HowTo: Connect and roam wifi networks with wpasupplicant

el_koraco · 2011-12-14 17:13:52

Changelog:
- Jan 17 1012 - added the bit about defining logical interfaces to /etc/network/interfaces for a roaming configuration, thanks to our new member dagoth.
- Jan 21, 2012 - added manual one-time configuration info, courtesy of our own dr xaos.
- Oct 24, 2012 - added commands for systemd instead of init

For one reason or another, people may desire to rid themselves of network manager. WICD is an alternative, but due to a lack of development, WICD may or may not fall to the wayside soon. It's not a major problem, since both WICD and NM use wpasupplicant when it comes to connecting to wireless networks. Debian has a tool to make controlling wpasupplicant a little easier. It's called ifupdown, and it reads its configuration in /etc/network/interfaces. There are two basic options for configuring this file to call wpasupplicant - a static connection to one network, or roaming mode.

First things first:

Before we begin, let us stop network manager or wicd so as not to have interference:

sudo service network-manager stop
sudo service wicd stop
pkill nm-applet

Or, if you're using systemd instead of init:

sudo systemctl stop network-manager.service
sudo systemctl stop wicd.service
pkill nm-applet

Manual configuration, no encryption, WEP, and WPA

If you want to try the manual config before you dwell into the whole interfaces thing, here's how. First we will bring our interface up:

sudo ip link set wlan0 up

Now we will proceed as though there's no encryption, with iwconfig:

sudo iwconfig wlan0 essid YOURSSID

If we want to add WEP encryption:

sudo iwconfig wlan0 key KEY

for the hex key or for ASCI:

sudo iwconfig wlan0 key s:KEY

Make sure the connection is made:

sudo iwconfig wlan0

And run

sudo dhclient wlan0

WPA is slightly different. After bringing the interface up with ip, we will add this to /etc/wpasupplicant/wpa_supplicant.conf

# WPA-PSK/TKIP
update_config=1
ctrl_interface=/var/run/wpa_supplicant

network={
    ssid="your-ssid"
    psk="your-psk-key"
}

Run

sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

Proceed with dhclient.

Configuration with ifupdown

Let/s edit the /etc/network/interfaces file and set our options to a static or roaming connection:

sudo nano /etc/network/interfaces

or if you prefer graphical:

gksudo geany /etc/network/interfaces

Obviously, replace nano and geany with your terminal or GUI editor of choice.

Static connection, WEP or WPA

WEP is the old and unsecure encryption algorithm for routers and clients, though some manufacturers still supply routers with WEP set as default. WPA is basically unbreakable. If you do decide to use WEP, this is what you need to add to the file:

allow-hotplug wlan0
iface wlan0 inet dhcp
    wireless-mode managed
    wireless-essid YOURSSID
    wireless-key YOURKEY

If you want ifupdown to call on iwconfig and dhclient, or if you want it to call wpasupplicant:

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-key-mgmt NONE
        wpa-ssid SSID
        wpa-wep-key0 PSSKEY (in ASCI) 
        wpa-wep-tx-keyidx 0

For the first configuration, take note: when entering the key you can either use its hex value (if you look it up in your router, you'll see the hex value, or the key in ASCI. If you use ASCI, you have to prepend "s:" to the key, like this

wireless-key s:ASCIKEY

A WPA network is not only more secure, but also easier to manage. the contents of /etc/network/interfaces should look thus:

allow-hotplug wlan0
iface wlan0 inet dhcp
        wpa-ssid YOURSSID
        wpa-key YOURKEY (in ASCI)

Once you're entered all the values, bring the network interface up with:

sudo ifdown wlan0 && sudo ifup wlan0

Roaming configuration, helpers:

For people who actually take their laptops with them, constantly editing a text file isn't the best of options. Luckily, wpasupplicant is perfectly capable of roaming (connecting to a list of known networks, and if you so choose, unencrypted ones). The /e/n/i config would then look like this:

allow-hotplug wlan0
iface wlan0 inet manual
    wpa-roam /etc/wpa_supplicant/wpa-roam.conf

