WPA (PSK) in Ubuntu

Dennis Kaarsemaker dennis at kaarsemaker.net
Sun Nov 7 19:25:41 UTC 2004 

On Sat, 2004-11-06 at 05:23 -0500, Bryan Pizzuti wrote:
> Ok, I finally got my new Thinkpad yesterday (Yay!). CPU scaling is working
> fine, dumping a bunch of stuff onto it from Universe and Marillat right now
> (Goody!), havn't played with getting software suspend to work yet.  One
> problem....my home network is WPA, not WEP.  So the wireless interface
> doesn't seem to be working.  Thinkpad T42.  I know someone else on here has
> one, so I don't think it's a matter of a software switch not being
> configured (Unless he's not using the IntelPro "Centrino" wireless chip?).
> Anyway, how can I get this thing to go WPA/PSK?  I hate WEP...it's insecure
> and I have a fileserver sitting on my network.  

First draft of the howto and involved scripts, comments please :)
(Evolution f*c**d up wrapping, sorry)

How to get WPA working under linux

This small howto describes how to get wpa_supplicant running under
linux. I
assume that your wireless card already is working without WPA, i.e. the
driver
is installed properly.

PREREQUISITES
=============

Because wpa_supplicant is not (yet?) available as a deb package, you
need to
compile it yourself. Fotunately this is not very difficult. First thing
to do is
get the neccessary tools:

$ sudo apt-get install gcc gmake

wpa_supplicant is also capable of providing 802.1x authentication. If
you need
that and use EAP-TTLS, EAP-PEAP or EAP-TLS, you also need the openssl
library
and headers.

$ sudo apt-get install openssl libssl-dev

DOWNLOADING
===========

Having installed the prerequisites, you have to download the
wpa_supplicant. The
latest stabel version can be found at
http://hostap.epitest.fi/wpa_supplicant/.
Unpack the tarball into a suitable directory (somewhere in your home is
good)

$ wget http://hostap.epitest.fi/releases/wpa_supplicant-0.2.5.tar.gz
$ tar -zxvf wpa_supplicant-0.2.5.tar.gz

COMPILING
=========

Now, before you can compile the wpa_supplicant, you need to create a
config file
(see the README file for details). In this file you specify your driver
and the
functionality you need. It is also possible to use non-listed drivers,
but only
without WPA functionality.

When you have created the .config file, simply type make and the program
will
be compiled. If it does not: tough luck, send errors to the mailinglist
and hope
someone can help resolving them.

INSTALLING
==========
Installing the binaries is fairly simple: just copy wpa_supplicant,
wpa_cli and
wpa_passphrase to a suitable location like /usr/sbin

$ sudo cp wpa_supplicant wpa_cli wpa_passphrase /usr/sbin

Making sure that the supplicant gets started is a little trickier. There
are 2
options here: either it has to be started always, or it has to be
started when
the device becomes available (for instance on laptops). In the readme
file there
is documentation fot the latter scheme, however I believe the proposed
scheme to
be incorrect since it starts the DHCP client (if applicable) before WPA
negotiation is complete. Therefore I suggest the following:

If the wpa_supplicant has to be started automatically, create a script
similar
to the following in /etc/init.d and call it wpa_supplicant
------------------
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/wpa_supplicant
NAME=wpa_supplicant
DESC="WPA supplicant"
CONF=/etc/wpa_supplicant.conf
DEVICE=wlan0

test -x $DAEMON || exit 0

set -e

case "$1" in
  start)
        echo -n "Starting $DESC: "
        if [[ -z `pidof $DAEMON` ]]
        then
            $DAEMON -i $DEVICE -c $CONF -Bw
        fi
        ;;
  stop)
        echo -n "Stopping $DESC: "
        if [[ ! -z `pidof $DAEMON` ]]
        then
            killall $DAEMON 
        fi
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: "
        killall $DAEMON 2>/dev/null
        $DAEMON -i $DEVICE -c $CONF -Bw
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
------------------

Then create a symlink to this script in the appropriate rc directories.

$ ln -s /etc/init.d/wpa_supplicant /etc/rc0.d/K20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc1.d/K20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc2.d/S20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc3.d/S20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc4.d/S20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc5.d/S20wpa_supplicant
$ ln -s /etc/init.d/wpa_supplicant /etc/rc6.d/K20wpa_supplicant

If the device is a PCMCIA card, and thus wpa_supplicant has to be
started when
the card is inserted, add the following lines to /etc/pcmcia/wireless

At the end of the start action
------------------
if [[ -x /usr/sbin/wpa_supplicant ]]
then
    /usr/sbin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -i$DEVICE
fi
------------------

At the end of the stop action:
------------------
if [[ -x /usr/sbin/wpa_supplicant ]]
then
    killall wpa_suplicant 2>/dev/null
fi
------------------

If your network is configured to use static ip adresses, installation
now is
finished. If you use dhcp there is one last step: since WPA negotiotion
can take
an unspecified amount of time it is unreasonable to expect that it would
be done
within the timeout of the dhcp client. So you cannot set the network to
dhcp.

I use the following instead:
------------------
iface wlan0 inet manual
pre-up ifconfig wlan0 up
up /root/wpa_dhcp
post-down ifconfig wlan0 down
------------------

The wpa_dhcp script checks if authentication has already succeded and
will start
the DHCP client after succesful authentication. The contents of this
script are
as follows:
------------------
#!/bin/bash

TIMEOUT=25
INTERVAL=5
STATUS=1

TIME=0

# Try to authenticate for 25 secs
while [[ $STATUS == 1 && $TIME -lt $TIMEOUT ]]
do
  wpa_cli status | grep AUTHENTICATED > /dev/null
  STATUS=$?
  TIME=$(($TIME + $INTERVAL))
  sleep $INTERVAL
done

# If authenticated, start dhclient
if [[ $STATUS -ne 1 ]]
then
  dhlient3 -pf /var/run/dhclient.wlan0.pid
-lf /var/run/dhclient.wlan0.leases wlan0
fi
------------------

Of course this script can also be started in the background to speed up
booting.
If you want to do this, you might also want to suppress the output from
dhclient
by adding >/dev/null 2>/dev/null to the dhclient3 command

CONFIGURING
===========
After installing the WPA supplicant, you need to configure it. This is
done by
copying the sample wpa_supplicant.conf to /etc and editing it. The
sample
configuration file is well documented, so configuration should be easy.
A sample
configuration for a WPA-PSK network is as follows:

------------------
network={
        ssid="Network"
        proto=WPA
        scan_ssid=1
        key_mgmt=WPA-PSK
        psk="secretkey"
}
------------------

It is best to comment out all examples in the example configuration file
before
using it.


-- 
Dennis K.
  And that's the way the cookie crumbles!

More information about the ubuntu-users mailing list