Context Navigation

source: networking/netprogs/wpa_supplicant.xml@ 0e1e3a1f

Visit:

12.2 lazarus trunk

Last change on this file since 0e1e3a1f was 9c48a24b, checked in by Bruce Dubbs <bdubbs@…>, 5 weeks ago
Inital tags for BLFS-12.2.
Property mode set to `100644`
File size: 20.6 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wpa_supplicant-download-http
8	"https://w1.fi/releases/wpa_supplicant-&wpa_supplicant-version;.tar.gz">
9	<!ENTITY wpa_supplicant-download-ftp " ">
10	<!ENTITY wpa_supplicant-md5sum "72a4a00eddb7a499a58113c3361ab094">
11	<!ENTITY wpa_supplicant-size "3.7 MB">
12	<!ENTITY wpa_supplicant-buildsize "35 MB">
13	<!ENTITY wpa_supplicant-time "0.3 SBU (without optional gui)">
14	]>
15
16	<sect1 id="wpa_supplicant" xreflabel="wpa_supplicant-&wpa_supplicant-version;">
17	<?dbhtml filename="wpa_supplicant.html"?>
18
19
20	<title>wpa_supplicant-&wpa_supplicant-version;</title>
21
22	<indexterm zone="wpa_supplicant">
23	<primary sortas="a-wpa_supplicant">wpa_supplicant</primary>
24	</indexterm>
25
26	<sect2 role="package">
27	<title>Introduction to WPA Supplicant</title>
28
29	<para>
30	<application>WPA Supplicant</application> is a Wi-Fi Protected Access
31	(WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation
32	with a WPA Authenticator and Extensible Authentication Protocol (EAP)
33	authentication with an Authentication Server. In addition, it controls the
34	roaming and IEEE 802.11 authentication/association of the wireless LAN
35	driver. This is useful for connecting to a password protected wireless
36	access point.
37	</para>
38
39	&lfs122_checked;
40
41	<bridgehead renderas="sect3">Package Information</bridgehead>
42	<itemizedlist spacing="compact">
43	<listitem>
44	<para>
45	Download (HTTP): <ulink url="&wpa_supplicant-download-http;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download (FTP): <ulink url="&wpa_supplicant-download-ftp;"/>
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download MD5 sum: &wpa_supplicant-md5sum;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Download size: &wpa_supplicant-size;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated disk space required: &wpa_supplicant-buildsize;
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Estimated build time: &wpa_supplicant-time;
71	</para>
72	</listitem>
73	</itemizedlist>
74	<!--
75	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
76	<itemizedlist spacing="compact">
77	<listitem>
78	<para>
79	Required patch:
80	<ulink url="&patch-root;/wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch"/>
81	</para>
82	</listitem>
83	</itemizedlist>
84	-->
85	<bridgehead renderas="sect3">WPA Supplicant Dependencies</bridgehead>
86
87	<bridgehead renderas="sect4">Required (Runtime)</bridgehead>
88	<para role="nodump">
89	<xref linkend="wireless-kernel"/>
90	</para>
91
92	<bridgehead renderas="sect4">Recommended</bridgehead>
93	<para role="recommended">
94	<xref linkend="desktop-file-utils"/> (for running
95	<command>update-desktop-database</command>) and
96	<xref linkend="libnl"/>
97	</para>
98
99	<bridgehead renderas="sect4">Optional</bridgehead>
100	<para role="optional">
101	<phrase revision="sysv"><xref linkend="dbus"/>,</phrase>
102	<xref linkend="libxml2"/>, and
103	&qt5-deps;
104	</para>
105
106
107	</sect2>
108
109	<sect2 role="kernel" id="wpa_supplicant-kernel">
110	<title>Kernel Configuration</title>
111
112	<para>
113	To use <application>wpa_supplicant</application>, the kernel must have
114	the appropriate drivers and other support available. Read
115	<xref linkend='wireless-kernel'/> for details.
116	</para>
117
118	<indexterm zone="wpa_supplicant wpa_supplicant-kernel">
119	<primary sortas="d-wpa_supplicant">wpa_supplicant</primary>
120	</indexterm>
121	</sect2>
122
123	<sect2 role="installation">
124	<title>Installation of WPA Supplicant</title>
125
126	<para>
127	First you will need to create an initial configuration file for the
128	build process. You can read <filename>wpa_supplicant/README</filename>
129	and <filename>wpa_supplicant/defconfig</filename> for the explanation
130	of the following options as well as other options that can be used.
