wpa-roaming


wpa-roaming is a method with which you can browse and connect to wireless networks within and without a graphical desktop environment. This is very convenient for notebook users. Some Linux users might know network-manager from other distributions which looks great but has some caveats:
  • it only can be used in a GUI environment
  • it has a daemon running
  • it is sometimes very unreliable

wpasupplicant is a program to not only address wireless networks with WPA keys but all wireless networks. In combination with the "classic" /etc/network/interfaces it is a very powerful method to connect to networks without even doing anything. It does it automatically if a network is open or the network is added to a configuration file. Even more convenient: if you allow hotplugging, the correct connection is set fully automated right after logging in (into a desktop environment or into a non X session).

Basics


To be able to use wpa-roaming with wpasupplicant in a GUI environment you have to have two packages installed:
  • wpasupplicant
  • wpagui

apt-get update && apt-get install wpasupplicant wpagui


wpasupplicant is mandatory, wpagui is a very convenient addition for GUI controlled networking in environments in which you want to change your access point.

An excellent theoretical introduction and very elaborate setups for /etc/network/interfaces and /etc/wpa_supplicant/wpa_supplicant.conf you find in our aptosid manual, this wiki entrance strives to present the practical part: how is wpa-roaming set up and how is it used with wpa_gui.

Have also a look into:

/usr/share/doc/wpasupplicant
/usr/share/doc/wpagui

Using wpa-gui without network configuration


As root adapt your /etc/network/interfaces so that it contains those lines. the name of the interface might vary:


allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp


As root you also edit a raw /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        key_mgmt=NONE
}


This setup connects automatically to any available open WLAN.

If you do not want to be automatically connected, add the option "disabled=1". You then can decide on your own when you want to be connected to an open WLAN by using wpagui:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        key_mgmt=NONE
        disabled=1
}


The next step secures wpa_supplicant.conf from unwanted access. This is necessary, because secret keys of private networks are saved in this file:

chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf



Running it



Prerequisites:
  • Make sure, you are member of the group netdev (1)
  • Restart the network or reboot (2)

(1) default for the user who is set up during the installation of sidux

(2) Stop any running network with

ifdown <interface>


(3) Initiate roaming for the first time with

ifup wlan0



Starting wpa_gui


This starts the wpa_gui as user (you need the full path!):

/usr/sbin/wpa_gui


This is the default screen (forget the data in it, I have a very custom setup):

image

This is the interface for managing networks:

image

To add a known network just click "add" and you will get this interface with pulldown menus (supports no encryption, WEP, WPA - just add the correct data) and hit "add" here as well:

image

Or more easily, just hit "scan" to scan the network

image

and doubleclick on the network you want to add the desired network (all data is automatically added, you just need the passphrase - plain or in hex) and hit "add":

image

If you are happy and everything is working, you can add the settings to /etc/wpa_supplicant/wpa_supplicant.conf by choosing "File > Save Configuration".


Using wpa-gui with network configuration


With the help of "IDString" and "Priority" you can direct to which network the box is connected at boot time. Highest priority is "1000", lowest priority is "0". You have to add the IDString to /etc/network/interfaces as well.

Here now the syntax for /etc/network/interfaces. First for connection to DHCP servers, the second if you are provided with a fix IP address. Adjust to your settings:

# id_str="home_dhcp"
iface home_dhcp inet dhcp

# id_str="home_static"
iface home_static inet static

        address 192.168.0.20
        netmask 255.255.255.0
        network 192.168.0.0

        broadcast 192.168.0.255
        gateway 192.168.0.1


Here an example how I use it. I want to be automatically connected to my home WLAN when I am at home, so I gave that the IDString "home" and priority "15". When I am travelling, I want the laptop to connect to any free, non passworded network which is available. I gave it the IDString "stalk" and priority "1" (very low). But please, always check if your connection is legal and disconnect if it is obviously not intended to be free.

So, here my stanzas in /etc/network/interfaces:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
# automatically added when upgrading
auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface home inet dhcp
iface stalk inet dhcp


And here my /etc/wpa_supplicant/wpa_supplicant.conf (SSID and passwords are changed or just explained):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid="my_ssid"
        scan_ssid=1
        psk=123ABC  ##here comes the passphrase in hexadecimal code!!
#       psk="password_in_ascii"   ##I do not use that
        key_mgmt=WPA-PSK
        pairwise=TKIP
        group=TKIP
        auth_alg=OPEN
        priority=15
        id_str="home"
}

network={
        ssid=""
        scan_ssid=1
        key_mgmt=NONE
        auth_alg=OPEN
        priority=1
        disabled=1   ## no automatic connection, one needs wpa_cli or wpa_gui
        id_str="stalk"
}


With "disabled=1" you will not be automatically connected to a defined network block (here: open WLANs), you have to initiate roaming through wpa_gui or wpa_cli. For automatic roaming don't use that option at all or comment the line with the "disabled" option using a #.


WEP encryption


If you want to add WEP encrypted networks to your wpa_supplicant.conf permanently, the syntax is:

network={
        ssid="example wep network"
        key_mgmt=NONE
        wep_key0="abcde"
        wep_key1=0102030405
        wep_tx_keyidx=0


Notes


1. Easy to reuse

Once set up, you can easily reuse your setup on other laptops or desktops with WLAN cards. Just copy /etc/network/interfaces (adjust the name of the interface if needed) and /etc/wpa_supplicant/wpa_supplicant.conf to your new box. There is no need of "installing" anything after that. It is "wash & go" (TM).

2. Backup

It is good to backup /etc/network/interfaces and /etc/wpa_supplicant/wpa_supplicant.conf, but encrypt your backup because it contains sensitive information. An easy way is a password protected archive like 7zip, zip, rar or others.

3. Desktop button

To create a desktop icon, rightclick on kmenu>internet>wpa_gui and choose to send it to the desktop.

4. Hidden SSIDs

Hidden SSIDs are detected when "scan_ssid=1" is defined in the network block.

5. Authentification algorithms

For WPA/WPA2 encryption you need
auth_alg=OPEN


For static WEP encryption you might need
auth_alg=SHARED


That's about it, have fun, it is really great.




--
CategoryHardware