Wpa supplicant

In other languages: English | Afrikaans | Albanian | Arabic | Brazilian | Bulgarian | Catalan | Chinese | Croatian | Czech | Danish | Dutch | Esperanto | Estonian | Filipino | Finnish | Flemish | French | German | Greek | Hebrew | Hindi | Hungarian | Indonesian | Italian | Japanese | Latvian | Lithuanian | Macedonian | Malay | Malayalam | Norwegian (Bokmål) | Norwegian (Nynorsk) | Persian | Polish | Portuguese | Romanian | Russian | Serbian | Slovak | Slovenian | Spanish | Swedish | Turkish | Ukrainian | Urdu

This Feature Is Prohibited

If you attempt to use this on SHellium you will be banned.

wpa_supplicant basically handles key negotiation with an access point that has wpa/wpa2 enabled, it also handles roaming and authentication/association with an access point. wpa_supplicant runs as a daemon in the background and has a cli and gui backend both included in the wpa_supplicant package. I won't get to in depth on all the features and the inner workings, in this guide we will simply be using wpa_supplicant to automatically authenticate/associate with an access point of our choice at boot. Once configured no user interaction is required so you can forget about opening up a gui network manager.

In this guide i will be using Debian Squeeze/testing but any modern distro should have a wpasupplicant package. You will need root access for most of the steps, sudo will do also if you have sudo installed.

install wpasupplicant package

user@host:~$aptitude install wpasupplicant (Debian based distros)

wpa_supplicant provides some example .config files in /usr/share/doc/wpasupplicant/examples. We want wpa_supplicant to "roam" or we want wpa_supplicant to automatically associate with access points we will predefine when we edit the provided example wpa-roam.conf. Copy /usr/share/doc/wpasupplicant/examples/wpa-roam.conf /etc/wpa_supplicant/wpa_supplicant.conf.

user@host:~$cp /usr/share/doc/wpasupplicant/examples/wpa-roam.conf /etc/wpa_supplicant/wpa_supplicant.conf

next we need to change permissions for the .conf as it will contain your encryption keys in plain text

user@host:~$chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

now open /etc/wpa_supplicant/wpa_supplicant.conf in your favorite editor, i prefer vim myself.

user@host:~$vim /etc/wpa_supplicant/wpa_supplicant.conf
   

now let's look at the important part:

#network={
#       ssid="Example WEP Network"
#       key_mgmt=NONE
#       wep_key0=6162636465
#       wep_tx_keyidx=0
#       id_str="johns_house"
#}
#network={
#       ssid="Example WPA Network"
#       psk="mysecretpassphrase"
#       id_str="home"
#}
# Default behaviour is to associate with any open access point, further
# networks can be configured with wpa_cli/wpa_gui.
#
network={
       key_mgmt=NONE
}

Notice here we have 3 example networks here, the first one is an example wep encrypted network. the second one is a wpa encrypted network and the third network which has no ssid or encryption basically tells wpa_supplicant to connect to any available unencrypted access point.

modify this file to fit your setup, change ssid and key for example. id_str is also important as we will use that to identify the network later on. id_str can be anything you want but i recommend setting it to the same as ssid. If your network uses no encryption key_mgmt=NONE should be used. Make sure to uncomment any network you modify in the example config to make it active. If you need to add a more networks just follow the examples in the config and make sure all id_str are unique. Wpa_cupplicant will try to connect to the first network in the list and go down the list until it associates with an access point, you can use the "priority=" option if you prefer other networks over others.

now we need to add the virtual interfaces for each network we defined in our config. open /etc/network/interfaces in your favorite editor, once again i will use vim

user@host:~$vim /etc/network/interfaces

find your wireless interface in the list, mine looks like this:

# Wireless interface
allow-hotplug wlan0
iface wlan0 inet dhcp

if your device is set to use dhcp like my example above change dhcp to manual.

also add this line under the iface line: wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf. mine looks like this now:

# Wireless interface
allow-hotplug wlan0
iface wlan0 inet manual
       wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

now we will add the virtual interfaces using the id_str we created for each network, first one we will add was for the third network in the example that connects to any unencrypted network, if you don't like that you can connect it out in the config and skip adding it here. ok so add this line to the bottom of the interfaces file:

# id_str="default"
iface default inet dhcp

add the rest of the id_str for each network you defined in the config file just like we added the default network above, if one of your networks use static ip's just switch dhcp with manual for that virtual network but leave your actual adapter set to use dhcp.

if all went well you should now be associated at boot and able to roam, if you move your computer to other remote networks add that network to the list and wpa_supplicant will authenticate/associate with no user interaction.

Pain in the Ass Special Cases

one special case that took me a while to figure out is when one network in your wpa.conf is wep with no broadcast ssid. basically you have to:

• tell wpa_supplicant that it needs to try this even if it doesnt see the ssid in the scan list by the line scan_ssid=1
• specify the bssid of the access point so it will attempt to associate manually with a line like bssid=00:??:??:??:??:??(obviously not with question marks)

so your entry for the troublesome network would look like

network={
        scan_ssid=1
        bssid=00:??:??:??:??:??
        ssid="PoopVille2"
        key_mgmt=NONE
        wep_key0="abracadabrajk"
        wep_tx_keyidx=0
}

and remember, if your wep key is allegedly something greater than 13 characters, you need to truncate it otherwise you will not be able to connect