Context Navigation

source: networking/netprogs/wpa_supplicant.xml@ dc5e53b3

Visit:

trunk

Last change on this file since dc5e53b3 was 0bb63a3, checked in by Douglas R. Reno <renodr@…>, 3 weeks ago
wpa_supplicant: cleanup after removing the GUI
Property mode set to `100644`
File size: 19.1 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY wpa_supplicant-download-http
8	"https://w1.fi/releases/wpa_supplicant-&wpa_supplicant-version;.tar.gz">
9	<!ENTITY wpa_supplicant-download-ftp " ">
10	<!ENTITY wpa_supplicant-md5sum "72a4a00eddb7a499a58113c3361ab094">
11	<!ENTITY wpa_supplicant-size "3.7 MB">
12	<!ENTITY wpa_supplicant-buildsize "35 MB">
13	<!ENTITY wpa_supplicant-time "0.3 SBU">
14	]>
15
16	<sect1 id="wpa_supplicant" xreflabel="wpa_supplicant-&wpa_supplicant-version;">
17	<?dbhtml filename="wpa_supplicant.html"?>
18
19
20	<title>wpa_supplicant-&wpa_supplicant-version;</title>
21
22	<indexterm zone="wpa_supplicant">
23	<primary sortas="a-wpa_supplicant">wpa_supplicant</primary>
24	</indexterm>
25
26	<sect2 role="package">
27	<title>Introduction to WPA Supplicant</title>
28
29	<para>
30	<application>WPA Supplicant</application> is a Wi-Fi Protected Access
31	(WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation
32	with a WPA Authenticator and Extensible Authentication Protocol (EAP)
33	authentication with an Authentication Server. In addition, it controls the
34	roaming and IEEE 802.11 authentication/association of the wireless LAN
35	driver. This is useful for connecting to a password protected wireless
36	access point.
37	</para>
38
39	&lfs122_checked;
40
41	<bridgehead renderas="sect3">Package Information</bridgehead>
42	<itemizedlist spacing="compact">
43	<listitem>
44	<para>
45	Download (HTTP): <ulink url="&wpa_supplicant-download-http;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download (FTP): <ulink url="&wpa_supplicant-download-ftp;"/>
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download MD5 sum: &wpa_supplicant-md5sum;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Download size: &wpa_supplicant-size;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated disk space required: &wpa_supplicant-buildsize;
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Estimated build time: &wpa_supplicant-time;
71	</para>
72	</listitem>
73	</itemizedlist>
74	<!--
75	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
76	<itemizedlist spacing="compact">
77	<listitem>
78	<para>
79	Required patch:
80	<ulink url="&patch-root;/wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch"/>
81	</para>
82	</listitem>
83	</itemizedlist>
84	-->
85	<bridgehead renderas="sect3">WPA Supplicant Dependencies</bridgehead>
86
87	<bridgehead renderas="sect4">Required (Runtime)</bridgehead>
88	<para role="nodump">
89	<xref linkend="wireless-kernel"/>
90	</para>
91
92	<bridgehead renderas="sect4">Recommended</bridgehead>
93	<para role="recommended">
94	<xref linkend="desktop-file-utils"/> (for running
95	<command>update-desktop-database</command>) and
96	<xref linkend="libnl"/>
97	</para>
98
99	<bridgehead renderas="sect4">Optional</bridgehead>
100	<para role="optional">
101	<phrase revision="sysv"><xref linkend="dbus"/> and</phrase>
102	<xref linkend="libxml2"/>
103	</para>
104
105
106	</sect2>
107
108	<sect2 role="kernel" id="wpa_supplicant-kernel">
109	<title>Kernel Configuration</title>
110
111	<para>
112	To use <application>wpa_supplicant</application>, the kernel must have
113	the appropriate drivers and other support available. Read
114	<xref linkend='wireless-kernel'/> for details.
