source: networking/netprogs/wpa_supplicant.xml@ 5bc57bb

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY wpa_supplicant-download-http
           "http://hostap.epitest.fi/releases/wpa_supplicant-&wpa_supplicant-version;.tar.gz">
  <!ENTITY wpa_supplicant-download-ftp  " ">
  <!ENTITY wpa_supplicant-md5sum        "238e8e888bbd558e1a57e3eb28d1dd07">
  <!ENTITY wpa_supplicant-size          "2.3 MB">
  <!ENTITY wpa_supplicant-buildsize     "26 MB">
  <!ENTITY wpa_supplicant-time          "0.2 SBU">
]>

<sect1 id="wpa_supplicant" xreflabel="wpa_supplicant-&wpa_supplicant-version;">
  <?dbhtml filename="wpa_supplicant.html"?>

  <sect1info>
    <othername>$LastChangedBy$</othername>
    <date>$Date$</date>
  </sect1info>

  <title>wpa_supplicant-&wpa_supplicant-version;</title>

  <indexterm zone="wpa_supplicant">
    <primary sortas="a-wpa_supplicant">wpa_supplicant</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to WPA Supplicant</title>

    <para>
      <application>WPA Supplicant</application> is a Wi-Fi Protected Access
      (WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation
      with a WPA Authenticator and Extensible Authentication Protocol (EAP)
      authentication with an Authentication Server. In addition, it controls the
      roaming and IEEE 802.11 authentication/association of the wireless LAN
      driver. This is useful for connecting to a password protected wireless
      access point.
    </para>

    &lfs75_checked;

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Download (HTTP): <ulink url="&wpa_supplicant-download-http;"/>
        </para>
      </listitem>
      <listitem>
        <para>
          Download (FTP): <ulink url="&wpa_supplicant-download-ftp;"/>
        </para>
      </listitem>
      <listitem>
        <para>
          Download MD5 sum: &wpa_supplicant-md5sum;
        </para>
      </listitem>
      <listitem>
        <para>
          Download size: &wpa_supplicant-size;
        </para>
      </listitem>
      <listitem>
        <para>
          Estimated disk space required: &wpa_supplicant-buildsize;
        </para>
      </listitem>
      <listitem>
        <para>
          Estimated build time: &wpa_supplicant-time;
        </para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">WPA Supplicant Dependencies</bridgehead>

    <bridgehead renderas="sect4">Recommended</bridgehead>
    <para role="recommended">
      <xref linkend="libnl"/> and
      <xref linkend="openssl"/>
    </para>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional">
      <xref linkend="dbus"/>,
      <xref linkend="libxml2"/>, and
      <xref linkend="qt4"/>
    </para>

    <para condition="html" role="usernotes">User Notes:
      <ulink url="&blfs-wiki;/wpa_supplicant"/>
    </para>

  </sect2>

  <sect2 role="kernel" id="wpa_supplicant-kernel">
    <title>Kernel Configuration</title>

    <para>
      Enable the following options in the kernel configuration as well as
      specific device drivers for your hardware and recompile the kernel if
      necessary:
    </para>

<screen><literal>Networking support  --->
  Wireless  --->
    cfg80211 - wireless configuration API: Y or M
      cfg80211 wireless extensions compatibility: Y
    Generic IEEE 802.11 Networking Stack (mac80211): Y or M
Device Drivers  --->
  Network device support  --->
    Wireless LAN  ---></literal></screen>

    <para>
      Select the options that support your hardware:
      <command>lspci</command> from <xref linkend="pciutils"/> can be used to
      view your hardware configuration.
    </para>

    <indexterm zone="wpa_supplicant wpa_supplicant-kernel">
      <primary sortas="d-wpa_supplicant">wpa_supplicant</primary>
    </indexterm>
  </sect2>

  <sect2 role="installation">
    <title>Installation of WPA Supplicant</title>

    <para>
      First you will need to create an initial configuration file for the
      build process. You can read <filename>wpa_supplicant/README</filename>
      and <filename>wpa_supplicant/defconfig</filename> for the explanation
      of the following options as well as other options that can be used.
      Create a build configuration file that should work for standard WiFi
      setups by running the following command:
    </para>