131	Create a build configuration file that should work for standard WiFi
132	setups by running the following command:
133	</para>
134
135	<screen><userinput>cat > wpa_supplicant/.config << "EOF"
136	<literal>CONFIG_BACKEND=file
137	CONFIG_CTRL_IFACE=y
138	CONFIG_DEBUG_FILE=y
139	CONFIG_DEBUG_SYSLOG=y
140	CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
141	CONFIG_DRIVER_NL80211=y
142	CONFIG_DRIVER_WEXT=y
143	CONFIG_DRIVER_WIRED=y
144	CONFIG_EAP_GTC=y
145	CONFIG_EAP_LEAP=y
146	CONFIG_EAP_MD5=y
147	CONFIG_EAP_MSCHAPV2=y
148	CONFIG_EAP_OTP=y
149	CONFIG_EAP_PEAP=y
150	CONFIG_EAP_TLS=y
151	CONFIG_EAP_TTLS=y
152	CONFIG_IEEE8021X_EAPOL=y
153	CONFIG_IPV6=y
154	CONFIG_LIBNL32=y
155	CONFIG_PEERKEY=y
156	CONFIG_PKCS12=y
157	CONFIG_READLINE=y
158	CONFIG_SMARTCARD=y
159	CONFIG_WPS=y
160	CFLAGS += -I/usr/include/libnl3</literal>
161	EOF</userinput></screen>
162
163	<para>
164	If you wish to use <application>WPA Supplicant</application> with
165	<xref linkend="NetworkManager"/>, make sure that you have installed
166	<xref linkend="dbus"/> and <xref linkend="libxml2"/>, then add the
167	following options to the <application>WPA Supplicant</application>
168	build configuration file by running the following command:
169	</para>
170
171	<screen><userinput>cat >> wpa_supplicant/.config << "EOF"
172	<literal>CONFIG_CTRL_IFACE_DBUS=y
173	CONFIG_CTRL_IFACE_DBUS_NEW=y
174	CONFIG_CTRL_IFACE_DBUS_INTRO=y</literal>
175	EOF</userinput></screen>
176
177	<!-- Fixed in version 2.11
178	<para>
179	Next, patch a security vulnerability that occurs when connecting to some
180	networks:
181	<!- - CVE-2023-52160, see Ticket #19304. - ->
182	</para>
183
184	<screen><userinput>patch -Np1 -i ../wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch</userinput></screen>
185	-->
186	<para>
187	Install <application>WPA Supplicant</application> by running the
188	following commands:
189	</para>
190
191	<screen><userinput>cd wpa_supplicant &&
192	make BINDIR=/usr/sbin LIBDIR=/usr/lib</userinput></screen>
193
194	<para>
195	If you have installed &qt5-deps; and wish to build
196	the <application>WPA Supplicant</application> GUI program, run
197	the following commands:
198	</para>
199
200	<note>
201	<para>
202	The following directory name is labelled qt4, but
203	is compatible with &qt5-deps;.