115	</para>
116
117	<indexterm zone="wpa_supplicant wpa_supplicant-kernel">
118	<primary sortas="d-wpa_supplicant">wpa_supplicant</primary>
119	</indexterm>
120	</sect2>
121
122	<sect2 role="installation">
123	<title>Installation of WPA Supplicant</title>
124
125	<para>
126	First you will need to create an initial configuration file for the
127	build process. You can read <filename>wpa_supplicant/README</filename>
128	and <filename>wpa_supplicant/defconfig</filename> for the explanation
129	of the following options as well as other options that can be used.
130	Create a build configuration file that should work for standard WiFi
131	setups by running the following command:
132	</para>
133
134	<screen><userinput>cat > wpa_supplicant/.config << "EOF"
135	<literal>CONFIG_BACKEND=file
136	CONFIG_CTRL_IFACE=y
137	CONFIG_DEBUG_FILE=y
138	CONFIG_DEBUG_SYSLOG=y
139	CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
140	CONFIG_DRIVER_NL80211=y
141	CONFIG_DRIVER_WEXT=y
142	CONFIG_DRIVER_WIRED=y
143	CONFIG_EAP_GTC=y
144	CONFIG_EAP_LEAP=y
145	CONFIG_EAP_MD5=y
146	CONFIG_EAP_MSCHAPV2=y
147	CONFIG_EAP_OTP=y
148	CONFIG_EAP_PEAP=y
149	CONFIG_EAP_TLS=y
150	CONFIG_EAP_TTLS=y
151	CONFIG_IEEE8021X_EAPOL=y
152	CONFIG_IPV6=y
153	CONFIG_LIBNL32=y
154	CONFIG_PEERKEY=y
155	CONFIG_PKCS12=y
156	CONFIG_READLINE=y
157	CONFIG_SMARTCARD=y
158	CONFIG_WPS=y
159	CFLAGS += -I/usr/include/libnl3</literal>
160	EOF</userinput></screen>
161
162	<para>
163	If you wish to use <application>WPA Supplicant</application> with
164	<xref linkend="NetworkManager"/>, make sure that you have installed
165	<xref linkend="dbus"/> and <xref linkend="libxml2"/>, then add the
166	following options to the <application>WPA Supplicant</application>
167	build configuration file by running the following command:
168	</para>
169
170	<screen><userinput>cat >> wpa_supplicant/.config << "EOF"
171	<literal>CONFIG_CTRL_IFACE_DBUS=y
172	CONFIG_CTRL_IFACE_DBUS_NEW=y
173	CONFIG_CTRL_IFACE_DBUS_INTRO=y</literal>
174	EOF</userinput></screen>
175
176	<!-- Fixed in version 2.11
177	<para>
178	Next, patch a security vulnerability that occurs when connecting to some
179	networks:
180	<!- - CVE-2023-52160, see Ticket #19304. - ->
181	</para>
182
183	<screen><userinput>patch -Np1 -i ../wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch</userinput></screen>
184	-->
185	<para>
186	Install <application>WPA Supplicant</application> by running the
187	following commands:
188	</para>
189
190	<screen><userinput>cd wpa_supplicant &&
191	make BINDIR=/usr/sbin LIBDIR=/usr/lib</userinput></screen>
192
193	<para>
194	This package does not come with a test suite.
195	</para>
196
197	<para>
198	Now, as the <systemitem class="username">root</systemitem> user:
199	</para>
200
201	<screen role="root"><userinput>install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
202	install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
203	install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/</userinput></screen>
204
205	<para revision="systemd">
206	Install the <application>systemd</application> support files by
207	running the following command as the <systemitem
208	class="username">root</systemitem> user:
209	</para>
210
211	<screen role="root" revision="systemd"><userinput>install -v -m644 systemd/*.service /usr/lib/systemd/system/</userinput></screen>
212
213	<para>
214	If you have built <application>WPA Supplicant</application> with
215	<application>D-Bus</application> support, you will need to install
216	<application>D-Bus</application> configuration files. Install them
217	by running the following commands as the
218	<systemitem class="username">root</systemitem> user:
219	</para>
220
221	<screen role="root"><userinput>install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
222	/usr/share/dbus-1/system-services/ &&
223	install -v -d -m755 /etc/dbus-1/system.d &&
224	install -v -m644 dbus/dbus-wpa_supplicant.conf \
225	/etc/dbus-1/system.d/wpa_supplicant.conf</userinput></screen>
226
227	<note>
228	<para>
229	You will need to restart the system <application>D-Bus</application> daemon
230	before you can use the <application>WPA Supplicant</application>
231	<application>D-Bus</application> interface.
