Sep 04 2009

Configure WPA on Linux Howto

Published by at 10:32 pm under Linux,Security




WPA encryption is not much hassle to set up and is way more secure than WEP if you use a strong pre-shared key.
 
First off, we’ve got a wifi interface that can be displayed with iwconfig (from the wireless tools):

[root@db ~]# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

ath0      IEEE 802.11g  ESSID:""
          Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated
          Bit Rate:0 kb/s   Tx-Power:13 dBm   Sensitivity=1/1
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/70  Signal level=-95 dBm  Noise level=-95 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

 
If the interface doesn’t show up, install drivers first, or check the logs to make sure the card has been detected.
 

wpa_supplicant Configuration File

Install required package wpa_supplicant. This is all you need and it’s provided with most Linux distributions.
If not, you can also download the latest source code from http://hostap.epitest.fi/wpa_supplicant/ and compile it.
 
Once installed, generate your hex passphrase

WPA_Linux# wpa_passphrase myssid mypassphrase
network={
        ssid="myssid"
        #psk="mypassphrase"
        psk=c22c1e6febc7875af85d033bbf15f5ca836633bac8eb16693fd58bff66fcb66c
}

 
Edit /etc/wpa_supplicant/wpa_supplicant.conf (Redhat/Fedora) or create it (Debian/Ubuntu) adding these settings.
The line #psk… commented out can be removed once it works for more security.
 

Associate with Access Point

Connect manually to check everthing’s fine:
 

WPA_linux# wpa_supplicant -iath0 -c /etc/wpa_supplicant/wpa_supplicant.conf
Associated with 00:00:00:00:00:00
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:a0:c5:ff:84:72 (SSID='myssid' freq=2412 MHz)
Associated with 00:a0:c5:ff:84:72

 
Note you may have to specify the driver with -D option.
 

Configure startup files

On Redhat/Fedora, configure /etc/sysconfig/network-scripts/ifcfg-ath0 (replace ath0 with your own interface name of course) as you would for any classic interface and /etc/sysconfig/wpa_supplicant according to your settings

INTERFACES="-iath0"
DRIVERS="-Dmadwifi"

 
Then restart the service:

/etc/init.d/wpa_supplicant restart

 
On Debian/Ubuntu, edit /etc/network/interfaces and add

auto ath0
        iface ath0 inet dhcp
        pre-up wpa_supplicant -iath0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B
        post-down killall wpa_supplicant

 
And reenable the wireless interface or reboot

ifdown ath0
ifup ath0

 


No responses yet

Comments RSS

Leave a Reply