We will create the /etc/wpa_supplicant/wpa-roam.conf file, and add some options and out networks:

update_config=1
ctrl_interface=DIR=/var/run/wpa_supplicant 
GROUP=netdev

# This one is for connecting to any unsecured network your machine comes into contect with, just comment out if you don't like this: 

network={
        key_mgmt=NONE
}

# The actual roaming settings go here:

network={
        ssid="YOUR SSID AT HOME"
        psk="PASSOWRD"
        id_str="home"
}

network={
        ssid="YOUR SSID AT WORK"
        psk="PASSOWRD"
        id_str="work"
}

Edit: as daggoth pointed out, once you've started adding interfaces to wpa-roam.conf, /e/n/i also needs to be modified:

When I first tried to connect to wifi with ifupdown and wpa-roam/wpa_gui, the network connected okay, but without the config of an IP address. So had to type in 'dhclient wlan0' just to make it usable. The reason why that happened is because after wpa_supplicant has established an encrypted connection, it will then again call ifup, and requests it to map the physical interface 'wlan0' onto some other logical interface, which in most cases is named 'default'.

But if that logical interface 'default' isn't defined in the /e/n/i, then when the wpa_supplicant script requests ifup to map 'wlan0' onto 'default', then the ifup will just exit with an error, becos the 'default' interface is undefined. Such that the dhcp/static config of an IP address will never occur. So to prevent that, we need to append this line to the /e/n/i

iface default inet dhcp

And similarly, for each id_str="some_name" entry contained within the network stanzas defined in your /etc/wpa_supplicant/wpa-roam.conf file, another logical interface needs to be declared in you /e/n/i. And these multiple logical interface declarations can each specify a different kinds of dhcp/static configuration, as required. So yes, it is very flexible...

I hope that all makes sense. Clear as mud, huh? But if not, then I think this manpage entry here may help...

$ man wpa_action |sed '70,$ !d'

So, in the case of this tutorial, we'd add

[face default inet dhcp
iface work inet dhcp
iface home inet dhcp

There are countless further examples in /usr/share/doc/wpasupplicant/examples/. Once you've configured wpa roaming, bring the network up:

sudo ifdown wlan0 && sudo ifup wlan0

wpasupplicant has two helpers for roaming. wpa_cli gets installed along with wpasupplicant, and wpa_gui doesn't. wpa-gui is a QT frontend for wpasupplicant, and is pretty easy to operate. I have yet to understand how wpa_cli works exactly, will let you know if I ever do. To install wpa_gui:

sudo apt-get install wpagui

and start it from a root shell or with gksudo.

Ceni to make your life easier

You don't have to do all the file editing by hand. Aptosid has an excellent utility for configuring /e/n/i for you, called ceni. You can obtain it via smxi or directly from aptosid. Create a file /etc/apt/sources.list.d/aptosid.list and add this in:

deb ftp://ftp.spline.de/pub/aptosid/debian/ sid main fix.main

Then run:

sudo apt-get update && sudo apt-get install ceni

You can remove the aptosid list from sources after that. If you use ceni, it will automatically change permissions on your /e/n/i so only root can read it, if you're doing stuff manually:

sudo chmod 0600 /etc/network/interfaces
sudo chmod 0600 /etc/wpa_supplicant/wpa-roam.conf

Now disable network manager or wicd:

sudo update-rc.d network-manager remove
sudo update-rc.d wicd remove

Or, for systemd

sudo systemctl disable network-manager.service
sudo systemctl disable wicd.service

And that should be it.

