Sep 04 2009
Configure WPA on Linux Howto
WPA encryption is not much hassle to set up and is way more secure than WEP if you use a strong pre-shared key.
First off, we’ve got a wifi interface that can be displayed with iwconfig (from the wireless tools):
[root@db ~]# iwconfig lo no wireless extensions. eth0 no wireless extensions. ath0 IEEE 802.11g ESSID:"" Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power:13 dBm Sensitivity=1/1 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/70 Signal level=-95 dBm Noise level=-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
If the interface doesn’t show up, install drivers first, or check the logs to make sure the card has been detected.
wpa_supplicant Configuration File
Install required package wpa_supplicant. This is all you need and it’s provided with most Linux distributions.
If not, you can also download the latest source code from http://hostap.epitest.fi/wpa_supplicant/ and compile it.
Once installed, generate your hex passphrase
WPA_Linux# wpa_passphrase myssid mypassphrase network={ ssid="myssid" #psk="mypassphrase" psk=c22c1e6febc7875af85d033bbf15f5ca836633bac8eb16693fd58bff66fcb66c }
Edit /etc/wpa_supplicant/wpa_supplicant.conf (Redhat/Fedora) or create it (Debian/Ubuntu) adding these settings.
The line #psk… commented out can be removed once it works for more security.
Associate with Access Point
Connect manually to check everthing’s fine:
WPA_linux# wpa_supplicant -iath0 -c /etc/wpa_supplicant/wpa_supplicant.conf Associated with 00:00:00:00:00:00 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys CTRL-EVENT-SCAN-RESULTS Trying to associate with 00:a0:c5:ff:84:72 (SSID='myssid' freq=2412 MHz) Associated with 00:a0:c5:ff:84:72
Note you may have to specify the driver with -D option.
Configure startup files
On Redhat/Fedora, configure /etc/sysconfig/network-scripts/ifcfg-ath0 (replace ath0 with your own interface name of course) as you would for any classic interface and /etc/sysconfig/wpa_supplicant according to your settings
INTERFACES="-iath0" DRIVERS="-Dmadwifi"
Then restart the service:
/etc/init.d/wpa_supplicant restart
On Debian/Ubuntu, edit /etc/network/interfaces and add
auto ath0 iface ath0 inet dhcp pre-up wpa_supplicant -iath0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B post-down killall wpa_supplicant
And reenable the wireless interface or reboot
ifdown ath0 ifup ath0