Difference between revisions of "WPA supplicant"

From ArmadeusWiki
Jump to: navigation, search
(Usage)
 
(26 intermediate revisions by 5 users not shown)
Line 1: Line 1:
When dealing with "strong" encryption of WiFi networks, you have to setup a WPA or WPA2 configuration.
+
When dealing with "strong" encryption of Wi-Fi networks, you have to setup a WPA or WPA2 configuration.
To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a WPA supplicant.
+
To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a "WPA supplicant".
 
The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it.
 
The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it.
  
{{Note|wpa_supplicant is also able to handle WEP connections}}
+
{{Note|''wpa_supplicant'' is also able to handle WEP or unencrypted connections}}
  
 
==Installation==
 
==Installation==
 +
* Done by default if your board supports Wi-Fi connectivity. Otherwise:
 
<pre class="host">
 
<pre class="host">
 
$ make menuconfig
 
$ make menuconfig
Line 16: Line 17:
 
         [ ]    Enable WPA with EAP
 
         [ ]    Enable WPA with EAP
 
         [*]    Install wpa_cli binary
 
         [*]    Install wpa_cli binary
         [ ]    Install wpa_passphrase binary
+
         [*]    Install wpa_passphrase binary
 
</pre>
 
</pre>
  
 
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.
 
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.
  
You also have to install drivers to make WPA Supplicant work:
+
==Usage==
 +
''wpa_supplicant'' needs a configuration file in ''/etc/wpa_supplicant.conf''.
 +
For your convience a generic ''/etc/wpa_supplicant.conf'' is already installed in the Armadeus BSP (releases > 5.2).
 +
Here is an example (WPA pre-shared key (TKIP)):
 
<pre class="host">
 
<pre class="host">
$ make linux26-menuconfig
+
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
 +
update_config=1
 +
network={
 +
ssid="''SSID''"
 +
scan_ssid=1  # only if ssid is hidden
 +
proto=WPA
 +
key_mgmt=WPA-PSK
 +
pairwise=TKIP
 +
psk="''PASSPHRASE''"
 +
}
 
</pre>
 
</pre>
 
+
You can adapt ''/etc/wpa_supplicant.conf'' manually.
<pre class="config">
+
* If your key needs to be encrypted, use the ''wpa_passphrase'' tool to add your network (SSID/PASSPHRASE) automatically:
Device drivers --->
+
<pre class="apf">
    [*] Network device support  --->
+
  # wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf
            Wireless LAN  --->
+
                [*] Wireless LAN (IEEE 802.11)
+
                <M>  Marvell 8xxx Libertas WLAN driver support
+
                < >    Marvell Livertas 8388 USB 802.11b/g cards
+
                <M>    Marvell Libertas 8385 and 8686 SDIO 802.11b/g cards
+
    <M> MMC/SD/SDIO card support  --->
+
              *** MMC/SD/SDIO Card Drivers ***
+
        <M>  MMC block device driver
+
 
</pre>
 
</pre>
 +
* Be sure to have your Wi-Fi chipset driver loaded:
 +
<pre class="apf">
 +
# modprobe libertas_sdio
 +
or
 +
# modprobe wlcore_sdio
 +
or
 +
# modprobe rt73usb
 +
# modprobe rt2800_usb
 +
# modprobe zd1211rw
 +
# modprobe rtl8187
 +
# modprobe r8712u
 +
...
 +
</pre>
 +
* Bring up the wireless interface:
 +
<pre class="apf">
 +
# ip link set dev wlan0 up
 +
</pre>
 +
or (as you prefer):
 +
<pre class="apf">
 +
# ifconfig wlan0 up
 +
</pre>
 +
* Then you can create the Wi-Fi connection with WPA Supplicant:
 +
<pre class="apf">
 +
# wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B
 +
</pre>
 +
* If you want a script executed each time Wi-Fi Association is done:
 +
<pre class="apf">
 +
# wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
 +
# /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time)
 +
</pre>
 +
* Then you can check your Wi-Fi interface is available:
 +
<pre class="apf">
 +
# iwconfig wlan0
 +
wlan0    IEEE 802.11abgn  ESSID:"xxxx_xxxx" 
 +
          Mode:Managed  Frequency:5.2 GHz  Access Point: 00:xx:xx:xx:xx:xx 
 +
          Bit Rate=24 Mb/s  Tx-Power=20 dBm 
 +
          Retry  long limit:7  RTS thr:off  Fragment thr:off
 +
          Encryption key:off
 +
          Power Management:on
 +
          Link Quality=29/70  Signal level=-81 dBm 
 +
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
 +
          Tx excessive retries:0  Invalid misc:0  Missed beacon:0
  
