Wpa supplicant

Warning: Display title "wpa_supplicant" overrides earlier display title "Wpa supplicant".

wpa_supplicant 是 一个处理网络认证的 wifi 请求者程序（supplicant）。

安装

作为前提条件，无线支持可能需要在内核中激活在IEEE_802.11中介绍的内容，以及必要的 无线设备驱动。^[1]

USE 标记

Emerge

检查了 USE 标记之后，使用 Portage 的 emerge 命令安装 net-wireless/wpa_supplicant：

配置

文件

# 允许 “wheel” 组中的用户控制 wpa_supplicant
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
 
# 使 wpa_gui / wpa_cli 对此文件可写
update_config=1

This file does not exist by default; a well documented template configuration file can be copied from /usr/share/doc/${P}/wpa_supplicant.conf.bz2 where the value of the P variable is the name and version of the currently emerged wpa_supplicant:

Setup wired 802.1X

It's possible to have wired connections handled via wpa_supplicant, which is useful for networks using 802.1X. Create a separate configuration file containing the wired configuration. Below example use certificates for authentication, check the wpa_supplicant.conf man page for examples of other methods.

ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=1
 
network={
	key_mgmt=IEEE8021X
	eap=TLS
	identity="COMPUTERAACT$@DOMAIN"
	ca_cert="/etc/wpa_supplicant/ca.pem"
	client_cert="/etc/wpa_supplicant/COMPUTERACCT.pem"
	private_key="/etc/wpa_supplicant/COMPUTERAACT.key"
	private_key_passwd="secret_password"
	eapol_flags=0
}

Since the configuration file contains sensitive information, chmod accordingly.

wpa_supplicant needs some extra parameters to apply above configuration to the wired interface (eth0) Note that below wpa_supplicant arguments assumes wpa_supplicant is version >=2.6-r2 (-M, CONFIG_MATCH_IFACE=y)

wpa_supplicant_args="-ieth0 -Dwired -c/etc/wpa_supplicant/wpa_supplicant_wired.conf -M -c/etc/wpa_supplicant/wpa_supplicant.conf"

Let wpa_supplicant handle start/stop of the interfaces by removing them from /etc/init.d and enabling the wpa_supplicant daemon

Check the status of the wired interface via wpa_cli

wpa_cli v2.8
Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors
 
This software may be distributed under the terms of the BSD license.
See README for more details.
 
 
Selected interface 'p2p-dev-wlan0'
 
Interactive mode
 
> interface eth0
Connected to interface 'eth0.
> status
bssid=00:00:00:00:00:00
freq=0
ssid=
id=0
mode=station
pairwise_cipher=NONE
group_cipher=NONE
key_mgmt=IEEE 802.1X (no WPA)
wpa_state=COMPLETED
ip_address=10.10.10.100
p2p_device_address=bb:bb:bb:bb:bb:bb
address=aa:aa:aa:aa:aa:aa
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=13 (EAP-TLS)
eap_tls_version=TLSv1
EAP TLS cipher=ECDHE-RSA-AES256-SHA
...

Setup the network manager

请务必选择相应的设置。

设置为 dhcpcd 的网络管理器

Emerge wpa_supplicant (Version >=2.6-r2 is needed in order to get the CONFIG_MATCH_IFACE option added in April 2017.)

Complete its conf.d file with the -M option for the wireless network interface:

wpa_supplicant_args="-B -M -c/etc/wpa_supplicant/wpa_supplicant.conf"

In case authentication for the wired interface is needed this configuration file should look like

wpa_supplicant_args="-ieth0 -Dwired -c/etc/wpa_supplicant/wpa_supplicant_wired.conf -B -M -c/etc/wpa_supplicant/wpa_supplicant.conf"

With the configuration done, run it as a service:

In case the deprecated WEXT driver is needed, changing the wireless driver can help resolve cases where it associates then immediately disconnects with reason 3. Run wpa_supplicant -h to see a list of the available drivers that were built at compile-time.

wpa_supplicant_args="-D wext"

在Gentoo 中设置 net.* 脚本

告诉网络脚本使用 wpa_supplicant：

modules_wlan0="wpa_supplicant"
config_wlan0="dhcp"

完成下面的配置后，最好更改权限，确保使用计算机的任何人都不能以明文形式查看WiFi密码：^[2]

使用

使用 wpa_gui

The simplest way to use wpa_supplicant is by using its interface called wpa_gui. To enable it, build wpa_supplicant with the qt5 USE flag enabled.