Last edited by el_koraco (2012-10-24 23:42:29)

dubois · 2011-12-14 17:17:32

Nice HOW TO. Gives us all another option. Many thanks.

xaos52 · 2011-12-14 17:19:25

Great howto, el_koraco.
Bookmarked, and I think I will be referencing this a lot.
Thanks.

rhowaldt · 2011-12-14 17:24:16

great how-to el_koraco. i already have this set up through ceni (as i think you know because you helped me with it), but this is a very nice and detailed look at how all of this works.

noticed 1 noob-unfriendly line:

gksudo geany/gedit/leafpad /etc/network/interfaces

hoping people will read past post 1 if they don't get this: it means you should choose geany, gedit or leafpad, not type that command like that.

VastOne · 2011-12-14 18:10:54

A well done How To el_koraco, clear and concise ... good job

el_koraco · 2011-12-14 19:36:47

rhowaldt wrote:

great how-to el_koraco. i already have this set up through ceni (as i think you know because you helped me with it), but this is a very nice and detailed look at how all of this works.
noticed 1 noob-unfriendly line:
gksudo geany/gedit/leafpad /etc/network/interfaces
hoping people will read past post 1 if they don't get this: it means you should choose geany, gedit or leafpad, not type that command like that.

Yeah, good catch, I just left geany and nano. Thanks for the kind words guys, the main motivation for this was to have a reference point for people who run into trouble with network mangler.

Last edited by el_koraco (2011-12-14 19:37:02)

johnraff · 2011-12-15 04:33:15

Thank you! Wicd is doing a good job right now on my laptop, but it will be good to have this to refer to if it dies some day.

One question:

el_koraco wrote:

Now disable network manager or wicd:
sudo update-rc.d network-manager remove
sudo update-rc.d wicd remove
And that should be it.

Should 'sudo apt-get purge network-manager' come before or after doing this? And wouldn't apt take care of the init scripts then? Or is the update-rc.d command reversible, in case you want to go back?

Oh, one more thing to do? -> remove nm-applet from autostart. smile

----------------------------------------

Networking noobs like me might also be interested to know that if you're using a wired connection you can probably get by without network-manager with an entry like this in /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

This uses dhcp to get the IP address, and should work in most cases. (Otherwise you have to look up how to set up a static connection.) NM is perhaps harmless for wired connections, but using unnecessary RAM if you're short of it.

el_koraco · 2011-12-15 08:52:57

johnraff wrote:

Should 'sudo apt-get purge network-manager' come before or after doing this? And wouldn't apt take care of the init scripts then? Or is the update-rc.d command reversible, in case you want to go back?

The update-rc.d command is a frontend to the init scripts in /etc /rc*. One can achieve the same thing with something like rcconf or bum. One can purge it from the system if one is so inclined, I didn't include this command in case one wants to revert back to it.

As per ethernet, My own /e/n/i has simply:

iface eth0 inet dhcp

As I don't bring it up that often. I'm also pretty sure one doesn't need any of that, a simple sudo dhclient eth0 might be enough when you connect the cable.

BoredOOMM · 2011-12-16 04:54:59

Excellent resource and I am tackling NM on the laptop net. This will be a great guide.

I suggest good enough for inclusion in the Wiki smile

sigma · 2012-01-04 22:02:34

OK, I've tried this a few different ways. I've alternatively set my router to use both WEP and WPA and tried to connect using the STATIC config shown for e/n/i above. I can't seem to obtain a DHCP lease though my machine does find the network. But this is really a moot point as I will definitely need a ROAMING setup for my purposes.

Here's what I've done so far:

(1) Updated home router security to WPA2 Personal
SSID = 2WIRE999
PWD = 9979990099

(2) Network Manager stopped and applet killed

(3) Updated /etc/network/interfaces (going roaming route)

