AUTHOR: Eloi Primaux eloi AT bliscat dot org DATE: 2007-09-30 LICENSE: GNU Free Documentation License Version 2 SYNOPSIS: Setting up a wifi interface using wpa_supplicant and LFS IP services PRIMARY URL: http://www.bliscat.org/bliscat/hints/wpa-service/wpa-service-0.24.1.tar.bz2 DESCRIPTION: This hint explains how to set a network service using wpa_supplicant ATTACHMENTS: http://www.linuxfromscratch.org/hints/downloads/files/ATTACHMENTS/wpa-service/wpa-service-0.24.1.tar.bz2 PREREQUISITES: - A working LFS-6.2 system or newer with wireless capabilities - Almost two networks services like ipv4-static/dhcpcd installed - wpa_supplicant (>=0.5.7) and wireless drivers HINT: 0) Requirement and Optional tools ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 0.a) wpa_supplicant 'The core' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is NOT an usual step if you omit something here you won't be able to attach your device to any access point Please use the 0.5.7 version or newer, available at: link: http://hostap.epitest.fi/wpa_supplicant Again, i strongly recommend you to read its README before doing anything. wpa_supplicant may need the source of your drivers then edit the .config file as described in the README and set all constants according to your system. Also when ready install it by executing : make prefix=/usr && make install 1) This Hints ~~~~~~~~~~~~~ Well ... "wpa-service is a back-end lfs-like service using the front-end wpa_cli of (breath here) the back-end componment wpa_supplicant on lfs based systems" but this, nobody cares... 1.1) Install Files and Directories (this is only a proposal) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Extract wpa-service-0.24.tar.bz2 and in the extracted directory and run the following commands: OPION 1 : install -dv -m 700 /etc/sysconfig/network.d install -dv /etc/sysconfig/wpa-service install -dv /etc/sysconfig/network-devices/services install -dv /usr/share/doc/wpa-service touch /etc/sysconfig/network.d/netkey chmod -v 600 /etc/sysconfig/wpa-service/netkey install -v -m644 wpa-service-conf /etc/sysconfig/wpa-service/wpa-service.conf install -v -m754 wpa-action-script /etc/sysconfig/wpa-service/wpa-actions install -v -m644 wpa-service.txt /usr/share/doc/wpa-service install -v -m644 wpa-service-iface /usr/share/doc/wpa-service install -v -m755 wpa-service /etc/sysconfig/network-devices/services install -m755 wpa-service-rcscript /etc/rc.d/init.d/wpa-service ln -nsf /etc/rc.d/init.d/wpa-service /etc/rc.d/rc3.d/S15wpa-service ln -nsf /etc/rc.d/init.d/wpa-service /etc/rc.d/rc5.d/S15wpa-service ln -nsf /etc/rc.d/init.d/wpa-service /etc/rc.d/rc6.d/K85wpa-service ln -nsf /etc/rc.d/init.d/wpa-service /etc/rc.d/rc0.d/K85wpa-service install -d /etc/sysconfig/network-devices/ifconfig. install -v -m644 wpa-service-iface \ /etc/sysconfig/network-devices/ifconfig./wpa-service where is your interface OPTION 2: same as above but in a script ./install.sh 2) Configuration ~~~~~~~~~~~~~~~~ Network configuration go in the wpa-service-iface which is located at /etc/sysconfig/network-device/ifconfig./wpa-service WPA/WEP keys go in netkey which is located at /etc/sysconfig/network.d/netkey 2.1) Network configurations (IP): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wpa-service can set up your network according to it's SSID, this means that if the SSID "DHCP network" manage ip via a dhcp server, wpa-service will use the SSID file descriptor to set up you network when connecting to the SSID network. Those ssid descriptors are named with the name of the SSID they describe, and took place in the /etc/sysconfig/network.d directory. The "AzErTy" SSID descriptor will be /etc/sysconfig/network.d/AzeRtY 2.1.1) SSID descriptor syntax: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An SSID descriptor is a regular network configuration file as used in LFS BOOK. it means that if SSID "IPV4" use ipv4-static, the the descriptor "IPV4" will be cat > /etc/sysconfig/network.d/IPV4 << "EOF" ONBOOT=yes SERVICE=ipv4-static IP=192.168.1.1 GATEWAY=192.168.1.2 PREFIX=24 BROADCAST=192.168.1.255 EOF and if the "DHCP" SSID use dhcp : cat > /etc/sysconfig/network.d/DHCP << "EOF" ONBOOT="yes" SERVICE="dhcpcd" DHCP_START="-o" DHCP_STOP="-k -o" # the '-o' prevent your interface being destroyed by dhcpcd # Set PRINTIP="yes" to have the script print # the DHCP assigned IP address PRINTIP="no" # Set PRINTALL="yes" to print the DHCP assigned values for # IP, SM, DG, and 1st NS. This requires PRINTIP="yes". PRINTALL="no" EOF for convenience, wpa_actions fall back to /etc/sysconfig/network.d/AUTO when no SSID descriptor is available. Then install a common/automatic network configuration: I use dhcpcd: cat > /etc/sysconfig/network.d/AUTO << "EOF" ONBOOT="yes" SERVICE="dhcpcd" DHCP_START="-o" DHCP_STOP="-k -o" # the '-o' prevent your interface being destroyed by dhcpcd # Set PRINTIP="yes" to have the script print # the DHCP assigned IP address PRINTIP="no" # Set PRINTALL="yes" to print the DHCP assigned values for # IP, SM, DG, and 1st NS. This requires PRINTIP="yes". PRINTALL="no" EOF 3) The netkey file (The network keys description) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This file was previously named wpa_supplicant.conf but because i will only use it to store WPA/WEP key, i renamed it netkey and moved it to /etc/sysconfig/network.d/netkey The wpa_supplicant README and wiki explain the composition of this file. The file syntax is the wpa_supplicant.conf file syntax, it is specific to the wpa_supplicant program and only depends of the programmer choice, thus instead of explaining you of how this file is read, i will show you a set of command to create a config file with wpa_supplicant. in a bash shell execute: wpa_passphrase [passphrase] >> /etc/sysconfig/network.d/netkey Where is the name of the access point and where [pasphrase] is your ... pass-phrase. Now edit the newly created netkey file: Which should contains something similar to: network={ ssid="ssid" #psk="passphrase" psk=2b1d17284c5410ee5eaae7151290e9744af2182b0eb8af20dd4ebb415928f726 } You will directly see that you can define more than one network in this file, that's why wpa_supplicant is very nice: it chooses automatically in its configuration file the best (aka secure and available) network to connect. 