Difference between revisions of "WPA supplicant"
(→Usage) |
|||
(26 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | When dealing with "strong" encryption of | + | When dealing with "strong" encryption of Wi-Fi networks, you have to setup a WPA or WPA2 configuration. |
− | To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a WPA supplicant. | + | To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a "WPA supplicant". |
The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it. | The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it. | ||
− | {{Note|wpa_supplicant is also able to handle WEP connections}} | + | {{Note|''wpa_supplicant'' is also able to handle WEP or unencrypted connections}} |
==Installation== | ==Installation== | ||
+ | * Done by default if your board supports Wi-Fi connectivity. Otherwise: | ||
<pre class="host"> | <pre class="host"> | ||
$ make menuconfig | $ make menuconfig | ||
Line 16: | Line 17: | ||
[ ] Enable WPA with EAP | [ ] Enable WPA with EAP | ||
[*] Install wpa_cli binary | [*] Install wpa_cli binary | ||
− | [ ] Install wpa_passphrase binary | + | [*] Install wpa_passphrase binary |
</pre> | </pre> | ||
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server. | EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server. | ||
− | + | ==Usage== | |
+ | ''wpa_supplicant'' needs a configuration file in ''/etc/wpa_supplicant.conf''. | ||
+ | For your convience a generic ''/etc/wpa_supplicant.conf'' is already installed in the Armadeus BSP (releases > 5.2). | ||
+ | Here is an example (WPA pre-shared key (TKIP)): | ||
<pre class="host"> | <pre class="host"> | ||
− | + | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel | |
+ | update_config=1 | ||
+ | network={ | ||
+ | ssid="''SSID''" | ||
+ | scan_ssid=1 # only if ssid is hidden | ||
+ | proto=WPA | ||
+ | key_mgmt=WPA-PSK | ||
+ | pairwise=TKIP | ||
+ | psk="''PASSPHRASE''" | ||
+ | } | ||
</pre> | </pre> | ||
− | + | You can adapt ''/etc/wpa_supplicant.conf'' manually. | |
− | <pre class=" | + | * If your key needs to be encrypted, use the ''wpa_passphrase'' tool to add your network (SSID/PASSPHRASE) automatically: |
− | + | <pre class="apf"> | |
− | + | # wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
</pre> | </pre> | ||
+ | * Be sure to have your Wi-Fi chipset driver loaded: | ||
+ | <pre class="apf"> | ||
+ | # modprobe libertas_sdio | ||
+ | or | ||
+ | # modprobe wlcore_sdio | ||
+ | or | ||
+ | # modprobe rt73usb | ||
+ | # modprobe rt2800_usb | ||
+ | # modprobe zd1211rw | ||
+ | # modprobe rtl8187 | ||
+ | # modprobe r8712u | ||
+ | ... | ||
+ | </pre> | ||
+ | * Bring up the wireless interface: | ||
+ | <pre class="apf"> | ||
+ | # ip link set dev wlan0 up | ||
+ | </pre> | ||
+ | or (as you prefer): | ||
+ | <pre class="apf"> | ||
+ | # ifconfig wlan0 up | ||
+ | </pre> | ||
+ | * Then you can create the Wi-Fi connection with WPA Supplicant: | ||
+ | <pre class="apf"> | ||
+ | # wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B | ||
+ | </pre> | ||
+ | * If you want a script executed each time Wi-Fi Association is done: | ||
+ | <pre class="apf"> | ||
+ | # wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh | ||
+ | # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time) | ||
+ | </pre> | ||
+ | * Then you can check your Wi-Fi interface is available: | ||
+ | <pre class="apf"> | ||
+ | # iwconfig wlan0 | ||
+ | wlan0 IEEE 802.11abgn ESSID:"xxxx_xxxx" | ||
+ | Mode:Managed Frequency:5.2 GHz Access Point: 00:xx:xx:xx:xx:xx | ||
+ | Bit Rate=24 Mb/s Tx-Power=20 dBm | ||
+ | Retry long limit:7 RTS thr:off Fragment thr:off | ||
+ | Encryption key:off | ||
+ | Power Management:on | ||
