Using wpa_supplicant to manage your wireless network connections

The wpa_supplicant daemon is the “standard” mechanism used to provide persistence of wireless networking information as well as manage automated connections into networks without user intervention.

The supplicant is based on the open-source supplicant (albeit an earlier revision that matches that used by the NetBSD distribution) located at http://hostap.epitest.fi/wpa_supplicant/.

In order to support wireless connectivity, the supplicant:

A sample wpa_supplicant.conf file is installed in /etc for you. It contains a detailed description of the basic supplicant configuration parameters and network parameter descriptions (and there are lots of them) and sample network configuration blocks.

In conjunction with the supplicant is a command-line configuration tool called wpa_cli. This tool lets you query the stack for information on wireless networks, as well as update the configuration file on the fly.

If you want wpa_cli to be capable of updating the wpa_supplicant.conf file, edit the file and uncomment the update_config=1 option. (Note that when wpa_cli rewrites the configuration file, it strips all of the comments.) Copy the file into /etc and make sure that root owns it and is the only user who can read or write it, because it contains clear-text keys and password information.

Given a system with a USB-Wi-Fi dongle based on the fictitious ABC100 chips, here's a sample session showing how to get things working with a WEP-based WAP:

# cp $HOME/stage/etc/wpa_supplicant.conf /etc
# chown root:root /etc/wpa_supplicant.conf
# chmod 600 /etc/wpa_supplicant.conf
# io-pkt-v4-hc -d abc100
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
    inet 127.0.0.1 netmask 0xff000000
abc0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    ssid ""
    powersave off
    address: 00:ab:cd:ef:d7:ac
    media: IEEE802.11 autoselect
    status: no network
# wpa_supplicant -B -iabc0
# wpa_cli
wpa_cli v0.4.9
Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'abc0'

Interactive mode

> scan
OK
> scan_results
bssid / frequency / signal level / flags / ssid
00:02:34:45:65:76   2437    10  [WPA-EAP-CCMP]  A_NET
00:23:44:44:55:66   2412    10  [WPA-PSK-CCMP]  AN_OTHERNET
00:12:4c:56:a7:8c   2412    10  [WEP]   MY_NET
> list_networks
network id / ssid / bssid / flags
0   simple  any 
1   second ssid any 
2   example any 
> remove_network 0
OK
> remove_network 1
OK
> remove_network 2
OK
> add_network
0
> set_network 0 ssid "MY_NET"
OK
> set_network 0 key_mgmt NONE
OK
> set_network 0 wep_key0 "My_Net_Key234"
OK
> enable_network 0
OK
> save
OK
> list_network
network id / ssid / bssid / flags
0   QWA_NET any 
> status
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2412 MHz)
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2412 MHz)
wpa_state=ASSOCIATING
> status
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2462 MHz)
<2>Associated with 00:12:4c:56:a7:8c
<2>CTRL-EVENT-CONNECTED - Connection to 00:12:4c:56:a7:8c completed (auth)
bssid=00:12:4c:56:a7:8c
ssid=MY_NET
pairwise_cipher=WEP-104
group_cipher=WEP-104
key_mgmt=NONE
wpa_state=COMPLETED
> quit
# dhclient abc0
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
    inet 127.0.0.1 netmask 0xff000000
abc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ssid MY_NET nwkey My_Net_Key234
    powersave off
    bssid 00:12:4c:56:a7:8c chan 11
    address: 00:ab:cd:ef:d7:ac
    media: IEEE802.11 autoselect (OFDM54 mode 11g)
    status: active
    inet 10.42.161.233 netmask 0xfffffc00 broadcast 10.42.160.252
#