[Linux-ivv4] wireless WPA
David Vernazobres
dv at uni-muenster.de
Don Apr 19 12:36:28 CEST 2007
Hallo Linux-Liste,
Wie vorhin in der Sitzung versprochen, schicke ich unsere wpa_supplicant
instruktion für das "uni-ms" Funknetzwerk.
Viele Grüße,
David Vernazobres
--
David VERNAZOBRES, PhD student | dv at uni-muenster.de
Division of Bioinformatics, University of Muenster | Schlossplatz 4
(+49)(251)8321635 | D48149 Muenster
http://www.uni-muenster.de/Evolution.ebb/ | Germany
-------------- nächster Teil --------------
Title: Using Uni-Muenster Wireless LAN with WPA and wpa_supplicant
Contents:
1) Prerequisites
1.1 Linux kernel
1.2 wpasupplicant version
2) WPA configuration for Uni-Muenster usage only
2.1 wpa_supplicant configuration
2.2 Configure the interfaces
2.3 Starting / closing the wireless:
3) WPA configuration for any networks (roaming)
3.1 wpa_supplicant configuration
3.2 Configure the interfaces
3.3 Starting / closing the wireless
3.4 Adding additional networks
4) Links
5) Appendix:
Instruction for all distribution based on Debian (Ubuntu).
Instruction for others distribution
Most common problems
6) Authors
The access to the Uni wireless is done using the wpa_supplicant package. We
have only figured out the manual configuration via configuration files,
requiring root privileges. Possibly, a simpler solution exists using
wpa_gui or the GNOME network management. We will update this document if
such information becomes available.
1) Prerequisites
1.1 Linux kernel version 2.6.14 or higher
You can find out your kernel version with
uname -a
1.2 wpasupplicant version 0.6.0, preferably CVS|GIT.
This branch is still in development (see "Appendix")
The wpasupplicant package from Debian / stable (etch), Ubuntu / dapper
(Ubuntu version 6.06) or Ubuntu / edgy (Ubuntu version 6.10) does not work.
The working Debian packages is now in unstable (19th April 2007). It will
be available in Debian / testing (lenny) in the beginning of May 2007.
Make sure that you have the right wpasupplicant package (check the
version!):
# Debian systems:
apt-cache policy wpasupplicant
apt-cache show wpasupplicant
# RPM systems (RedHat, SuSE):
rpm -qi wpa_supplicant
2) WPA configuration for Uni-Muenster usage only
This configuration is simpler, but it makes wireless to work only for the
Uni-Muenster network. That is, in an alien environment (e.g. airport) you
will not be able to use your wireless.
2.1. wpa_supplicant configuration
You need to edit the file /etc/wpa_supplicant/wpa_supplicant.conf and
enter the following:
---------------------->8-----
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
fast_reauth=1
network={
ssid="uni-ms"
key_mgmt=WPA-EAP
proto=WPA2
pairwise=CCMP
group=CCMP
eap=PEAP
identity="username"
password="password"
}
---------------------->8-----
Replace "username" with your username and "password" with your net
password ("Netzwerkzugangspasswort").
Note: only one wireless device will be able to access the wireless at a
given time with the given username or password. That is, if you use it
on two laptops, they will not be able to access network at the same time.
2.2 Configure the interfaces
The below works for Debian/Ubuntu. No idea what you have to do on
SuSE/RedHat:
Edit /etc/network/interfaces
Enter the following:
---------------------->8-----
iface eth1 inet dhcp
wpa-driver wext
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
---------------------->8-----
Note: out-comment (precede with a '#' character) any other iface entries
relating to eth1, assuming that eth1 is your wireless interface.
Note: "wpa-driver wext" You will need to pick the right wpa-driver
values. Available values are list in link[1]. The wext driver is the
default, and you should be able to use it with modern laptops with no
problems. Users with the madwifi drivers (atheros chip) need to read
carefully the madwifi section in link[1].
2.3. Starting / closing the wireless:
To start the wireless, enter as root
ifup eth1
To close the wireless, enter as root
ifdown eth1
3) WPA configuration for "roaming"
In this configuration, any network other than uni-ms will also be
accessible. However, there are two issues:
- the configuration is more troublesome
- the usage is more complicated
3.1. The wpa_supplicant configuration
You need to edit the file /etc/wpa_supplicant/wpa_supplicant.conf and
enter the following:
----%<----->%----
# uni-ms WPA-CCMP/WPA2-TKIP using PEAP
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
fast_reauth=1
# association with open network
# wpa roaming daemon will call "ifup default"
network={
ssid=""
key_mgmt=NONE
}
# association with AES on uni-ms
# wpa roaming daemon will call "ifup aes_uni_ms"
network={
id_str="aes_uni_ms"
ssid="uni-ms"
key_mgmt=WPA-EAP
proto=WPA2
pairwise=CCMP
group=CCMP
eap=PEAP
identity="username"
password="password"
}
# association with tkip on uni-ms
# wpa roaming daemon will call "ifup tkip_uni_ms"
network={
id_str="tkip_uni_ms"
ssid="uni-ms"
key_mgmt=WPA-EAP
proto=WPA
pairwise=TKIP
group=TKIP
eap=PEAP
identity="username"
password="password"
}
----%<----->%----
Replace "username" with your username and "password" with your net
password ("Netzwerkzugangspasswort").