204	</para>
205	</note>
206
207	<screen><userinput>pushd wpa_gui-qt4 &&
208	qmake wpa_gui.pro &&
209	make &&
210	popd</userinput></screen>
211
212	<para>
213	This package does not come with a test suite.
214	</para>
215
216	<para>
217	Now, as the <systemitem class="username">root</systemitem> user:
218	</para>
219
220	<screen role="root"><userinput>install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
221	install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
222	install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/</userinput></screen>
223
224	<para revision="systemd">
225	Install the <application>systemd</application> support files by
226	running the following command as the <systemitem
227	class="username">root</systemitem> user:
228	</para>
229
230	<screen role="root" revision="systemd"><userinput>install -v -m644 systemd/*.service /usr/lib/systemd/system/</userinput></screen>
231
232	<para>
233	If you have built <application>WPA Supplicant</application> with
234	<application>D-Bus</application> support, you will need to install
235	<application>D-Bus</application> configuration files. Install them
236	by running the following commands as the
237	<systemitem class="username">root</systemitem> user:
238	</para>
239
240	<screen role="root"><userinput>install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
241	/usr/share/dbus-1/system-services/ &&
242	install -v -d -m755 /etc/dbus-1/system.d &&
243	install -v -m644 dbus/dbus-wpa_supplicant.conf \
244	/etc/dbus-1/system.d/wpa_supplicant.conf</userinput></screen>
245
246	<para>
247	If you have built the <application>WPA Supplicant</application> GUI
248	program, install it by running the following commands as the
249	<systemitem class="username">root</systemitem> user:
250	</para>
251
252	<screen role="root"><userinput>install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
253	install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
254	install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
255	install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/</userinput></screen>
256
257	<note>
258	<para>
259	You will need to restart the system <application>D-Bus</application> daemon
260	before you can use the <application>WPA Supplicant</application>
261	<application>D-Bus</application> interface.
262	</para>
263	</note>
264
265	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
266	href="../../xincludes/update-desktop-database.xml"/>
267
268	</sect2>
269
270	<sect2 role="configuration">
271	<title>Configuring wpa_supplicant</title>
272
273	<important>
274	<para>
275	If you are using WPA Supplicant with
276	<xref linkend='NetworkManager'/> (or anything communicating with
277	WPA Supplicant via D-Bus), this section should be skipped. Running
278	a D-Bus connected WPA Supplicant instance and another WPA supplicant
279	instance configured following this section simultaneously can cause
280	subtle issues.
281	</para>
282	</important>
283
284	<sect3 id="wpa_supplicant-config">
285	<title>Config File</title>
286
287	<para revision="sysv">
288	<filename>/etc/sysconfig/wpa_supplicant-*.conf</filename>
289	</para>
290
291	<para revision="systemd">
292	<filename>/etc/wpa_supplicant/wpa_supplicant-*.conf</filename>
293	</para>
294
295	<indexterm zone="wpa_supplicant wpa_supplicant-config" revision="sysv">
296	<primary
297	sortas="e-etc-sysconfig-wpa_supplicant-star.conf">/etc/sysconfig/wpa_supplicant-*.conf</primary>
298	</indexterm>
299
300	<indexterm zone="wpa_supplicant wpa_supplicant-config" revision="systemd">
301	<primary
302	sortas="e-etc-wpa_supplicant-wpa_supplicant-star.conf">/etc/wpa_supplicant/wpa_supplicant-*.conf</primary>
303	</indexterm>
304
305	</sect3>
306
307	<sect3>
308	<title>Configuration Information</title>
309
310	<para>
311	To connect to an access point that uses a password, you need to put
312	the pre-shared key in
313	<phrase revision="sysv">
314	<filename>
315	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
316	</phrase>
317	<phrase revision="systemd">
318	<filename>
319	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
320	</phrase>
321	SSID is the string that the access point/router transmits to
322	identify itself. Run the following command as the
323	<systemitem class="username">root</systemitem> user:
324	</para>
325
326	<screen role="nodump" revision="sysv"><userinput>wpa_passphrase <replaceable>SSID</replaceable> <replaceable>SECRET_PASSWORD</replaceable> > /etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</userinput></screen>
327
328	<screen role="nodump" revision="systemd"><userinput>install -v -dm755 /etc/wpa_supplicant &&
329	wpa_passphrase <replaceable>SSID</replaceable> <replaceable>SECRET_PASSWORD</replaceable> > /etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</userinput></screen>
330
331	<para>
332	<phrase revision="sysv">
333	<filename>
334	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf
335	</filename>
336	</phrase>
337	<phrase revision="systemd">
338	<filename>
339	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf
340	</filename>
341	</phrase>
342	can hold the details of several access points. When
343	<command>wpa_supplicant</command> is started, it will scan for the
344	SSIDs it can see and choose the appropriate password to connect.
345	</para>
346
347	<para>
348	If you want to connect to an access point that isn't password
349	protected, put an entry like this in
350	<phrase revision="sysv">
351	<filename>
352	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
353	</phrase>
354	<phrase revision="systemd">
355	<filename>
356	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
357	</phrase>
358	Replace "Some-SSID" with the SSID of the access point/router.
359	</para>
360
361	<screen>network={
362	ssid="<replaceable>Some-SSID</replaceable>"
363	key_mgmt=NONE
364	}</screen>
365
366	<para>
367	Connecting to a new access point that is not in the configuration
368	file can be accomplished manually via the command line or GUI, but it
369	must be done via a privileged user. To do that, add the following to
370	the configuration file:
371	</para>
372
373	<screen>ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
374	update_config=1</screen>
375
376	<para>
377	Replace the <privileged group> above with a system group where
378	members have the ability to connect to a wireless access point.
