Linux Wireless Network Configuration tool Wpa_supplicant and Wireless-tools

Content:

• Introduced
• WPA supplicant
• Wireless Tools
• Network configuration for each Essid

4.a. Introduced

You can now configure your wireless network using the wireless-tools or wpa_supplicant tools we provide. Keep in mind that the important thing is that your wireless network configuration is global, not specific to the interface.

Wpa_supplicant is one of the best options, but the downside is that it doesn't support all drivers. Please browse the Wpa_supplicant website for the list of drivers it supports. In addition,Wpa_supplicant currently can only connect to those wireless networks that you have configured for Essid.

Wireless-tools supports almost all wireless cards and drivers, but it cannot connect to those APs that only support WPA.

Warning: because the linux-wlan-ng driver has its own unique installation and configuration method and is completely different from other software, it is currently not supported by Baselayout. Rumor has it that linux-wlan-ng developers are going to change the way it's set to wireless-tools -You can use Linux-wlan-ng in Baselayout. up.

4.b. WPA supplicant

The WPA supplicant Toolkit allows you to connect to those APs that use WPA. Because it's just a beta version, the way it's configured is still constantly changing-even though it's already working well in most cases.

Code Listing 2.1: Installing Wpa_supplicant

# emerge Net-wireless/wpa_supplicant

Important: to make wpa_supplicant work properly, you must open Config_packet support in the kernel.

Now we need to configure the /etc/conf.d/net file so that we can choose to use wpa_supplicant instead of Wireless-tools(both are installed in the system, wireless-toolsis used by default).

Code Listing 2.2: Configuring Wpa_supplicant in/etc/conf.d/net

# use Wpa_supplicant instead of Wireless-tools modules= ("Wpa_supplicant") # because Wpa_supplicant is not a very good auto-detection driver, so we need to specify the driver we are using. wpa_supplicant_eth0= "-dmadwifi"

Note: If you are using the Host-ap driver, you first set the wireless device card to managed mode so that you can work properly with wpa_supplicant . You can do this by setting iwconfig_eth0= "mode managed" in /etc/conf.d/net .

It looks simple, doesn't it? However, we also need to configure the wpa_supplicant itself, which will be more cumbersome, depending on the level of security of the AP you are connecting to. The following example is extracted from the /usr/share/doc/wpa_supplicant-/wpa_supplicant.conf.gz and simplified, and this file is derived from the wpa_supplicant package.

Code Listing 2.3: an example of a/etc/wpa_supplicant/wpa_supplicant.conf

# Please do not modify the following line of content, otherwise it will not work properly Ctrl_interface=/var/run/wpa_supplicant # Ensure that only the root user can read the configuration of WPA Ctrl_interface_group=0 # Use Wpa_supplicant to scan and select APS Ap_scan=1 # simple case: Wpa-psk Password authentication method, PSK is an ASCII passphrase, all legitimate encryption methods allow connection network={ Ssid= "Simple" Psk= "Very secret passphrase" # The higher the priority, the sooner it can be matched. Priority=5 } # Same as previous settings, but requires scan of specific SSID (for APS that refuse to broadcast SSID) network={ Ssid= "Second SSID" Scan_ssid=1 Psk= "Very secret passphrase" priority=2 } # Use only WPA-PSK mode. Allows any combination of legitimate encryption methods to be used network={ Ssid= "Example" Proto=wpa Key_mgmt=wpa-psk PAIRWISE=CCMP TKIP group=ccmp TKIP WEP104 WEP40 Psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb priority=2 } # Clear Text connection (not using WPA and IEEE802.1X) network={ Ssid= "Plaintext-test" Key_mgmt=none } # Shared WEP key connection mode (without WPA and IEEE802.1X) network={ Ssid= "Static-wep-test" Key_mgmt=none # Quotes contain keys that are ASCII keys wep_key0= "ABCDE" # No quotes contain keys that are hexadecimal keys wep_key1=0102030405 Wep_key2= "1234567890123" Wep_tx_keyidx=0 Priority=5 } # Shared WEP key connection mode (no WPA and ieee802.1x), using shared Key IEEE802.11 authentication method network={ Ssid= "Static-wep-test2" Key_mgmt=none wep_key0= "ABCDE" wep_key1=0102030405 Wep_key2= "1234567890123" Wep_tx_keyidx=0 Priority=5 Auth_alg=shared } # using WPA-NONE/TKIP in the Ibss/ad-hoc network network={ ssid= "Test Adhoc" Mode=1 Proto=wpa Key_mgmt=wpa-none Pairwise=none Group=tkip Psk= "Secret Passphrase" }

4.c. Wireless Tools

Initial setup and Management mode

Wireless Tools provides a common way to set up a wireless network interface up to the WEP security level. Although WEP is a weak security approach, it is also the most commonly used encryption method.

The configuration of Wireless tools is controlled by several major variables, and the following configuration file examples describe everything you need to know. The thing to keep in mind is that the configuration of "connect to unencrypted and strongest APS" does not exist-but we will try and help you connect to an AP.

Code Listing 3.1: Installing Wireless-tools

# emerge Net-wireless/wireless-tools

Note: Although you can save your wireless settings in /etc/conf.d/wireless , this Guide recommends that you save them in /etc/conf.d/net .

Important: you will need to refer to the document variable name.