==Usage==
+
# ifconfig wlan0
wpa_supplicant needs a configuration file in ''/etc/wpa_supplicant.conf''.
+
wlan0    Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx  
Here is an example:
+
          inet addr:192.168.0.20 Bcast:192.168.0.255 Mask:255.255.255.0
  ctrl_interface=/var/run/wpa_supplicant
+
          inet6 addr: 2a01:e35:2e35:f60:219:88ff:fe15:4237/64 Scope:Global
  ctrl_interface_group=wheel
+
          inet6 addr: fe80::219:88ff:fe15:4237/64 Scope:Link
  network={
+
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  ssid="''SSID''"
+
          RX packets:80 errors:0 dropped:0 overruns:0 frame:0
scan_ssid=1
+
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
proto=WPA
+
          collisions:0 txqueuelen:1000
  key_mgmt=WPA-PSK
+
          RX bytes:14238 (13.9 KiB)  TX bytes:2797 (2.7 KiB)
  pairwise=TKIP
+
psk="''PASSPHRASE''"
+
}
+
 
+
Then you have to load the MMC and Libertas SDIO modules:
+
<pre class="host">
+
modprobe mxcmmc
+
sleep 1
+
modprobe libertas_sdio
+
 
</pre>
 
</pre>
  
Finally you can create the Wifi connexion with WPA Supplicant:
+
==Automate things at startup==
 +
===Standard method===
 +
* In default BSP you have a ''/etc/init.d/S40Network'' script which will automatically starts all network interfaces configured in ''/etc/network/interfaces''.
 +
* All you have to do is to add your Wi-Fi interface configuration in ''/etc/network/interfaces'', like for example on [[OPOS6UL]]:
 
<pre class="apf">
 
<pre class="apf">
ifconfig iwlan0 up
+
auto wlan0
# wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -Dwext -B dhclient
+
iface wlan0 inet dhcp
 +
        pre-up modprobe brcmfmac
 +
        pre-up sleep 3
 +
        pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
 
</pre>
 
</pre>
 +
 +
===Other methods===
 +
* You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into ''/etc/init.d/S61wifi'' (do not forget to give it execution rigths with ''chmod a+x /etc/init.d/S61wifi''):
 +
<source lang="bash">
 +
#!/bin/sh
 +
#
 +
# Starts Wi-Fi services
 +
#
 +
# do not forget to update your wpa_supplicant configuration
 +
# wpa_passphrase "mynetworrssid" "mynetworkpassphrase" >> /etc/wpa_supplicant.conf
 +
#
 +
export WIFIDRIVERS=libertas_sdio
 +
case "$1" in
 +
start)
 +
echo "Starting Wi-Fi"
 +
modprobe $WIFIDRIVERS
 +
ip link set dev wlan0 up
 +
wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
 +
wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
 +
;;
 +
 +
stop)
 +
                echo "Stoping Wi-Fi"
 +
wpa_cli -i wlan0 disconnect
 +
wpa_cli -i wlan0 terminate
 +
ip link set dev wlan0 down
 +
rmmod -a $WIFIDRIVERS
 +
;;
 +
 +
restart)
 +
$0 stop
 +
sleep 1
 +
$0 start
 +
;;
 +
 +
*)
 +
echo "Usage: $0 {start|stop|restart}"
 +
exit 1
 +
;;
 +
esac
 +
 +
exit 0
 +
 +
</source>
  
 
==Stop it==
 
==Stop it==
 
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:
 
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:
<pre class="host">
+
<pre class="apf">
wpa_cli terminate
+
# wpa_cli terminate
 
</pre>
 
</pre>
 +
or by using the S61wifi script here above:
  
Then you can unload the MMC and Libertas SDIO modules:
+
<pre class="apf">
<pre class="host">
+
# /etc/init.d/S61wifi stop
modprobe -r mxcmmc
+
modprobe -r libertas_sdio
+
 
</pre>
 
</pre>
  
Line 84: Line 171:
 
[[Category:Wireless]]
 
[[Category:Wireless]]
 
[[Category:Security]]
 
[[Category:Security]]
 +
[[Category:WiFi]]
 +
[[Category:Network]]

Latest revision as of 22:33, 4 May 2023

When dealing with "strong" encryption of Wi-Fi networks, you have to setup a WPA or WPA2 configuration. To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a "WPA supplicant". The most used one on Linux is wpa_supplicant; we will see here how to install and configure it.

