Connecting to a Wireless Network Using WPA/WPA2 for Authentication and Encryption#

Core Networking supports connecting to a wireless network using the more secure option of WPA (WiFi Protected Access) or WPA2 (802.11i) protocols. The application which manages this feature is called wpa_supplicant. The wpa_supplicant application can manage your connection to a single access point, or can manage a configuration which includes settings for connections to multiple wireless networks (SSID) either implementing WPA, or WEP to support roaming from network to network. wpa_supplicant supports IEEE802.1X EAP Authentication (referred to as WPA), WPA-PSK, and WPA-NONE (for ad-hoc networks) key management protocols along with encryption support for TKIP and AES (CCMP). A WAP for a simple home or small office wireless network would likely use WPA-PSK for the key management protocol, while a large office network would use WAP along with a central authentication server such as RADIUS.

To enable a wireless client (or supplicant) to connect to a WAP configured to use WPA, you must first determine the network name (as described above) and the authentication and encryption methods used from your network administrator.

wpa_supplicant uses a configuration file (/etc/wpa_supplicant.conf by default) to configure its settings and then runs as a daemon in the background. You can also use the utility wpa_cli to change the wpa_supplicant configuration while it is running. Changes done by the wpa_cli utility will be saved to the /etc/wpa_supplicant.conf file.

The /etc/wpa_supplicant.conf file has a rich set of options which can be configured, but wpa_supplicant also makes use of various default settings which help simplify your wireless configuration.

If you are connecting to a WAP and your WPA configuration consists of a network name (SSID) and a pre-shared key, your network configuration can be as simple as this.

/etc/wpa_supplicant.conf (make sure that this file is only readable and writable by root since it contains the key information in clear text)

network={ 
	ssid="my_network_name"     #The name of the network you wish to join 
	psk="1234567890"              #The preshared key applied by the access point 
}	

Start wpa_supplicant as:

• wpa_supplicant -B -i ral0 -c /etc/wpa_supplicant.conf

Where -i specifies the network interface, and -B causes the application to move to the background.

wpa_supplicant will by default negotiate the use of the WPA protocol, WPA-PSK for key-management and TKIP or AES for encryption. Infrastructure mode is used by default.

Once the interface status is active (ifconfig ral0, where ath0 is the interface name), you can apply the appropriate TCP/IP configuration (See TCP/IP Configuration in a Wireless Network).

If you were to create an ad-hoc network using WPA, you could do the following:

• /etc/wpa_supplicant.conf (make sure that this file is only readable and writable by root since it contains the key information in clear text)

network={
        mode=1                    #This sets the mode to be ad-hoc, 0 represents Infrastructure mode 
	ssid="my_network_name"    #The name of the ad-hoc network 
	key_mgmt=NONE		  #Sets WPA-NONE 
	group=CCMP                #Use AES encryption  
	psk="1234567890"          #The preshared key applied by the access point 
 }	

Start wpa_supplicant as:

• wpa_supplicant -B -i ath0 -c /etc/wpa_supplicant.conf

Where -i specifies the network interface, and -B causes the application to move to the background.