<screen><userinput>cat &gt; wpa_supplicant/.config &lt;&lt; "EOF"
<literal>CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3</literal>
EOF</userinput></screen>

    <para>
      If you wish to use <application>WPA Supplicant</application> with
      <xref linkend="NetworkManager"/>, make sure that you have installed
      <xref linkend="dbus"/> and <xref linkend="libxml2"/>, then add the
      following options to the <application>WPA Supplicant</application>
      build configuration file by running the following command:
    </para>

<screen><userinput>cat &gt;&gt; wpa_supplicant/.config &lt;&lt; "EOF"
<literal>CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y</literal>
EOF</userinput></screen>

    <para>
      Install <application>WPA Supplicant</application> by running the
      following commands:
    </para>

<screen><userinput>cd wpa_supplicant &amp;&amp;
make BINDIR=/sbin LIBDIR=/lib</userinput></screen>

    <para>
      If you have installed <xref linkend="qt4"/> and wish to build
      the <application>WPA Supplicant</application> GUI program, run
      the following commands:
    </para>

<screen><userinput>pushd wpa_gui-qt4 &amp;&amp;
qmake wpa_gui.pro &amp;&amp;
make &amp;&amp;
popd</userinput></screen>

    <para>
      This package does not come with a test suite.
    </para>

    <para>
      Now, as the <systemitem class="username">root</systemitem> user:
    </para>

<screen role="root"><userinput>install -v -m755 wpa_{cli,passphrase,supplicant} /sbin/ &amp;&amp;
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &amp;&amp;
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/</userinput></screen>

    <para>
      If you have built <application>WPA Supplicant</application> with
      <application>D-Bus</application> support, you will need to install
      <application>D-Bus</application> configuration files. Install them
      by running the following commands as the
      <systemitem class="username">root</systemitem> user:
    </para>

<screen role="root"><userinput>install -v -m644 dbus/fi.{epitest.hostap.WPASupplicant,w1.wpa_supplicant1}.service \
                 /usr/share/dbus-1/system-services/ &amp;&amp;
install -v -m644 dbus/dbus-wpa_supplicant.conf \
                 /etc/dbus-1/system.d/wpa_supplicant.conf</userinput></screen>

    <para>
      If you have built the <application>WPA Supplicant</application> GUI
      program, install it by running the following commands as the
      <systemitem class="username">root</systemitem> user:
    </para>

<screen role="root"><userinput>install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &amp;&amp;
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &amp;&amp;
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &amp;&amp;
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/</userinput></screen>

    <note>
      <para>
        You will need to restart the system <application>D-Bus</application> daemon
        before you can use the <application>WPA Supplicant</application>
        <application>D-Bus</application> interface.
      </para>
    </note>

    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
      href="../../xincludes/update-desktop-database.xml"/>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring wpa_supplicant</title>

    <sect3 id="wpa_supplicant-config">
      <title>Config File</title>

      <para>
        <filename>/etc/sysconfig/wpa_supplicant-*.conf</filename>
      </para>

      <indexterm zone="wpa_supplicant wpa_supplicant-config">
        <primary
        sortas="e-etc-sysconfig-wpa_supplicant-star.conf">/etc/sysconfig/wpa_supplicant-*.conf</primary>
      </indexterm>

    </sect3>

    <sect3>
      <title>Configuration Information</title>

      <para>
        To connect to an access point that uses a password, you need to put
        the pre-shared key in <filename>
        /etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
        SSID is the string that the access point/router transmits to
        identify itself. Run the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>wpa_passphrase <replaceable>SSID</replaceable> <replaceable>SECRET_PASSWORD</replaceable> &gt; /etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</userinput></screen>

      <para>
        <filename>/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf
        </filename> can hold the details of several access points. When
        <command>wpa_supplicant</command> is started, it will scan for the
        SSIDs it can see and choose the appropriate password to connect.
        </para>

      <para>
        If you want to connect to an access point that isn't password
        protected, put an entry like this in <filename>
        /etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
        Replace "Some-SSID" with the SSID of the access point/router.
      </para>

<screen>network={
  ssid="<replaceable>Some-SSID</replaceable>"
  key_mgmt=NONE
}</screen>