3.2 Configure the interfaces
Edit /etc/network/interfaces
Enter the following:
----%<----->%----
iface eth1 inet manual
wireless-mode Managed
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
iface tkip_uni_ms inet dhcp
iface aes_uni_ms inet dhcp
----%<----->%----
Note: out-comment (precede with a '#' character) any other iface entries
relating to eth1, assuming again that eth1 is your wireless interface.
Note: "wpa-driver wext" You will need to pick the right wpa-driver
values. Available values are list in link[1]. The wext driver is the
default, and you should be able to use it with modern laptops with no
problems. Users with the madwifi drivers (atheros chip) need to read
carefully the madwifi section in link[1].
3.3. Starting / closing the wireless:
To start the wireless, enter as root
ifup eth1
once started, the wireless daemon from wpasupplicant has taken over the
ifup/ifdown interface. It will automatically call ifup/ifdown when a
network is discovered. From now on, you should not use ifup/ifdown.
Instead, you need to use wpa_action. For example, to stop the eth1, you
need to issue (as root)
wpa_action eth1 stop
[ Note: on Debian lenny, an ifdown eth1 is also working. But this
functionality is provided by some Debian script. ]
You can follow the wpa-authentication with the following command:
wap_cli status
Note: To simplify the day to day work with the wireless, you can use
the sudo command on ifup|ifdown, wpa_action, wpa_cli, wpa_gui. See the
sudo manual.
3.5 Adding additional networks
The above configuration allows you to browse through three networks:
(i) any network with no authentication (anything goes)
(ii) the uni-ms network with AES authentication, which is preferred
over the TKIP authentication
(iii) the uni-ms network with TKIP authentication (in case there are
problems with the AES authentication; the Uni provides both methods)
If you wish to add another configuration, for example a network at home
with ssid "myhome" and a static network address, you need to first edit
the file /etc/wpa_supplicant/wpa_supplicant.conf and add the following:
----%<----->%----
network={
ssid="myhome"
# this id_str will notify /sbin/wpa_action to 'ifup home_static'
id_str="home_static"
# psk is your private secure key
psk=123456789...
}
----%<----->%----
Then you need to modify /etc/network/interfaces. Add the logical
interface "home_static" with the parameters of your network at home, for
example:
----%<----->%----
# id_str="home_static"
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
----%<----->%----
Now, when the roaming client detects the network with ssid "myhome", it
automatically calls ifup on home_static.
4) Links
[1]: http://hostap.epitest.fi/wpa_supplicant/
[2]: http://manual.sidux.com/en/internet-connecting-wpa-en.htm
5) Appendix:
+ Instruction for all distribution based on Debian.
(Ubuntu, Knoppix, Kanotix,...)
If your WPA package is too old, you can just compile it from source,
using the Debian package (available from http://packages.debian.org/
and search for wpasupplicant in all release.)
unpack the source and build the package.
apt-get install build-essential
untar the archive, and cd to the directory.
dpkg-buildpackage -rfakeroot -us -uc
Package for Ubuntu/dapper and Ubuntu/Edgy were build successfully.
+ If not source are available for your distribution, you will need to
download the source available from the link[1].
You can either take a Snapshot releases archive or download it using,
the CVS or the GIT versioning system.
+ Most common problems
* Most of problem with a not working wpa authentication, appears when
several wpa_supplicant daemon are running on the computers. You need
to used the wpa_action to stop all the wpa_supplicant daemon. When all
wpa_supplicant daemon are stop, start again with an ifup eth1 cycle.
* In theory, you do not need to do it (apart with some buggy driver).
If you want to relaunched the wpa association,
wpa_cli reassociation
* For more information, see the manual pages for wpa_cli and wpa_action.
6) Authors
David Vernazobres <dv at uni-muenster.de>
January Weiner <january at uni-muenster.de>
Institute for Evolution and Biodiversity.
Evolution of Biopolymers and Biochemical Pathways