Code & nbsp;3.2: Example of configuring Iwconfig in/etc/conf.d/net

# use Iwconfig instead of Wpa_supplicant modules= ("Iwconfig") # Configure the WEP key for APS named ESSID1 and ESSID2 # You can configure up to 4 WEP keys, but only 1 of them work at any one time. # So we provide a default subscript [1] to set the key [1], followed by setting the activity key to [1]. # We're doing this in case you let other Essid use a WEP key other than [1]. The # # key plus the prefix s: means that it is an ASCII key, otherwise it is a 16 binary key. # # ENC open specifies open security (most secure) # ENC restricted specify restricted security (less secure) key_essid1= "[1] s:yourkeyhere key [1] ENC op En " key_essid2=" [1] aaaa-bbbb-cccc-dd key [1] enc restricted " # The following only works when we scan available APS # Sometimes there are multiple APS visible, so we need to specify a preferred connection order. preferred_aps= ("ESSID1" "ESSID2")

Fine-Tuned AP Selection

You can add some additional options to fine-tune the selection of APS, but this is not normally required.

You can decide whether to connect only the preferred APs. By default, when a connection to all APS listed in the configuration fails, the system will connect to it if there is a non-encrypted AP in the environment. This behavior can be controlled using the associate_order variable. The following gives a list of related values and how they control the selection of APS.

td> only the visible APs in the preferred list are connected

value	description
any	default behavior
preferredonly
forcepreferred	Follow in the preferred list
forcepreferredonly	do not sweep Attempt to connect directly to the AP
forceany	and forcepreferred , plus connect to any other available APS

Finally, we offer a selection of blacklist_aps and unique_ap . Blacklist_aps Works the same way as preferred_aps . Unique_ap is a value of Yes or no , which determines whether two wireless interfaces are allowed to access an AP at the same time.

Examples of code 3.3:blacklist_aps and Unique_ap

# Sometimes you don't want to connect to some APS at all blacklist_aps= ("ESSID3" "ESSID4") #如果您有多个无线网卡, you can decide whether to allow each card to connect to the same wireless AP # The value you can take is "yes" or "no" # The default setting is "Yes" unique_ap= "Yes"

Ad-hoc and Master modes

When you cannot connect to any APS in admin mode, you can also set your own device as a Ad-hoc node.

Code Listing 3.4: Switching to Ad-hoc mode after failure

Adhoc_essid_eth0= "This adhoc Node"

So, how do you connect to the Ad-hoc network, or simply run in master mode to make yourself a wireless access point? There is such a setting! You may need to specify the WEP key as described earlier in this chapter.

Code & Example of Nbsp;3.5:ad-hoc/master configuration

# setting mode is managed (default), Ad-hoc, or master. Not all devices support all modes. mode_eth0= "Ad-hoc" # set interface Essid # in Managed mode, This will force this interface to only attempt to connect to a specific Essid. essid_eth0= "This adhoc Node" # specifies the channel used, otherwise channel 3 will be used by default. channel_eth0= "9"

Important: The following is a verbatim copy of the BSD WaveLAN document from the NetBSD documentation. There are currently 14 channels available, 1-11 channels are legal in North America, and channel 1-13 is in most of Europe, channel 10-13 in France, and channel 14 is only allowed in Japan. If in doubt, refer to the instructions that came with the wireless card you purchased or the AP. Make sure to adjust your wireless card to use the same channel as the AP (or another wireless card working in Ad-hoc mode). By default, wireless cards sold in North America and most parts of Europe use Channel 3, Channel 11 is used in France, channel 14 is used in Japan.

Wireless Tools Troubleshooting

Some of the environment or driver problems may make the wireless network does not work properly, the following table gives some variables, may help you solve the problem.

Parameters	Default value	Describe
Iwconfig_eth0		Please refer to iwconfig 's man page for iwconfig parameters
Iwpriv_eth0		See Iwpriv 's man pages to learn about the iwpriv parameters
Sleep_scan_eth0	0	The sleep time (in seconds) before the scan was attempted. This value is set when the driver/firmware takes time to activate.
Sleep_associate_eth0	5	The number of seconds the wireless network tries to connect to the AP, and the time-out turns to the next AP.
Associate_test_eth0	Mac	Some drivers do not reset the MAC address of an invalid AP when they lose their connection or attempt to connect, while some drivers do not reset the quality level when they encounter these conditions. The valid settings here are MAC,quality and all.
Scan_mode_eth0		Some drivers must be scanned in Ad-hoc mode, so if the scan fails, try setting this variable to ad-hoc
Iwpriv_scan_pre_eth0		Send some iwpriv commands to the interface before scanning. See Iwpriv's man page for more details.
Iwpriv_scan_post_eth0		Send some iwpriv commands to the interface after scanning. See Iwpriv's man page for more details.

4.d. Network configuration for each Essid

Sometimes, you need to connect ESSID1 with a fixed IP and connect ESSID2 to use DHCP. In fact, most module variables can be defined for each Essid. Here we give a concrete approach.

Note: These settings only work if you are using WPA supplicant or wireless tools.

Important: you will need to refer to the document variable name.

Code & nbsp;4.1: Overrides the configuration of each Essid

config_essid1= ("192.168.0 .3/24 BRD 192.168.0.255 ") routes_essid1= (" default via 192.168.0.1 ") config_essid2= (" DHCP ") Fallback_ Essid2= ("192.168.3.4/24") fallback_route_essid2= ("default via 192.168.3.1") # We can define DNS servers and some other things # Note: DHCP overrides these settings unless we ask it not to overwrite dns_servers_essid1= ("192.168.0.1" "192.168.0.2" dns_domain_essid1= "Some.domain" dns_search_domains_essid1= "Search.this.domain search.that.domain" # overrides related settings based on the MAC address of the wireless AP # This is useful in situations where there are same essid in different locations Config_ 001122334455= ("DHCP") dhcpcd_001122334455= "-T-ten" dns_servers_001122334455= ("192.168.0.1" "192.168.0.2")

Linux Wireless Network Configuration tool wpa_supplicant and Wireless-tools