# The loopback network interface
auto lo
iface lo inet loopback

# ROAMING
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa-roam.conf

(4) Updated /etc/wpa_supplicant/wpa-roam.conf

update_config=1
ctrl_interface=DIR=/var/run/wpa_supplicant
GROUP=netdev

network={
    ssid=”2WIRE999“
    psk=”9979990099“
    id_str=”home”
    }

network=
    {
    key_mgmt=NONE
    }

(5) permissions for e/n/i and e/w/w.conf are 644

(6) run

 sudo ifdown wlan0 && sudo ifup wlan0

I then get this ERROR:

 stephen@Isis:~$ sudo ifdown wlan0 && sudo ifup wlan0
wpa_supplicant: /sbin/wpa_supplicant daemon failed to start
run-parts: /etc/network/if-pre-up.d/wpasupplicant exited with return code 1
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
wpa_supplicant: /sbin/wpa_cli daemon failed to start

Both wpa_cli and wpa_supplicant show up in /sbin, and permissions are 755 for each.

================

I'm sure I'll have a few more questions once I get this working (related to eth0 and WEP connections).

thanks in advance.

Last edited by sigma (2012-01-04 22:04:09)

el_koraco · 2012-01-04 23:13:37

Ok, let us first see if you can connect to WPA without roaming. Run ifdown wlan0, edit e/n/i to

allow-hotplug wlan0
iface wlan0 inet dhcp
        wpa-ssid xxx
        wpa-key xxx

and bring up the interface (ifup wlan0). Post output.

sigma · 2012-01-04 23:32:55

OK, here's the output:

Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/wlan0/60:d8:19:c3:b0:77
Sending on   LPF/wlan0/60:d8:19:c3:b0:77
Sending on   Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 12
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 13
No DHCPOFFERS received.
No working leases in persistent database - sleeping.

I'm assuming the SSID and password can simply be entered 'as-is' (in other words, they do not need to be encapsulated in quotations or prepended with s:, right?)

Last edited by sigma (2012-01-04 23:33:55)

el_koraco · 2012-01-05 01:56:45

They don't if it's WPA. If it's WEP, it sometimes works better with the hex value. Which is it? Also, would you mind disabling network manager as stated above, then rebooting and trying again? Put

iface eth0 inet dhcp

in eni, and bring your ehternet up with

sudo ifup eth0

if you need to get online.

sigma · 2012-01-05 02:31:33

NetworkManager is configured to start on boot, but I stopped it, rebooted it, stopped it once more... It didin't find a network as I added the line to e/n/i for eth0. I connected per your instructions and received the following:

stephen@Isis:~$ sudo ifup eth0
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/f0:de:f1:a9:b0:83
Sending on   LPF/eth0/f0:de:f1:a9:b0:83
Sending on   Socket/fallback
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.254
bound to 192.168.1.77 -- renewal in 43027 seconds.

So that clearly worked.

I'm currently using WPA2-Personal for router security.

el_koraco · 2012-01-05 09:17:24

Try to disable network manager from starting up:

sudo update-rc.d network-manager disable

and then do the stuff in post 11.

sigma · 2012-01-05 21:02:31

I ended up removing network manager completely (as it was the obvious cause of the computer crashes), and I gave the above method a shot once more without luck - both via manually editing the config files and using Ceni to do it for me. I just couldn't get a DHCP lease.I suspect that password recognition may have been part of the problem. In the end I installed Wicd, and now everything is working perfectly. But if for some reason that breaks, I'll be back here again. Thanks el_koraco (!) for your help and patience.

capncrunch#bang! · 2012-01-06 03:24:56

This is relevant to my interests...
I've had system freezes with changing from one AP to another. I have two APs I use, one for streaming/gaming and another for data transfer. I thought it was transmission, but qbittorrent made no difference. I kept getting a "stalled" status on my downloads, too. Wicd has seemed to resolved the issue.

El_Belgicano · 2012-01-08 15:48:25

Hi, i tried yout howto, first the roaming method as it is what i'm looking to achieve but it didn't work so i tried just the static to check the basics:
the result is i can connect to the network, but i always get a "no dhcpoffers received"
It has worked before, and it is wpa encrypted.