379	</para>
380
381	<para>
382	There are many options that you could use to tweak how you connect
383	to each access point. They are described in some detail in the
384	<filename>wpa_supplicant/wpa_supplicant.conf</filename> file in the
385	source tree.
386	</para>
387
388	</sect3>
389
390	<sect3>
391	<title>Connecting to an Access Point</title>
392
393	<para id="wpa-service" revision="sysv">
394	If you want to configure network interfaces at boot using
395	<command>wpa_supplicant</command>, you need to install the
396	<filename>/lib/services/wpa</filename> script
397	included in <xref linkend="bootscripts"/> package:
398	</para>
399
400	<screen role="root" revision="sysv"><userinput>make install-service-wpa</userinput></screen>
401
402	<indexterm zone="wpa_supplicant wpa-service" revision="sysv">
403	<primary sortas="f-wpa">wpa</primary>
404	</indexterm>
405
406	<para revision="sysv">
407	If your router/access point uses DHCP to allocate IP addresses, you
408	can install <xref linkend="dhcpcd" role="nodep"/> and use it to
409	automatically obtain network addresses. Create the
410	<filename>/etc/sysconfig/ifconfig-<replaceable>wifi0</replaceable>
411	</filename> by running the following command as the
412	<systemitem class="username">root</systemitem> user:
413	</para>
414
415	<screen role="root" revision="sysv"><userinput>cat > /etc/sysconfig/ifconfig.<replaceable>wifi0</replaceable> << "EOF"
416	<literal>ONBOOT="yes"
417	IFACE="<replaceable>wlan0</replaceable>"
418	SERVICE="wpa"
419
420	# Additional arguments to wpa_supplicant
421	WPA_ARGS=""
422
423	WPA_SERVICE="dhcpcd"
424	DHCP_START="-b -q <replaceable><insert appropriate start options here></replaceable>"
425	DHCP_STOP="-k <replaceable><insert additional stop options here></replaceable>"</literal>
426	EOF</userinput></screen>
427
428	<para revision="sysv">
429	Alternatively, if you use static addresses on your local network,
430	then create the
431	<filename>/etc/sysconfig/ifconfig-<replaceable>wifi0</replaceable>
432	</filename> by running the following command as the
433	<systemitem class="username">root</systemitem> user:
434	</para>
435
436	<screen role="root" revision="sysv"><userinput>cat > /etc/sysconfig/ifconfig.<replaceable>wifi0</replaceable> << "EOF"
437	<literal>ONBOOT="yes"
438	IFACE="<replaceable>wlan0</replaceable>"
439	SERVICE="wpa"
440
441	# Additional arguments to wpa_supplicant
442	WPA_ARGS=""
443
444	WPA_SERVICE="ipv4-static"
445	IP="192.168.1.1"
446	GATEWAY="192.168.1.2"
447	PREFIX="24"
448	BROADCAST="192.168.1.255"</literal>
449	EOF</userinput></screen>
450
451	<para revision="systemd">
452	There are 3 types of <application>systemd</application> units
453	that were installed:
454	</para>
455
456	<itemizedlist spacing="compact" revision="systemd">
457	<listitem>
458	<para>
459	wpa_supplicant@.service
460	</para>
461	</listitem>
462	<listitem>
463	<para>
464	wpa_supplicant-nl80211@.service
465	</para>
466	</listitem>
467	<listitem>
468	<para>
469	wpa_supplicant-wired@.service
470	</para>
471	</listitem>
472	</itemizedlist>
473
474	<para revision="systemd">
475	The only difference between 3 of them is what driver
476	is used for connecting (-D option). The first one uses
477	the default driver, the second one uses the nl80211
478	driver and the third one uses the wired driver.
