Beyond Linux® From Scratch (systemd Edition) - Version r12.0-816

Chapter 15. Networking Programs

wpa_supplicant-2.10

Introduction to WPA Supplicant

WPA Supplicant is a Wi-Fi Protected Access (WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation with a WPA Authenticator and Extensible Authentication Protocol (EAP) authentication with an Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. This is useful for connecting to a password protected wireless access point.

[Note]

Note

Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.

Package Information

WPA Supplicant Dependencies

Required (Runtime)

Configuring the Linux Kernel for Wireless

Recommended

desktop-file-utils-0.27 (for running update-desktop-database) and libnl-3.8.0

Optional

libxml2-2.12.1, and (Qt-5.15.11 or qt-alternate-5.15.11)

Kernel Configuration

To use wpa_supplicant, the kernel must have the appropriate drivers and other support available. Read Configuring the Linux Kernel for Wireless for details.

Installation of WPA Supplicant

First you will need to create an initial configuration file for the build process. You can read wpa_supplicant/README and wpa_supplicant/defconfig for the explanation of the following options as well as other options that can be used. Create a build configuration file that should work for standard WiFi setups by running the following command: 

cat > wpa_supplicant/.config << "EOF"
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
EOF

If you wish to use WPA Supplicant with NetworkManager-1.44.2, make sure that you have installed dbus-1.14.10 and libxml2-2.12.1, then add the following options to the WPA Supplicant build configuration file by running the following command: 

cat >> wpa_supplicant/.config << "EOF"
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
EOF

Install WPA Supplicant by running the following commands: 

cd wpa_supplicant &&
make BINDIR=/usr/sbin LIBDIR=/usr/lib

If you have installed (Qt-5.15.11 or qt-alternate-5.15.11) and wish to build the WPA Supplicant GUI program, run the following commands:

[Note]

Note

The following directory name is labelled qt4, but is compatible with (Qt-5.15.11 or qt-alternate-5.15.11). 

pushd wpa_gui-qt4 &&
qmake wpa_gui.pro &&
make &&
popd

This package does not come with a test suite.

Now, as the root user: 

install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/

Install the systemd support files by running the following command as the root user: 

install -v -m644 systemd/*.service /usr/lib/systemd/system/

If you have built WPA Supplicant with D-Bus support, you will need to install D-Bus configuration files. Install them by running the following commands as the root user: 

install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
                 /usr/share/dbus-1/system-services/ &&
install -v -d -m755 /etc/dbus-1/system.d &&
install -v -m644 dbus/dbus-wpa_supplicant.conf \
                 /etc/dbus-1/system.d/wpa_supplicant.conf

Additionally, enable the wpa_supplicant.service so that systemd can properly activate the D-Bus service. Note that the per-connection service and the D-Bus service cannot be enabled at the same time. Run the following command as the root user: 

systemctl enable wpa_supplicant

If you have built the WPA Supplicant GUI program, install it by running the following commands as the root user: 

install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/
[Note]

Note

You will need to restart the system D-Bus daemon before you can use the WPA Supplicant D-Bus interface.

[Note]

Note

This package installs desktop files into the /usr/share/applications hierarchy and you can improve system performance and memory usage by updating /usr/share/applications/mimeinfo.cache. To perform the update you must have desktop-file-utils-0.27 installed and issue the following command as the root user: 

update-desktop-database -q

Configuring wpa_supplicant

Config File

/etc/wpa_supplicant/wpa_supplicant-*.conf

Configuration Information

To connect to an access point that uses a password, you need to put the pre-shared key in /etc/wpa_supplicant/wpa_supplicant-wifi0.conf. SSID is the string that the access point/router transmits to identify itself. Run the following command as the root user: 

install -v -dm755 /etc/wpa_supplicant &&
wpa_passphrase SSID SECRET_PASSWORD > /etc/wpa_supplicant/wpa_supplicant-wifi0.conf

/etc/wpa_supplicant/wpa_supplicant-wifi0.conf can hold the details of several access points. When wpa_supplicant is started, it will scan for the SSIDs it can see and choose the appropriate password to connect.

If you want to connect to an access point that isn't password protected, put an entry like this in /etc/wpa_supplicant/wpa_supplicant-wifi0.conf. Replace "Some-SSID" with the SSID of the access point/router. 

network={
  ssid="Some-SSID"
  key_mgmt=NONE
}

Connecting to a new access point that is not in the configuration file can be accomplished manually via the command line or GUI, but it must be done via a privileged user. To do that, add the following to the configuration file: 

ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
update_config=1

Replace the <privileged group> above with a system group where members have the ability to connect to a wireless access point.

There are many options that you could use to tweak how you connect to each access point. They are described in some detail in the wpa_supplicant/wpa_supplicant.conf file in the source tree.

Connecting to an Access Point

There are 3 types of systemd units that were installed:

  • wpa_supplicant@.service

  • wpa_supplicant-nl80211@.service

  • wpa_supplicant-wired@.service

The only difference between 3 of them is what driver is used for connecting (-D option). The first one uses the default driver, the second one uses the nl80211 driver and the third one uses the wired driver.

You can connect to the wireless access point by running the following command as the root user: 

systemctl start wpa_supplicant@wlan0

To connect to the wireless access point at boot, simply enable the appropriate wpa_supplicant service by running the following command as the root user: 

systemctl enable wpa_supplicant@wlan0

Depending on your setup, you can replace the wpa_supplicant@.service with any other listed above.

To assign a network address to your wireless interface, consult the General Network Configuration page in LFS.

Contents

Installed Programs: wpa_gui, wpa_supplicant, wpa_passphrase and wpa_cli
Installed Libraries: None
Installed Directories: None

Short Descriptions

wpa_gui

is a graphical frontend program for interacting with wpa_supplicant

wpa_supplicant

is a daemon that can connect to a password protected wireless access point

wpa_passphrase

takes an SSID and a password and generates a simple configuration that wpa_supplicant can understand

wpa_cli

is a command line interface used to control a running wpa_supplicant daemon