicant
FILE /etc/conf.d/netfor usage with the Setup for Gentoo net.* scripts
modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211 -d -f /var/log/wpa_supplicant.log"
config_wlan0="dhcp"

Now, within one terminal issue a tail command to monitor output and restart the net.wlan0 device in another:

root #tail -f /var/log/wpa_supplicant.log
root #/etc/init.d/net.wlan0 restart

References

See also

External resources