Beyond Linux® From Scratch (System V Edition) - Version r11.2-1338

Chapter 15. Networking Programs

wpa_supplicant-2.10

Introduction to WPA Supplicant

WPA Supplicant is a Wi-Fi Protected Access (WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation with a WPA Authenticator and Extensible Authentication Protocol (EAP) authentication with an Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. This is useful for connecting to a password protected wireless access point.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

WPA Supplicant Dependencies

Recommended

desktop-file-utils-0.26 (for running update-desktop-database) and libnl-3.7.0

Optional

dbus-1.14.6, libxml2-2.10.3, and Qt-5.15.8

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wpa_supplicant

Kernel Configuration

Enable the following options in the kernel configuration as well as specific device drivers for your hardware and recompile the kernel if necessary: 

[*] Networking support  --->                              [CONFIG_NET]
  [*] Wireless  --->                                      [CONFIG_WIRELESS]
    <*/M> cfg80211 - wireless configuration API           [CONFIG_CFG80211]
    [*]     cfg80211 wireless extensions compatibility    [CONFIG_CFG80211_WEXT]
    <*/M> Generic IEEE 802.11 Networking Stack (mac80211) [CONFIG_MAC80211]
Device Drivers  --->
  [*] Network device support  --->                        [CONFIG_NETDEVICES]
    [*] Wireless LAN  --->                                [CONFIG_WLAN]

Open the submenu and select the options that support your hardware: lspci from pciutils-3.9.0 can be used to view your hardware configuration.

Installation of WPA Supplicant

First you will need to create an initial configuration file for the build process. You can read wpa_supplicant/README and wpa_supplicant/defconfig for the explanation of the following options as well as other options that can be used. Create a build configuration file that should work for standard WiFi setups by running the following command: 

cat > wpa_supplicant/.config << "EOF"
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
EOF

If you wish to use WPA Supplicant with NetworkManager-1.42.0, make sure that you have installed dbus-1.14.6 and libxml2-2.10.3, then add the following options to the WPA Supplicant build configuration file by running the following command: 

cat >> wpa_supplicant/.config << "EOF"
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
EOF
cd wpa_supplicant &&
make BINDIR=/usr/sbin LIBDIR=/usr/lib

If you have installed Qt-5.15.8 and wish to build the WPA Supplicant GUI program, run the following commands:

[Note]

Note

The following directory name is labelled qt4, but is compatible with Qt-5.15.8. 

pushd wpa_gui-qt4 &&
qmake wpa_gui.pro &&
make &&
popd

This package does not come with a test suite.

Now, as the root user: 

install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/

If you have built WPA Supplicant with D-Bus support, you will need to install D-Bus configuration files. Install them by running the following commands as the root user: 

install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
                 /usr/share/dbus-1/system-services/ &&
install -v -d -m755 /etc/dbus-1/system.d &&
install -v -m644 dbus/dbus-wpa_supplicant.conf \
                 /etc/dbus-1/system.d/wpa_supplicant.conf

If you have built the WPA Supplicant GUI program, install it by running the following commands as the root user: 

install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/
[Note]

Note

You will need to restart the system D-Bus daemon before you can use the WPA Supplicant D-Bus interface.

[Note]

Note

This package installs desktop files into the /usr/share/applications hierarchy and you can improve system performance and memory usage by updating /usr/share/applications/mimeinfo.cache. To perform the update you must have desktop-file-utils-0.26 installed and issue the following command as the root user: 

update-desktop-database -q

Configuring wpa_supplicant

Config File

/etc/sysconfig/wpa_supplicant-*.conf

Configuration Information

To connect to an access point that uses a password, you need to put the pre-shared key in /etc/sysconfig/wpa_supplicant-wifi0.conf. SSID is the string that the access point/router transmits to identify itself. Run the following command as the root user: 

wpa_passphrase SSID SECRET_PASSWORD > /etc/sysconfig/wpa_supplicant-wifi0.conf

/etc/sysconfig/wpa_supplicant-wifi0.conf can hold the details of several access points. When wpa_supplicant is started, it will scan for the SSIDs it can see and choose the appropriate password to connect.

If you want to connect to an access point that isn't password protected, put an entry like this in /etc/sysconfig/wpa_supplicant-wifi0.conf. Replace "Some-SSID" with the SSID of the access point/router. 

network={
  ssid="Some-SSID"
  key_mgmt=NONE
}

Connecting to a new access point that is not in the configuration file can be accomplished manually via the command line or GUI, but it must be done via a privileged user. To do that, add the following to the configuration file: 

ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
update_config=1

Replace the <privileged group> above with a system group where members have the ability to connect to a wireless access point.

There are many options that you could use to tweak how you connect to each access point. They are described in some detail in the wpa_supplicant/wpa_supplicant.conf file in the source tree.

Connecting to an Access Point

If you want to configure network interfaces at boot using wpa_supplicant, you need to install the /lib/services/wpa script included in blfs-bootscripts-20230101 package: 

make install-service-wpa

If your router/access point uses DHCP to allocate IP addresses, you can install DHCP-4.4.3-P1 client and use it to automatically obtain network addresses. Create the /etc/sysconfig/ifconfig-wifi0 by running the following command as the root user: 

cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhclient"
DHCP_START=""
DHCP_STOP=""

# Set PRINTIP="yes" to have the script print
# the DHCP assigned IP address
PRINTIP="no"

# Set PRINTALL="yes" to print the DHCP assigned values for
# IP, SM, DG, and 1st NS. This requires PRINTIP="yes".
PRINTALL="no"
EOF

If you prefer dhcpcd-9.4.1 instead of DHCP-4.4.3-P1 client, then create the /etc/sysconfig/ifconfig-wifi0 by running the following command as the root user: 

cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="dhcpcd"
DHCP_START="-b -q <insert appropriate start options here>"
DHCP_STOP="-k <insert additional stop options here>"
EOF

Alternatively, if you use static addresses on your local network, then create the /etc/sysconfig/ifconfig-wifi0 by running the following command as the root user: 

cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"

# Additional arguments to wpa_supplicant
WPA_ARGS=""

WPA_SERVICE="ipv4-static"
IP="192.168.1.1"
GATEWAY="192.168.1.2"
PREFIX="24"
BROADCAST="192.168.1.255"
EOF

You can connect to the wireless access point by running the following command as the root user: 

ifup wifi0

Replace wlan0 with the correct wireless interface and wifi0 with desired name for the configuration file. Please note that wpa_supplicant-*.conf and ifconfig.* configuration files need to have identical names, ie both contain wifi0 in their name.

Contents

Installed Programs: wpa_gui, wpa_supplicant, wpa_passphrase and wpa_cli
Installed Libraries: None
Installed Directories: None

Short Descriptions

wpa_gui

is a graphical frontend program for interacting with wpa_supplicant

wpa_supplicant

is a daemon that can connect to a password protected wireless access point

wpa_passphrase

takes an SSID and a password and generates a simple configuration that wpa_supplicant can understand

wpa_cli

is a command line interface used to control a running wpa_supplicant daemon