232	</para>
233	</note>
234
235	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
236	href="../../xincludes/update-desktop-database.xml"/>
237
238	</sect2>
239
240	<sect2 role="configuration">
241	<title>Configuring wpa_supplicant</title>
242
243	<important>
244	<para>
245	If you are using WPA Supplicant with
246	<xref linkend='NetworkManager'/> (or anything communicating with
247	WPA Supplicant via D-Bus), this section should be skipped. Running
248	a D-Bus connected WPA Supplicant instance and another WPA supplicant
249	instance configured following this section simultaneously can cause
250	subtle issues.
251	</para>
252	</important>
253
254	<sect3 id="wpa_supplicant-config">
255	<title>Config File</title>
256
257	<para revision="sysv">
258	<filename>/etc/sysconfig/wpa_supplicant-*.conf</filename>
259	</para>
260
261	<para revision="systemd">
262	<filename>/etc/wpa_supplicant/wpa_supplicant-*.conf</filename>
263	</para>
264
265	<indexterm zone="wpa_supplicant wpa_supplicant-config" revision="sysv">
266	<primary
267	sortas="e-etc-sysconfig-wpa_supplicant-star.conf">/etc/sysconfig/wpa_supplicant-*.conf</primary>
268	</indexterm>
269
270	<indexterm zone="wpa_supplicant wpa_supplicant-config" revision="systemd">
271	<primary
272	sortas="e-etc-wpa_supplicant-wpa_supplicant-star.conf">/etc/wpa_supplicant/wpa_supplicant-*.conf</primary>
273	</indexterm>
274
275	</sect3>
276
277	<sect3>
278	<title>Configuration Information</title>
279
280	<para>
281	To connect to an access point that uses a password, you need to put
282	the pre-shared key in
283	<phrase revision="sysv">
284	<filename>
285	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
286	</phrase>
287	<phrase revision="systemd">
288	<filename>
289	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
290	</phrase>
291	SSID is the string that the access point/router transmits to
292	identify itself. Run the following command as the
293	<systemitem class="username">root</systemitem> user:
294	</para>
295
296	<screen role="nodump" revision="sysv"><userinput>wpa_passphrase <replaceable>SSID</replaceable> <replaceable>SECRET_PASSWORD</replaceable> > /etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</userinput></screen>
297
298	<screen role="nodump" revision="systemd"><userinput>install -v -dm755 /etc/wpa_supplicant &&
299	wpa_passphrase <replaceable>SSID</replaceable> <replaceable>SECRET_PASSWORD</replaceable> > /etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</userinput></screen>
300
301	<para>
302	<phrase revision="sysv">
303	<filename>
304	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf
305	</filename>
306	</phrase>
307	<phrase revision="systemd">
308	<filename>
309	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf
310	</filename>
311	</phrase>
312	can hold the details of several access points. When
313	<command>wpa_supplicant</command> is started, it will scan for the
314	SSIDs it can see and choose the appropriate password to connect.
315	</para>
316
317	<para>
318	If you want to connect to an access point that isn't password
319	protected, put an entry like this in
320	<phrase revision="sysv">
321	<filename>
322	/etc/sysconfig/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
323	</phrase>
324	<phrase revision="systemd">
325	<filename>
326	/etc/wpa_supplicant/wpa_supplicant-<replaceable>wifi0</replaceable>.conf</filename>.