Thanks for your help...

el_koraco · 2012-01-08 17:13:48

Try to disable network manager first, reboot and then make the connection. You can reenable it with

sudo update-rc.d network-manager defaults

Last edited by el_koraco (2012-01-08 17:14:21)

El_Belgicano · 2012-01-08 18:47:10

Small update on this: I have the network back up...
The trick is: don't ask me how i managed, i tried lots of different configurations in /etc/network/interfaces and basically, i'm back where i was before trying the howto: able to connect, able to get an ip, with the problem that after a while although i'm still connected to the wpa-network, i'm not able to reach the internet anymore... If i was to have a guess: my ip needs to be refreshed but i'm nowhere near sure about this...

No NM/Wicd for a long time already, i was connecting with a script with multiple blocks like this one:

    sudo ifconfig wlan0 down
    sudo dhclient -rq wlan0
    sudo ifconfig wlan0 up
    sudo iwconfig wlan0 mode Managed essid "Network"
    sudo dhclient -q wlan0

Then i saw this howto and i thought it would be a "cleaner" (not to mention probably safer) way of doing things.
So i went on and tried... And now i have the static method working, with the glitch you know.

PS: i had the shortages before too...
PS2: it's the only WPA network i use (others being: unsecured of WEP)

el_koraco · 2012-01-08 19:07:05

can I see your /e/n/i?

El_Belgicano · 2012-01-08 19:12:49

Sure:

auto lo wlan0
iface lo inet loopback

iface wlan0 inet dhcp
    wpa-ssid XXXXXX
    wpa-psk YYYYYY

iface default inet dhcp

Last edited by El_Belgicano (2012-01-08 19:13:17)

el_koraco · 2012-01-08 19:18:39

I see. Everything seems OK. So you only have problems with WPA encryption?
a) try to remove wlan0 from the line auto lo wlan0
b) let's see your

apt-cache policy wpasupplicant

El_Belgicano · 2012-01-08 20:04:31

a) done
b) there you go:

wpasupplicant:
  Installed: 0.6.9-3ubuntu3
  Candidate: 0.6.9-3ubuntu3
  Version table:
 *** 0.6.9-3ubuntu3 0
        500 http://ftp.belnet.be/mirror/ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

EDIT: just noticed: it does not disconnect me in the middle of something, when the time between two requests gets too long then it disconnects...

Last edited by El_Belgicano (2012-01-08 20:52:38)

el_koraco · 2012-01-08 21:34:06

Ah, our old friend Ubuntu. I haven't had the best time configuring my network manually there, I don't think it has all the scripts Debian does. Dunno if I can be of help really, since I have no idea what the differences are. Can I see the output of sudo ifup wlan0?

CrunchBang Linux

SEARCH

#1 2011-12-14 17:13:52

HowTo: Connect and roam wifi networks with wpasupplicant

#2 2011-12-14 17:17:32

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#3 2011-12-14 17:19:25

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#4 2011-12-14 17:24:16

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#5 2011-12-14 18:10:54

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#6 2011-12-14 19:36:47

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#7 2011-12-15 04:33:15

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#8 2011-12-15 08:52:57

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#9 2011-12-16 04:54:59

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#10 2012-01-04 22:02:34

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#11 2012-01-04 23:13:37

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#12 2012-01-04 23:32:55

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#13 2012-01-05 01:56:45

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#14 2012-01-05 02:31:33

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#15 2012-01-05 09:17:24

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#16 2012-01-05 21:02:31

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#17 2012-01-06 03:24:56

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#18 2012-01-08 15:48:25

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#19 2012-01-08 17:13:48

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#20 2012-01-08 18:47:10

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#21 2012-01-08 19:07:05

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#22 2012-01-08 19:12:49

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#23 2012-01-08 19:18:39

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#24 2012-01-08 20:04:31

Re: HowTo: Connect and roam wifi networks with wpasupplicant

#25 2012-01-08 21:34:06

Re: HowTo: Connect and roam wifi networks with wpasupplicant

Board footer