      <para>
        There are many options that you could use to tweak how you connect
        to each access point. They are described in some detail in the
        <filename>wpa_supplicant/wpa_supplicant.conf</filename> file in the
        source tree.
      </para>

    </sect3>

    <sect3>
      <title>Connecting to an Access Point</title>

      <para id="wpa-service">
        This package provides systemd units in the source tarball. 
        To install them, issue the following commands as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root">
<userinput>
install -v -m644 systemd/*.service /lib/systemd/system
</userinput></screen>
 
      <para>
        The following files were installed:

        /lib/systemd/system/wpa_supplicant.service

        /lib/systemd/system/wpa_supplicant-nl80211@.service
        /lib/systemd/system/wpa_supplicant-wired@.service
        /lib/systemd/system/wpa_supplicant@.service

        The first service should be enabled if D-Bus interface was built into 
        wpa_supplicant, so that wpa_supplicant D-Bus interface can be started at boot 
        instead of being automatically activated by the D-Bus daemon which doesn't work 
        when using systemd.
        To enable the service issue the following command as the
        <systemitem class="username">root</systemitem> user:
       </para>

<screen role="root">
<userinput>
systemctl enable wpa_supplicant.service
</userinput></screen>

       <para>
         The following three files are per-interface specific files. 
         Much like LFS ifupdown@.service, they will start wpa_supplicant for a network 
         interface. Only difference between the three files is the wpa_supplicant_driver 
         being used.

         The first one uses -Dnl80211, the second one uses -Dwired and the last one uses 
         default -D option (not specified).
       </para>


      <indexterm zone="wpa_supplicant wpa-service">
        <primary sortas="f-wpa">wpa</primary>
      </indexterm>

      <para>
        If your router/access point uses DHCP to allocate IP addresses, you
        can install <xref linkend="dhcp"/> client and use it to
        automatically obtain network addresses. If your using the first unit file
        Create the
        <filename>/etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf
        </filename> by running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

      <note>
      <para>
        wifi0 needs to be replaced with the actual interface.
      </para>
      </note>

<screen role="root"><userinput>cat &gt; /etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf &lt;&lt; "EOF"
<literal>ONBOOT="yes"
IFACE="<replaceable>wlan0</replaceable>"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhclient"
DHCP_START=""
DHCP_STOP=""

# Set PRINTIP="yes" to have the script print
# the DHCP assigned IP address
PRINTIP="no"

# Set PRINTALL="yes" to print the DHCP assigned values for
# IP, SM, DG, and 1st NS. This requires PRINTIP="yes".
PRINTALL="no"</literal>
EOF</userinput></screen>

      <note>
      <para>
        Note that the argument after @ and the interface name,
        ie wifi0 must be the same.
      </para>
      </note>

      <para>
        To enable it, issue the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>
<screen role="root"><userinput>
systemctl enable wpa_supplicant-nl80211@wifi0
</userinput></screen>

      <para>
        If your using the second unit file
        Create the
        <filename>/etc/wpa_supplicant/wpa_supplicant-wired-<replaceable>eth0</replaceable>.conf
        </filename> by running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>cat &gt; /etc/wpa_supplicant/wpa_supplicant-wired-<replaceable>eth0</replaceable>.conf &lt;&lt; "EOF"
<literal>ONBOOT="yes"
IFACE="<replaceable>eth0</replaceable>"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhclient"
DHCP_START=""
DHCP_STOP=""

# Set PRINTIP="yes" to have the script print
# the DHCP assigned IP address
PRINTIP="no"

# Set PRINTALL="yes" to print the DHCP assigned values for
# IP, SM, DG, and 1st NS. This requires PRINTIP="yes".
PRINTALL="no"</literal>
EOF</userinput></screen>

      <note>
      <para>
        Note that the argument after @ and the interface name,
        ie eth0 must be the same.
      </para>
      </note>

      <para>
        To enable it, issue the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>
systemctl enable wpa_supplicant-wired@eth0
</userinput></screen>