327	</phrase>
328	Replace "Some-SSID" with the SSID of the access point/router.
329	</para>
330
331	<screen>network={
332	ssid="<replaceable>Some-SSID</replaceable>"
333	key_mgmt=NONE
334	}</screen>
335
336	<para>
337	Connecting to a new access point that is not in the configuration
338	file can be accomplished manually via the command line, but it
339	must be done via a privileged user. To do that, add the following to
340	the configuration file:
341	</para>
342
343	<screen>ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
344	update_config=1</screen>
345
346	<para>
347	Replace the <privileged group> above with a system group where
348	members have the ability to connect to a wireless access point.
349	</para>
350
351	<para>
352	There are many options that you could use to tweak how you connect
353	to each access point. They are described in some detail in the
354	<filename>wpa_supplicant/wpa_supplicant.conf</filename> file in the
355	source tree.
356	</para>
357
358	</sect3>
359
360	<sect3>
361	<title>Connecting to an Access Point</title>
362
363	<para id="wpa-service" revision="sysv">
364	If you want to configure network interfaces at boot using
365	<command>wpa_supplicant</command>, you need to install the
366	<filename>/lib/services/wpa</filename> script
367	included in <xref linkend="bootscripts"/> package:
368	</para>
369
370	<screen role="root" revision="sysv"><userinput>make install-service-wpa</userinput></screen>
371
372	<indexterm zone="wpa_supplicant wpa-service" revision="sysv">
373	<primary sortas="f-wpa">wpa</primary>
374	</indexterm>
375
376	<para revision="sysv">
377	If your router/access point uses DHCP to allocate IP addresses, you
378	can install <xref linkend="dhcpcd" role="nodep"/> and use it to
379	automatically obtain network addresses. Create the
380	<filename>/etc/sysconfig/ifconfig-<replaceable>wifi0</replaceable>
381	</filename> by running the following command as the
382	<systemitem class="username">root</systemitem> user:
383	</para>
384
385	<screen role="root" revision="sysv"><userinput>cat > /etc/sysconfig/ifconfig.<replaceable>wifi0</replaceable> << "EOF"
386	<literal>ONBOOT="yes"
387	IFACE="<replaceable>wlan0</replaceable>"
388	SERVICE="wpa"
389
390	# Additional arguments to wpa_supplicant
391	WPA_ARGS=""
392
393	WPA_SERVICE="dhcpcd"
394	DHCP_START="-b -q <replaceable><insert appropriate start options here></replaceable>"
395	DHCP_STOP="-k <replaceable><insert additional stop options here></replaceable>"</literal>
396	EOF</userinput></screen>
397
398	<para revision="sysv">
399	Alternatively, if you use static addresses on your local network,
400	then create the
401	<filename>/etc/sysconfig/ifconfig-<replaceable>wifi0</replaceable>
402	</filename> by running the following command as the
403	<systemitem class="username">root</systemitem> user:
404	</para>
405
406	<screen role="root" revision="sysv"><userinput>cat > /etc/sysconfig/ifconfig.<replaceable>wifi0</replaceable> << "EOF"
407	<literal>ONBOOT="yes"
408	IFACE="<replaceable>wlan0</replaceable>"
409	SERVICE="wpa"
410
411	# Additional arguments to wpa_supplicant
412	WPA_ARGS=""
413
414	WPA_SERVICE="ipv4-static"
415	IP="192.168.1.1"
416	GATEWAY="192.168.1.2"
417	PREFIX="24"
418	BROADCAST="192.168.1.255"</literal>
419	EOF</userinput></screen>
420
421	<para revision="systemd">
422	There are 3 types of <application>systemd</application> units
423	that were installed:
424	</para>
425
426	<itemizedlist spacing="compact" revision="systemd">
427	<listitem>
428	<para>
429	wpa_supplicant@.service
430	</para>
431	</listitem>
432	<listitem>
433	<para>
434	wpa_supplicant-nl80211@.service
435	</para>
436	</listitem>
437	<listitem>
438	<para>
439	wpa_supplicant-wired@.service
440	</para>
441	</listitem>
442	</itemizedlist>
443
444	<para revision="systemd">
445	The only difference between 3 of them is what driver
446	is used for connecting (-D option). The first one uses
447	the default driver, the second one uses the nl80211
448	driver and the third one uses the wired driver.