使用 wpa_cli

Wpa_supplicant also has a command-line user interface. Typing wpa_cli starts its interactive mode with tab-completion. Typing help at this prompt will list the commands available (click "Expand" to view the output for the wpa_cli command below):

wpa_cli v2.5
 Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors
 
 This software may be distributed under the terms of the BSD license.
 See README for more details.
 
 
 Selected interface 'wlan0'
 
 Interactive mode
 
 > scan
 OK
 > scan_results
 bssid / frequency / signal level / flags / ssid
 01:23:45:67:89:ab       2437    0       [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][ESS]    hotel-free-wifi
 > add_network
 0
 > set_network 0 ssid "hotel-free-wifi"
 OK
 > set_network 0 psk "password"
 OK
 > enable_network 0
 OK
 <3>CTRL-EVENT-SCAN-RESULTS 
 <3>WPS-AP-AVAILABLE 
 <3>Trying to associate with 01:23:45:67:89:ab (SSID='hotel-free-wifi' freq=2437 MHz)
 <3>Associated with 01:23:45:67:89:ab
 <3>WPA: Key negotiation completed with 01:23:45:67:89:ab [PTK=CCMP GTK=TKIP]
 <3>CTRL-EVENT-CONNECTED - Connection to 01:23:45:67:89:ab completed [id=0 id_str=]
 > save_config 
 OK
 > quit

更多有关与如何连接的详细信息，可以在 Arch Linux Wiki 中找到。^[3]

使用 wpa_passphrase

其中 SSID 必须输入。但如果省略了 passphrase ，可以在出现提示时输入密码。

输出的结果可以复制或使用管道命令输出到 /etc/wpa_supplicant/wpa_supplicant.conf.

手动编辑

当然，/etc/wpa_supplicant/wpa_supplicant.conf 配置文件也能手动编辑。但是，如果计算机需要连接到许多不同的接入点，这会很耗时费力。

示例可以在 man 5 wpa_supplicant.conf 和 /usr/share/doc/wpa_supplicant-2.4-r3/wpa_supplicant.conf.bz2 中找到。

WPA2 with wpa_supplicant

Connecting to any wireless access point serving YourSSID

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
#ap_scan=0
#update_config=1
 
network={
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

Using bssid to specify which access point it should connect to using its MAC address, in case there are repeaters in place. Remember to use wpa_passphrase <ssid> [passphrase] to generate the psk

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
ap_scan=1
 
network={
        bssid=00:50:17:31:1a:11
        ssid="YourSSID"
        psk="your-secret-key"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-PSK
        group=CCMP TKIP
        pairwise=CCMP TKIP
        priority=5
}

自动连接到任何不安全的网络

network={
        key_mgmt=NONE
        priority=-999
}

故障排除

如果它不能像你预期的那样运行，请尝试下面的一些操作并分析输出。

检索已知 bug

• Gentoo bugtracker: known bugs
• 上游邮件列表存档

以调试模式运行 wpa_supplicant

区别已停止所有运行的请求者 (supplicant) 实例：

Something like the following options can be used for debugging (click "Expand" to view the output below):

wpa_supplicant v2.2
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'wlp8s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface '/var/run/wpa_supplicant' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='DIR=/var/run/wpa_supplicant GROUP=wheel'
update_config=1
Line: 6 - start of a new network block

启用日志

在 Gentoo 中启用 net.* 脚本日志

modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-Dnl80211 -d -f /var/log/wpa_supplicant.log"
config_wlan0="dhcp"

Now, within one terminal issue a tail command to monitor output and restart the net.wlan0 device in another:

参考

另请参阅

外部资源