Note Note: wpa_supplicant is also able to handle WEP or unencrypted connections


Installation

  • Done by default if your board supports Wi-Fi connectivity. Otherwise:
$ make menuconfig
Package Selection for the target  --->
    Networking  --->
        [*]   wpa_supplicant
        [ ]     Enable WPA with EAP
        [*]     Install wpa_cli binary
        [*]     Install wpa_passphrase binary

EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.

Usage

wpa_supplicant needs a configuration file in /etc/wpa_supplicant.conf. For your convience a generic /etc/wpa_supplicant.conf is already installed in the Armadeus BSP (releases > 5.2). Here is an example (WPA pre-shared key (TKIP)):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
update_config=1
network={
	ssid="''SSID''"
	scan_ssid=1  # only if ssid is hidden
	proto=WPA
	key_mgmt=WPA-PSK
	pairwise=TKIP
	psk="''PASSPHRASE''"
}

You can adapt /etc/wpa_supplicant.conf manually.

  • If your key needs to be encrypted, use the wpa_passphrase tool to add your network (SSID/PASSPHRASE) automatically:
 # wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf
  • Be sure to have your Wi-Fi chipset driver loaded:
 # modprobe libertas_sdio
or
 # modprobe wlcore_sdio
or
 # modprobe rt73usb
 # modprobe rt2800_usb
 # modprobe zd1211rw
 # modprobe rtl8187
 # modprobe r8712u
...
  • Bring up the wireless interface:
 # ip link set dev wlan0 up

or (as you prefer):

 # ifconfig wlan0 up
  • Then you can create the Wi-Fi connection with WPA Supplicant:
 # wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B
  • If you want a script executed each time Wi-Fi Association is done:
 # wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
 # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time)
  • Then you can check your Wi-Fi interface is available:
# iwconfig wlan0
wlan0     IEEE 802.11abgn  ESSID:"xxxx_xxxx"  
          Mode:Managed  Frequency:5.2 GHz  Access Point: 00:xx:xx:xx:xx:xx   
          Bit Rate=24 Mb/s   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
          Link Quality=29/70  Signal level=-81 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx  
          inet addr:192.168.0.20  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: 2a01:e35:2e35:f60:219:88ff:fe15:4237/64 Scope:Global
          inet6 addr: fe80::219:88ff:fe15:4237/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:80 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14238 (13.9 KiB)  TX bytes:2797 (2.7 KiB)

Automate things at startup

Standard method

  • In default BSP you have a /etc/init.d/S40Network script which will automatically starts all network interfaces configured in /etc/network/interfaces.
  • All you have to do is to add your Wi-Fi interface configuration in /etc/network/interfaces, like for example on OPOS6UL:
auto wlan0
iface wlan0 inet dhcp
        pre-up modprobe brcmfmac
        pre-up sleep 3
        pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B

Other methods

  • You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into /etc/init.d/S61wifi (do not forget to give it execution rigths with chmod a+x /etc/init.d/S61wifi):
#!/bin/sh
#
# Starts Wi-Fi services
#
# do not forget to update your wpa_supplicant configuration
# wpa_passphrase "mynetworrssid" "mynetworkpassphrase" >> /etc/wpa_supplicant.conf
# 
export WIFIDRIVERS=libertas_sdio
case "$1" in
	start)
		echo "Starting Wi-Fi"
		modprobe $WIFIDRIVERS
		ip link set dev wlan0 up
		wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
		wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
	;;

	stop)
                echo "Stoping Wi-Fi"
		wpa_cli -i wlan0 disconnect
		wpa_cli -i wlan0 terminate
		ip link set dev wlan0 down
		rmmod -a $WIFIDRIVERS
	;;

	restart)
		$0 stop
		sleep 1
		$0 start
	;;

	*)
		echo "Usage: $0 {start|stop|restart}"
		exit 1
	;;
esac

exit 0

Stop it

To stop WPA Supplicant daemon and switch off the connexion, you can use this command:

 # wpa_cli terminate

or by using the S61wifi script here above:

 # /etc/init.d/S61wifi stop

Links