4) Geting over troubles (and tunning your network) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ open a new console and launch in the foreground wpa_supplicant in debug mode: wpa_supplicant -g/var/run/wpa_supplicant-global \ -P/var/run/wpa_supplicant.pid -ddd this will make wpa_supplicant to output anything to us. Now start the wpa_cli in another console: wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan[X] "" [driver] \ /var/run/wpa_supplicant Where wlan[X] is the device name of your network interface and where [driver] is the name of your driver examples: wpa_cli -g/var/run/wpa_supplicant-global interface_add ath0 "" madwifi \ /var/run/wpa_supplicant wpa_cli -g/var/run/wpa_supplicant-global interface_add eth1 "" wext \ /var/run/wpa_supplicant if it fail, please have a look to the output of the wpa_supplicant daemon wpa_cli -iwlan[X] -p/var/run/wpa_supplicant Then in wpa_cli type : scan and after some seconds type scan_result This will output a list of available networks. As an example: root at bliscat:/home/eloi# wpa_cli -iath0 -p/var/run/wpa_supplicant wpa_cli v0.4.8 Copyright (c) 2004-2005, Jouni Malinen and contributors This program is free software. You can distribute it and/or modify it under the terms of the GNU General Public License version 2. Alternatively, this software may be distributed under the terms of the BSD license. See README and COPYING for more details. Selected interface 'ath0' Interactive mode > scan OK > scan_result bssid / frequency / signal level / flags / ssid 00:0f:b5:ee:af:8f 2437 212 [WPA2-PSK-CCMP-preauth] MY_net 00:10:c6:eb:95:11 2457 205 [WEP] Wanadoo_5441 you can see that my network 'My_net' use WPA2-PSK-CCMP which is WPA-PSK with CCMP as group and pairwise type exit to quit wpa_cli With this output we can now feed the netkey file: network={ ssid="ssid" key_mgmt=WPA-PSK proto=WPA2 pairwise=CCMP group=CCMP #psk="passphrase" psk=2b1d17284c54aeaeeaae7151290e9744af2182b0eb8af20dd4ebb415928f726 } Note if you wish you can only use the human readable pass-phrase, then comment it out and comment the hexadecimal pass-phrase Now kill the last instance of the wpa_supplicant daemon : killall wpa_supplicant And test your new configuration file: wpa_supplicant -d[driver] -iwlan[X] -c[configfile] -dd example: wpa_supplicant -dmadwifi -iath0 -c./netkey -dd If you see something like SUCCESS it's done, kill it again and copy the config file to a secure directory: install -d /etc/sysconfig/network.d chmod 700 -v /etc/sysconfig/network.d cp netkey /etc/sysconfig/network.d chmod 600 -v /etc/sysconfig/network.d/netkey 5) The End ~~~~~~~~~~ execute: /etc/rc.d/init.d/network stop /etc/rc.d./init.d/wpa-service restart /etc/rc.d/init.d/network start if there is no errors, and your system is connected, then you can safely restart your computer to see it setting up your wireless card during boot time. ACKNOWLEDGMENTS: The wireless hint The Wireless HOWTO wpa_supplicant README The madwifi wiki The LFS/BLFS Books CHANGELOG: 2006 03 10 Second release, first send to lfshint 2006 03 16 added some words to help wpa_supplicant.conf writing 2006 03 18 fix wrong paths 2006 03 31 Rewritten and try to match the LFS-standard thank's to archaic's help 2006 04 01 fix incomplete find commands 2006 10 15 wpa-service 0.2 2006 02 14 some typo fix in scripts, removed ifplugd support, and wait_for_up function 2007 03 27 Typo fix, ssid descriptors moved to /etc/sysconfig/network.d this modifiy wpa_actions and wpa_service.conf NETWORKDIR and SERVICESDIR moved to wpa_service.conf version increment to 0.22 2007 03 27 added missing installation of wpa-service.conf file rename wpa_service.conf to wpa-service.conf this modify all scripts and the core service script remove line dealing with the install of an ifplugd script version increment to 0.23 2007 06 14 wpa_supplicant.conf renamed to netkey and moved to network.d netkey chmoded to 600 wpa-service and network.d to 700 wpa-rcscript: renamed to wpa-service-rcscript wpa-service-rcscript: updated wpa-service: removed unused wait_for_up function '&> /dev/null' replaced by '2>&1 /dev/null' WPA_CONFIG_FILE is now WPA_KEY_FILE WPA_CONFIG_DIR is now WPA_KEY_DIR wpa-service-conf: updated (to follow wpa-* change) wpa_action-script: renamed to wpa-action-script hint updated and files are now shipped in a tarball with a very basic install.sh script typo fix in hint version increment to 0.24 2007 09 30 bump to version 0.24.1 this is a release fix install script improved fixed typo in wpa-service.conf (wrong wpa-action name) fixed ifdown process bug, ssid connection are stored in file to correctly set down the previously started service Changelog file added.