+ | Link Quality=29/70 Signal level=-81 dBm | ||
+ | Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 | ||
+ | Tx excessive retries:0 Invalid misc:0 Missed beacon:0 | ||
− | + | # ifconfig wlan0 | |
− | + | wlan0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx | |
− | + | inet addr:192.168.0.20 Bcast:192.168.0.255 Mask:255.255.255.0 | |
− | + | inet6 addr: 2a01:e35:2e35:f60:219:88ff:fe15:4237/64 Scope:Global | |
− | + | inet6 addr: fe80::219:88ff:fe15:4237/64 Scope:Link | |
− | + | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | |
− | + | RX packets:80 errors:0 dropped:0 overruns:0 frame:0 | |
− | + | TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 | |
− | + | collisions:0 txqueuelen:1000 | |
− | + | RX bytes:14238 (13.9 KiB) TX bytes:2797 (2.7 KiB) | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
</pre> | </pre> | ||
− | + | ==Automate things at startup== | |
+ | ===Standard method=== | ||
+ | * In default BSP you have a ''/etc/init.d/S40Network'' script which will automatically starts all network interfaces configured in ''/etc/network/interfaces''. | ||
+ | * All you have to do is to add your Wi-Fi interface configuration in ''/etc/network/interfaces'', like for example on [[OPOS6UL]]: | ||
<pre class="apf"> | <pre class="apf"> | ||
− | + | auto wlan0 | |
− | + | iface wlan0 inet dhcp | |
+ | pre-up modprobe brcmfmac | ||
+ | pre-up sleep 3 | ||
+ | pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B | ||
</pre> | </pre> | ||
+ | |||
+ | ===Other methods=== | ||
+ | * You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into ''/etc/init.d/S61wifi'' (do not forget to give it execution rigths with ''chmod a+x /etc/init.d/S61wifi''): | ||
+ | <source lang="bash"> | ||
+ | #!/bin/sh | ||
+ | # | ||
+ | # Starts Wi-Fi services | ||
+ | # | ||
+ | # do not forget to update your wpa_supplicant configuration | ||
+ | # wpa_passphrase "mynetworrssid" "mynetworkpassphrase" >> /etc/wpa_supplicant.conf | ||
+ | # | ||
+ | export WIFIDRIVERS=libertas_sdio | ||
+ | case "$1" in | ||
+ | start) | ||
+ | echo "Starting Wi-Fi" | ||
+ | modprobe $WIFIDRIVERS | ||
+ | ip link set dev wlan0 up | ||
+ | wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B | ||
+ | wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh | ||
+ | ;; | ||
+ | |||
+ | stop) | ||
+ | echo "Stoping Wi-Fi" | ||
+ | wpa_cli -i wlan0 disconnect | ||
+ | wpa_cli -i wlan0 terminate | ||
+ | ip link set dev wlan0 down | ||
+ | rmmod -a $WIFIDRIVERS | ||
+ | ;; | ||
+ | |||
+ | restart) | ||
+ | $0 stop | ||
+ | sleep 1 | ||
+ | $0 start | ||
+ | ;; | ||
+ | |||
+ | *) | ||
+ | echo "Usage: $0 {start|stop|restart}" | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | </source> | ||
==Stop it== | ==Stop it== | ||
To stop WPA Supplicant daemon and switch off the connexion, you can use this command: | To stop WPA Supplicant daemon and switch off the connexion, you can use this command: | ||
− | <pre class=" | + | <pre class="apf"> |
− | wpa_cli terminate | + | # wpa_cli terminate |
</pre> | </pre> | ||
+ | or by using the S61wifi script here above: | ||
− | + | <pre class="apf"> | |
− | <pre class=" | + | # /etc/init.d/S61wifi stop |
− | + | ||
− | + | ||
</pre> | </pre> | ||
Line 84: | Line 171: | ||
[[Category:Wireless]] | [[Category:Wireless]] | ||
[[Category:Security]] | [[Category:Security]] | ||
+ | [[Category:WiFi]] | ||
+ | [[Category:Network]] |
Latest revision as of 22:33, 4 May 2023
When dealing with "strong" encryption of Wi-Fi networks, you have to setup a WPA or WPA2 configuration. To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a "WPA supplicant". The most used one on Linux is wpa_supplicant; we will see here how to install and configure it.
Contents
Installation
- Done by default if your board supports Wi-Fi connectivity. Otherwise:
$ make menuconfig
Package Selection for the target ---> Networking ---> [*] wpa_supplicant [ ] Enable WPA with EAP [*] Install wpa_cli binary [*] Install wpa_passphrase binary
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.
Usage
wpa_supplicant needs a configuration file in /etc/wpa_supplicant.conf. For your convience a generic /etc/wpa_supplicant.conf is already installed in the Armadeus BSP (releases > 5.2). Here is an example (WPA pre-shared key (TKIP)):
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel update_config=1 network={ ssid="''SSID''" scan_ssid=1 # only if ssid is hidden proto=WPA key_mgmt=WPA-PSK pairwise=TKIP psk="''PASSPHRASE''" }
You can adapt /etc/wpa_supplicant.conf manually.
- If your key needs to be encrypted, use the wpa_passphrase tool to add your network (SSID/PASSPHRASE) automatically:
# wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf
- Be sure to have your Wi-Fi chipset driver loaded:
# modprobe libertas_sdio or # modprobe wlcore_sdio or # modprobe rt73usb # modprobe rt2800_usb # modprobe zd1211rw # modprobe rtl8187 # modprobe r8712u ...
- Bring up the wireless interface:
# ip link set dev wlan0 up
or (as you prefer):
# ifconfig wlan0 up
- Then you can create the Wi-Fi connection with WPA Supplicant:
# wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B
- If you want a script executed each time Wi-Fi Association is done:
# wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time)
- Then you can check your Wi-Fi interface is available:
# iwconfig wlan0 wlan0 IEEE 802.11abgn ESSID:"xxxx_xxxx" Mode:Managed Frequency:5.2 GHz Access Point: 00:xx:xx:xx:xx:xx Bit Rate=24 Mb/s Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on Link Quality=29/70 Signal level=-81 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 # ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:192.168.0.20 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: 2a01:e35:2e35:f60:219:88ff:fe15:4237/64 Scope:Global inet6 addr: fe80::219:88ff:fe15:4237/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14238 (13.9 KiB) TX bytes:2797 (2.7 KiB)
Automate things at startup
Standard method
- In default BSP you have a /etc/init.d/S40Network script which will automatically starts all network interfaces configured in /etc/network/interfaces.
- All you have to do is to add your Wi-Fi interface configuration in /etc/network/interfaces, like for example on OPOS6UL:
auto wlan0 iface wlan0 inet dhcp pre-up modprobe brcmfmac pre-up sleep 3 pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
Other methods
- You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into /etc/init.d/S61wifi (do not forget to give it execution rigths with chmod a+x /etc/init.d/S61wifi):
#!/bin/sh
#
# Starts Wi-Fi services
#
# do not forget to update your wpa_supplicant configuration
# wpa_passphrase "mynetworrssid" "mynetworkpassphrase" >> /etc/wpa_supplicant.conf
#
export WIFIDRIVERS=libertas_sdio
case "$1" in
start)
echo "Starting Wi-Fi"
modprobe $WIFIDRIVERS
ip link set dev wlan0 up
wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
;;
stop)
echo "Stoping Wi-Fi"
wpa_cli -i wlan0 disconnect
wpa_cli -i wlan0 terminate
ip link set dev wlan0 down
rmmod -a $WIFIDRIVERS
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
Stop it
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:
# wpa_cli terminate
or by using the S61wifi script here above:
# /etc/init.d/S61wifi stop