      <para>
        If your using the third unit file
        Create the
        <filename>/etc/wpa_supplicant/wpa_supplicant-<replaceable>eth0</replaceable>.conf
        </filename> by running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>cat &gt; /etc/wpa_supplicant/wpa_supplicant-<replaceable>eth0</replaceable>.conf &lt;&lt; "EOF"
<literal>ONBOOT="yes"
IFACE="<replaceable>eth0</replaceable>"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhclient"
DHCP_START=""
DHCP_STOP=""

# Set PRINTIP="yes" to have the script print
# the DHCP assigned IP address
PRINTIP="no"

# Set PRINTALL="yes" to print the DHCP assigned values for
# IP, SM, DG, and 1st NS. This requires PRINTIP="yes".
PRINTALL="no"</literal>
EOF</userinput></screen>

      <note>
      <para>
        Note that the argument after @ and the interface name,
        ie eth0 must be the same.
      </para>
      </note>

      <para>
        To enable it, issue the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>
systemctl enable wpa_supplicant-@eth0
</userinput></screen>

      <para>
        If you prefer <xref linkend="dhcpcd"/> instead of
        <xref linkend="dhcp"/> client, then create the
        <filename>/etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf
        </filename> by running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>cat &gt; /etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf &lt;&lt; "EOF"
<literal>ONBOOT="yes"
IFACE="<replaceable>wifi0</replaceable>"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhcpcd"
DHCP_START="-b -q <replaceable>&lt;insert appropriate start options here&gt;</replaceable>"
DHCP_STOP="-k <replaceable>&lt;insert additional stop options here&gt;</replaceable>"</literal>
EOF</userinput></screen>

      <para>
        Alternatively, if you use static addresses on your local network,
        then create the
        <filename>/etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf
        </filename> by running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>cat &gt; /etc/wpa_supplicant/wpa_supplicant-nl80211-<replaceable>wifi0</replaceable>.conf &lt;&lt; "EOF"
<literal>ONBOOT="yes"
IFACE="<replaceable>wifi0</replaceable>"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="ipv4-static"
IP="192.168.1.1"
GATEWAY="192.168.1.2"
PREFIX="24"
BROADCAST="192.168.1.255"</literal>
EOF</userinput></screen>

      <para>
        You can connect to the wireless access point by
        running the following command as the
        <systemitem class="username">root</systemitem> user:
      </para>

<screen role="root"><userinput>ifup <replaceable>wifi0</replaceable></userinput></screen>

      <para>
        Replace <replaceable>wlan0</replaceable> with the correct
        wireless interface and <replaceable>wifi0</replaceable>
        with desired name for the configuration file. Please note
        that <filename>wpa_supplicant-*.conf</filename> and
        <filename>ifconfig.*</filename> configuration files need
        to have identical names, ie both contain
        <replaceable>wifi0</replaceable> in their name.
      </para>

    </sect3>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>
          wpa_gui, wpa_supplicant, wpa_passphrase and wpa_cli
        </seg>
        <seg>
          None
        </seg>
        <seg>
          None
        </seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="wpa_gui">
        <term><command>wpa_gui</command></term>
        <listitem>
          <para>
            is a graphical frontend program for interacting with
            <application>wpa_supplicant</application>.
          </para>
          <indexterm zone="wpa_supplicant wpa_gui">
            <primary sortas="b-wpa_gui">wpa_gui</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="wpa_supplicant-prog">
        <term><command>wpa_supplicant</command></term>
        <listitem>
          <para>
            is a daemon that can connect to a password protected wireless
            access point.
          </para>
          <indexterm zone="wpa_supplicant wpa_supplicant-prog">
            <primary sortas="b-wpa_supplicant">wpa_supplicant</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="wpa_passphrase">
        <term><command>wpa_passphrase</command></term>
        <listitem>
          <para>
            takes an SSID and a password and generates a simple
            configuration that <command>wpa_supplicant</command> can
            understand.
          </para>
          <indexterm zone="wpa_supplicant wpa_passphrase">
            <primary sortas="b-wpa_passphrase">wpa_passphrase</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="wpa_cli">
        <term><command>wpa_cli</command></term>
        <listitem>
          <para>
            is a command line interface used to control a running
            <command>wpa_supplicant</command> daemon.
          </para>
          <indexterm zone="wpa_supplicant wpa_cli">
            <primary sortas="b-wpa_cli">wpa_cli</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>