449	</para>
450
451	<para>
452	You can connect to the wireless access point by
453	running the following command as the
454	<systemitem class="username">root</systemitem> user:
455	</para>
456
457	<screen role="root" revision="sysv"><userinput>ifup <replaceable>wifi0</replaceable></userinput></screen>
458
459	<para revision="sysv">
460	Replace <replaceable>wlan0</replaceable> with the correct
461	wireless interface and <replaceable>wifi0</replaceable>
462	with desired name for the configuration file. Please note
463	that <filename>wpa_supplicant-*.conf</filename> and
464	<filename>ifconfig.*</filename> configuration files need
465	to have identical names, ie both contain
466	<replaceable>wifi0</replaceable> in their name.
467	</para>
468
469	<screen role="root" revision="systemd"><userinput>systemctl start wpa_supplicant@<replaceable>wlan0</replaceable></userinput></screen>
470
471	<para revision="systemd">
472	To connect to the wireless access point at
473	boot, simply enable the appropriate
474	<command>wpa_supplicant</command> service
475	by running the following command as the
476	<systemitem class="username">root</systemitem> user:
477	</para>
478
479	<screen role="root" revision="systemd"><userinput>systemctl enable wpa_supplicant@<replaceable>wlan0</replaceable></userinput></screen>
480
481	<para revision="systemd">
482	Depending on your setup, you can replace the
483	<filename>wpa_supplicant@.service</filename>
484	with any other listed above.
485	</para>
486
487	<para revision="systemd">
488	To assign a network address to your wireless interface, consult the
489	<ulink url="&lfs-root;/chapter09/network.html">General Network Configuration</ulink>
490	page in LFS.
491	</para>
492
493	</sect3>
494
495	</sect2>
496
497	<sect2 role="content">
498	<title>Contents</title>
499
500	<segmentedlist>
501	<segtitle>Installed Programs</segtitle>
502	<segtitle>Installed Libraries</segtitle>
503	<segtitle>Installed Directories</segtitle>
504
505	<seglistitem>
506	<seg>
507	wpa_supplicant, wpa_passphrase and wpa_cli
508	</seg>
509	<seg>
510	None
511	</seg>
512	<seg>
513	None
514	</seg>
515	</seglistitem>
516	</segmentedlist>
517
518	<variablelist>
519	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
520	<?dbfo list-presentation="list"?>
521	<?dbhtml list-presentation="table"?>
522
523	<varlistentry id="wpa_supplicant-prog">
524	<term><command>wpa_supplicant</command></term>
525	<listitem>
526	<para>
527	is a daemon that can connect to a password protected wireless
528	access point
529	</para>
530	<indexterm zone="wpa_supplicant wpa_supplicant-prog">
531	<primary sortas="b-wpa_supplicant">wpa_supplicant</primary>
532	</indexterm>
533	</listitem>
534	</varlistentry>
535
536	<varlistentry id="wpa_passphrase">
537	<term><command>wpa_passphrase</command></term>
538	<listitem>
539	<para>
540	takes an SSID and a password and generates a simple
541	configuration that <command>wpa_supplicant</command> can
542	understand
543	</para>
544	<indexterm zone="wpa_supplicant wpa_passphrase">
545	<primary sortas="b-wpa_passphrase">wpa_passphrase</primary>
546	</indexterm>
547	</listitem>
548	</varlistentry>
549
550	<varlistentry id="wpa_cli">
551	<term><command>wpa_cli</command></term>
552	<listitem>
553	<para>
554	is a command line interface used to control a running
555	<command>wpa_supplicant</command> daemon
556	</para>
557	<indexterm zone="wpa_supplicant wpa_cli">
558	<primary sortas="b-wpa_cli">wpa_cli</primary>
559	</indexterm>
560	</listitem>
561	</varlistentry>
562
563	</variablelist>
564
565	</sect2>
566
567	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: