Difference between revisions of "WPA supplicant"
(→Usage) |
(→Usage) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 24: | Line 24: | ||
==Usage== | ==Usage== | ||
''wpa_supplicant'' needs a configuration file in ''/etc/wpa_supplicant.conf''. | ''wpa_supplicant'' needs a configuration file in ''/etc/wpa_supplicant.conf''. | ||
− | + | For your convience a generic ''/etc/wpa_supplicant.conf'' is already installed in the Armadeus BSP (releases > 5.2). | |
+ | Here is an example (WPA pre-shared key (TKIP)): | ||
<pre class="host"> | <pre class="host"> | ||
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel | ||
Line 30: | Line 31: | ||
network={ | network={ | ||
ssid="''SSID''" | ssid="''SSID''" | ||
− | scan_ssid=1 | + | scan_ssid=1 # only if ssid is hidden |
proto=WPA | proto=WPA | ||
key_mgmt=WPA-PSK | key_mgmt=WPA-PSK | ||
Line 37: | Line 38: | ||
} | } | ||
</pre> | </pre> | ||
− | You can adapt ''/etc/wpa_supplicant.conf'' manually | + | You can adapt ''/etc/wpa_supplicant.conf'' manually. |
+ | * If your key needs to be encrypted, use the ''wpa_passphrase'' tool to add your network (SSID/PASSPHRASE) automatically: | ||
<pre class="apf"> | <pre class="apf"> | ||
# wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf | # wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf | ||
Line 44: | Line 46: | ||
<pre class="apf"> | <pre class="apf"> | ||
# modprobe libertas_sdio | # modprobe libertas_sdio | ||
+ | or | ||
+ | # modprobe wlcore_sdio | ||
or | or | ||
# modprobe rt73usb | # modprobe rt73usb | ||
Line 62: | Line 66: | ||
* Then you can create the Wi-Fi connection with WPA Supplicant: | * Then you can create the Wi-Fi connection with WPA Supplicant: | ||
<pre class="apf"> | <pre class="apf"> | ||
− | # wpa_supplicant - | + | # wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B |
+ | </pre> | ||
+ | * If you want a script executed each time Wi-Fi Association is done: | ||
+ | <pre class="apf"> | ||
# wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh | # wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh | ||
− | # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed | + | # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time) |
</pre> | </pre> | ||
* Then you can check your Wi-Fi interface is available: | * Then you can check your Wi-Fi interface is available: | ||
Line 91: | Line 98: | ||
</pre> | </pre> | ||
− | + | ==Automate things at startup== | |
+ | ===Standard method=== | ||
+ | * In default BSP you have a ''/etc/init.d/S40Network'' script which will automatically starts all network interfaces configured in ''/etc/network/interfaces''. | ||
+ | * All you have to do is to add your Wi-Fi interface configuration in ''/etc/network/interfaces'', like for example on [[OPOS6UL]]: | ||
+ | <pre class="apf"> | ||
+ | auto wlan0 | ||
+ | iface wlan0 inet dhcp | ||
+ | pre-up modprobe brcmfmac | ||
+ | pre-up sleep 3 | ||
+ | pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B | ||
+ | </pre> | ||
+ | |||
+ | ===Other methods=== | ||
+ | * You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into ''/etc/init.d/S61wifi'' (do not forget to give it execution rigths with ''chmod a+x /etc/init.d/S61wifi''): | ||
<source lang="bash"> | <source lang="bash"> | ||
#!/bin/sh | #!/bin/sh | ||
Line 152: | Line 172: | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:WiFi]] | [[Category:WiFi]] | ||
+ | [[Category:Network]] |
Latest revision as of 22:33, 4 May 2023
When dealing with "strong" encryption of Wi-Fi networks, you have to setup a WPA or WPA2 configuration. To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a "WPA supplicant". The most used one on Linux is wpa_supplicant; we will see here how to install and configure it.
Contents
Installation
- Done by default if your board supports Wi-Fi connectivity. Otherwise:
$ make menuconfig
Package Selection for the target ---> Networking ---> [*] wpa_supplicant [ ] Enable WPA with EAP [*] Install wpa_cli binary [*] Install wpa_passphrase binary
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.
Usage
wpa_supplicant needs a configuration file in /etc/wpa_supplicant.conf. For your convience a generic /etc/wpa_supplicant.conf is already installed in the Armadeus BSP (releases > 5.2). Here is an example (WPA pre-shared key (TKIP)):
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel update_config=1 network={ ssid="''SSID''" scan_ssid=1 # only if ssid is hidden proto=WPA key_mgmt=WPA-PSK pairwise=TKIP psk="''PASSPHRASE''" }
You can adapt /etc/wpa_supplicant.conf manually.
- If your key needs to be encrypted, use the wpa_passphrase tool to add your network (SSID/PASSPHRASE) automatically:
# wpa_passphrase "mynetworkSSID" "mynetworkPASSPHRASE" >> /etc/wpa_supplicant.conf
- Be sure to have your Wi-Fi chipset driver loaded:
# modprobe libertas_sdio or # modprobe wlcore_sdio or # modprobe rt73usb # modprobe rt2800_usb # modprobe zd1211rw # modprobe rtl8187 # modprobe r8712u ...
- Bring up the wireless interface:
# ip link set dev wlan0 up
or (as you prefer):
# ifconfig wlan0 up
- Then you can create the Wi-Fi connection with WPA Supplicant:
# wpa_supplicant -Dnl80211 -i wlan0 -c /etc/wpa_supplicant.conf -B
- If you want a script executed each time Wi-Fi Association is done:
# wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh # /etc/wpa_supplicant/wpa_cli-action.sh wlan0 CONNECTED # to force ip renewal if needed (first time)
- Then you can check your Wi-Fi interface is available:
# iwconfig wlan0 wlan0 IEEE 802.11abgn ESSID:"xxxx_xxxx" Mode:Managed Frequency:5.2 GHz Access Point: 00:xx:xx:xx:xx:xx Bit Rate=24 Mb/s Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on Link Quality=29/70 Signal level=-81 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 # ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:192.168.0.20 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: 2a01:e35:2e35:f60:219:88ff:fe15:4237/64 Scope:Global inet6 addr: fe80::219:88ff:fe15:4237/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14238 (13.9 KiB) TX bytes:2797 (2.7 KiB)
Automate things at startup
Standard method
- In default BSP you have a /etc/init.d/S40Network script which will automatically starts all network interfaces configured in /etc/network/interfaces.
- All you have to do is to add your Wi-Fi interface configuration in /etc/network/interfaces, like for example on OPOS6UL:
auto wlan0 iface wlan0 inet dhcp pre-up modprobe brcmfmac pre-up sleep 3 pre-up wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
Other methods
- You can also choose to use a custom startup script. Here is an init script example, to adapt to your Wi-Fi driver (update WIFIDRIVERS in the source) and to place into /etc/init.d/S61wifi (do not forget to give it execution rigths with chmod a+x /etc/init.d/S61wifi):
#!/bin/sh
#
# Starts Wi-Fi services
#
# do not forget to update your wpa_supplicant configuration
# wpa_passphrase "mynetworrssid" "mynetworkpassphrase" >> /etc/wpa_supplicant.conf
#
export WIFIDRIVERS=libertas_sdio
case "$1" in
start)
echo "Starting Wi-Fi"
modprobe $WIFIDRIVERS
ip link set dev wlan0 up
wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
wpa_cli -B -a /etc/wpa_supplicant/wpa_cli-action.sh
;;
stop)
echo "Stoping Wi-Fi"
wpa_cli -i wlan0 disconnect
wpa_cli -i wlan0 terminate
ip link set dev wlan0 down
rmmod -a $WIFIDRIVERS
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
Stop it
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:
# wpa_cli terminate
or by using the S61wifi script here above:
# /etc/init.d/S61wifi stop