Introduction to WPA Supplicant
WPA Supplicant is a Wi-Fi
Protected Access (WPA) client and IEEE 802.1X supplicant. It
implements WPA key negotiation with a WPA Authenticator and
Extensible Authentication Protocol (EAP) authentication with an
Authentication Server. In addition, it controls the roaming and
IEEE 802.11 authentication/association of the wireless LAN driver.
This is useful for connecting to a password protected wireless
access point.
This package is known to build and work properly using an LFS 11.3
platform.
Package Information
WPA Supplicant Dependencies
Recommended
desktop-file-utils-0.26 (for running
update-desktop-database) and
libnl-3.7.0
Optional
libxml2-2.10.3, and Qt-5.15.8
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wpa_supplicant
Kernel Configuration
Enable the following options in the kernel configuration as well as
specific device drivers for your hardware and recompile the kernel
if necessary:
[*] Networking support ---> [CONFIG_NET]
[*] Wireless ---> [CONFIG_WIRELESS]
<*/M> cfg80211 - wireless configuration API [CONFIG_CFG80211]
[*] cfg80211 wireless extensions compatibility [CONFIG_CFG80211_WEXT]
<*/M> Generic IEEE 802.11 Networking Stack (mac80211) [CONFIG_MAC80211]
Device Drivers --->
[*] Network device support ---> [CONFIG_NETDEVICES]
[*] Wireless LAN ---> [CONFIG_WLAN]
Open the submenu and select the options that support your hardware:
lspci from pciutils-3.9.0 can be used to view your
hardware configuration.
Installation of WPA Supplicant
First you will need to create an initial configuration file for the
build process. You can read wpa_supplicant/README
and wpa_supplicant/defconfig
for the explanation of
the following options as well as other options that can be used.
Create a build configuration file that should work for standard
WiFi setups by running the following command:
cat > wpa_supplicant/.config << "EOF"
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
EOF
If you wish to use WPA Supplicant
with NetworkManager-1.42.0, make sure that
you have installed dbus-1.14.6 and libxml2-2.10.3, then add the following options
to the WPA Supplicant build
configuration file by running the following command:
cat >> wpa_supplicant/.config << "EOF"
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
EOF
cd wpa_supplicant &&
make BINDIR=/usr/sbin LIBDIR=/usr/lib
If you have installed Qt-5.15.8 and wish to build the WPA Supplicant GUI program, run the following
commands:
Note
The following directory name is labelled qt4, but is compatible
with Qt-5.15.8.
pushd wpa_gui-qt4 &&
qmake wpa_gui.pro &&
make &&
popd
This package does not come with a test suite.
Now, as the root
user:
install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/
Install the systemd support files
by running the following command as the root
user:
install -v -m644 systemd/*.service /usr/lib/systemd/system/
If you have built WPA Supplicant
with D-Bus support, you will need
to install D-Bus configuration
files. Install them by running the following commands as the
root
user:
install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
/usr/share/dbus-1/system-services/ &&
install -v -d -m755 /etc/dbus-1/system.d &&
install -v -m644 dbus/dbus-wpa_supplicant.conf \
/etc/dbus-1/system.d/wpa_supplicant.conf
Additionally, enable the wpa_supplicant.service
so that systemd can properly activate the D-Bus service. Note that the per-connection
service and the D-Bus service cannot be enabled at the same time.
Run the following command as the root
user:
systemctl enable wpa_supplicant
If you have built the WPA
Supplicant GUI program, install it by running the following
commands as the root
user:
install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/
Note
You will need to restart the system D-Bus daemon before you can use the
WPA Supplicant D-Bus interface.
Note
This package installs desktop files into the /usr/share/applications
hierarchy and you can
improve system performance and memory usage by updating
/usr/share/applications/mimeinfo.cache
. To
perform the update you must have desktop-file-utils-0.26 installed
and issue the following command as the root
user:
update-desktop-database -q
Configuring wpa_supplicant
Config File
/etc/wpa_supplicant/wpa_supplicant-*.conf
Configuration Information
To connect to an access point that uses a password, you need to
put the pre-shared key in /etc/wpa_supplicant/wpa_supplicant-wifi0
.conf
. SSID is
the string that the access point/router transmits to identify
itself. Run the following command as the root
user:
install -v -dm755 /etc/wpa_supplicant &&
wpa_passphrase SSID
SECRET_PASSWORD
> /etc/wpa_supplicant/wpa_supplicant-wifi0
.conf
/etc/wpa_supplicant/wpa_supplicant-wifi0
.conf
can hold
the details of several access points. When wpa_supplicant is started, it
will scan for the SSIDs it can see and choose the appropriate
password to connect.
If you want to connect to an access point that isn't password
protected, put an entry like this in /etc/wpa_supplicant/wpa_supplicant-wifi0
.conf
. Replace
"Some-SSID" with the SSID of the access point/router.
network={
ssid="Some-SSID
"
key_mgmt=NONE
}
Connecting to a new access point that is not in the configuration
file can be accomplished manually via the command line or GUI,
but it must be done via a privileged user. To do that, add the
following to the configuration file:
ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
update_config=1
Replace the <privileged group> above with a system group
where members have the ability to connect to a wireless access
point.
There are many options that you could use to tweak how you
connect to each access point. They are described in some detail
in the wpa_supplicant/wpa_supplicant.conf
file in the
source tree.
Connecting to an Access Point
There are 3 types of systemd
units that were installed:
The only difference between 3 of them is what driver is used for
connecting (-D option). The first one uses the default driver,
the second one uses the nl80211 driver and the third one uses the
wired driver.
You can connect to the wireless access point by running the
following command as the root
user:
systemctl start wpa_supplicant@wlan0
To connect to the wireless access point at boot, simply enable
the appropriate wpa_supplicant service by
running the following command as the root
user:
systemctl enable wpa_supplicant@wlan0
Depending on your setup, you can replace the [email protected]
with any other listed
above.
To assign a network address to your wireless interface, consult
the General
Network Configuration page in LFS.