479	</para>
480
481	<para>
482	You can connect to the wireless access point by
483	running the following command as the
484	<systemitem class="username">root</systemitem> user:
485	</para>
486
487	<screen role="root" revision="sysv"><userinput>ifup <replaceable>wifi0</replaceable></userinput></screen>
488
489	<para revision="sysv">
490	Replace <replaceable>wlan0</replaceable> with the correct
491	wireless interface and <replaceable>wifi0</replaceable>
492	with desired name for the configuration file. Please note
493	that <filename>wpa_supplicant-*.conf</filename> and
494	<filename>ifconfig.*</filename> configuration files need
495	to have identical names, ie both contain
496	<replaceable>wifi0</replaceable> in their name.
497	</para>
498
499	<screen role="root" revision="systemd"><userinput>systemctl start wpa_supplicant@<replaceable>wlan0</replaceable></userinput></screen>
500
501	<para revision="systemd">
502	To connect to the wireless access point at
503	boot, simply enable the appropriate
504	<command>wpa_supplicant</command> service
505	by running the following command as the
506	<systemitem class="username">root</systemitem> user:
507	</para>
508
509	<screen role="root" revision="systemd"><userinput>systemctl enable wpa_supplicant@<replaceable>wlan0</replaceable></userinput></screen>
510
511	<para revision="systemd">
512	Depending on your setup, you can replace the
513	<filename>wpa_supplicant@.service</filename>
514	with any other listed above.
515	</para>
516
517	<para revision="systemd">
518	To assign a network address to your wireless interface, consult the
519	<ulink url="&lfs-root;/chapter09/network.html">General Network Configuration</ulink>
520	page in LFS.
521	</para>
522
523	</sect3>
524
525	</sect2>
526
527	<sect2 role="content">
528	<title>Contents</title>
529
530	<segmentedlist>
531	<segtitle>Installed Programs</segtitle>
532	<segtitle>Installed Libraries</segtitle>
533	<segtitle>Installed Directories</segtitle>
534
535	<seglistitem>
536	<seg>
537	wpa_gui, wpa_supplicant, wpa_passphrase and wpa_cli
538	</seg>
539	<seg>
540	None
541	</seg>
542	<seg>
543	None
544	</seg>
545	</seglistitem>
546	</segmentedlist>
547
548	<variablelist>
549	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
550	<?dbfo list-presentation="list"?>
551	<?dbhtml list-presentation="table"?>
552
553	<varlistentry id="wpa_gui">
554	<term><command>wpa_gui</command></term>
555	<listitem>
556	<para>
557	is a graphical frontend program for interacting with
558	<application>wpa_supplicant</application>
559	</para>
560	<indexterm zone="wpa_supplicant wpa_gui">
561	<primary sortas="b-wpa_gui">wpa_gui</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="wpa_supplicant-prog">
567	<term><command>wpa_supplicant</command></term>
568	<listitem>
569	<para>
570	is a daemon that can connect to a password protected wireless
571	access point
572	</para>
573	<indexterm zone="wpa_supplicant wpa_supplicant-prog">
574	<primary sortas="b-wpa_supplicant">wpa_supplicant</primary>
575	</indexterm>
576	</listitem>
577	</varlistentry>
578
579	<varlistentry id="wpa_passphrase">
580	<term><command>wpa_passphrase</command></term>
581	<listitem>
582	<para>
583	takes an SSID and a password and generates a simple
584	configuration that <command>wpa_supplicant</command> can
585	understand
586	</para>
587	<indexterm zone="wpa_supplicant wpa_passphrase">
588	<primary sortas="b-wpa_passphrase">wpa_passphrase</primary>
589	</indexterm>
590	</listitem>
591	</varlistentry>
592
593	<varlistentry id="wpa_cli">
594	<term><command>wpa_cli</command></term>
595	<listitem>
596	<para>
597	is a command line interface used to control a running
598	<command>wpa_supplicant</command> daemon
599	</para>
600	<indexterm zone="wpa_supplicant wpa_cli">
601	<primary sortas="b-wpa_cli">wpa_cli</primary>
602	</indexterm>
603	</listitem>
604	</varlistentry>
605
606	</variablelist>
607
608	</sect2>
609
610	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: