WPA Supplicant (简体中文)
Related articles
wpa_supplicant 是跨平台的 WPA supplicant,支持 WEP, WPA 和 WPA2 (IEEE 802.11i / RSN (Robust Secure Network)). 可以在桌面、笔记本甚至嵌入式系统中使用。
wpa_supplicant 是在客户端使用的 IEEE 802.1X/WPA 组件, 支持与 WPA Authenticator 的交互,控制漫游和无线驱动的 IEEE 802.11 验证和关联。
Contents
安装
从 官方软件仓库 中安装软件包 wpa_supplicant。
此外软件包 wpa_supplicant_gui 提供了图形界面 wpa_gui。
启动
This section describes common methods of starting wpa_supplicant, pick one that suits you best.
systemd
wpa_supplicant provides multiple service files:
-
wpa_supplicant.service- uses D-Bus, recommended for NetworkManager users. -
wpa_supplicant@.service- accepts the interface name as an argument and starts the wpa_supplicant daemon for this interface. It reads the configuration file in/etc/wpa_supplicant/wpa_supplicant-interface.conf. -
wpa_supplicant-nl80211@.service- also interface specific, but explicitly forces thenl80211driver (see below). The configuration file path is/etc/wpa_supplicant/wpa_supplicant-nl80211-interface.conf. -
wpa_supplicant-wired@.service- also interface specific, uses thewireddriver. The configuration file path is/etc/wpa_supplicant/wpa_supplicant-wired-interface.conf.
dhcpcd
dhcpcd contains a hook (enabled by default) to automatically launch wpa_supplicant on wireless interfaces. It is started only if:
- no wpa_supplicant process is already listening on that interface.
- a wpa_supplicant configuration file exists. dhcpcd checks
/etc/wpa_supplicant.confand/etc/wpa_supplicant/wpa_supplicant.confby default, but a custom path can be set by addingenv wpa_supplicant_conf=configuration_file_pathinto/etc/dhcpcd.conf.
Manually
wpa_supplicant accepts multiple command line arguments, notably:
-
-B- fork into background -
-c filename- path to configuration file -
-i interface- interface to listen on
See man 8 wpa_supplicant for the full argument list. For example, the common usage is:
# wpa_supplicant -B -i interface -c configuration_file
Configuration
wpa_supplicant provides a reference configuration file located at /etc/wpa_supplicant/wpa_supplicant.conf which contains detailed documentation for all the available options and their utilisation, as well as examples. Consider making a backup of it first, because some of the methods decribed below for automatically adding network configurations to wpa_supplicant.conf will strip all comments from the file.
In its simplest form, a configuration file requires only a network configuration block. For example:
/etc/wpa_supplicant/foobar.conf
network={
ssid="..."
}
Once you have a configuration file, you can start the wpa_supplicant daemon as described in the previous section and connect to the wireless network, using a static IP or DHCP.
wpa_passphrase
A network configuration can be automatically generated using the wpa_passphrase tool and added to the configuration file. This is useful for connecting to secured networks requiring a passphrase. For example:
$ wpa_passphrase essid passphrase
network={
ssid="essid"
#psk="passphrase"
psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
}
Some unusually complex passphrases may require input from a file:
$ wpa_passphrase essid < passphrase.txt
Specifying driver
You might need to specify a driver to be used. For a list of supported drivers see the output of wpa_supplicant -h.
-
nl80211is the current standard, but not all wireless chip's modules support it. -
wextis currently deprecated, but still widely supported.
Use the -D switch to specify the driver:
# wpa_supplicant -B -i interface -c configuration_file -D driver
Using wpa_cli
Wpa_supplicant can be controlled manually at runtime, by using the wpa_cli utility. To enable wpa_cli, the wpa_supplicant daemon must be configured to create a "control interface" (socket) by setting the ctrl_interface variable in the wpa_supplicant configuration file (default location /etc/wpa_supplicant/wpa_supplicant.conf).
The user will also need to be given access to this socket, by specifying which group has access to it. A new group might be created for this purpose, and users added to it, or an already existing group can be used - typically wheel.
The following setting will create the socket in /run/wpa_supplicant/ and allow the members of group wheel to access it:
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel
It is possible to modify the wpa_supplicant configuration file itself through the wpa_cli. This is useful for manually adding new networks to the roaming configuration file without needing to restart the wpa_supplicant daemon. To enable this, in the configuration file set the update_config variable to 1:
update_config=1
The wpa_supplicant daemon must be running, before wpa_cli can start (see #Starting for details). Then start
$ wpa_cli
It will look for the control socket at the location given in the configuration file, or the location can be set manually with the -p option). You can specify the interface that will be configured with the -i option, otherwise the first found wireless interface managed by wpa_supplicant will be used.
When wpa_cli is invoked, an interactive prompt (>) will appear. The prompt has tab completion and descriptions of completed commands.
Adding a new network using wpa_cli
To scan for available networks, enter "scan" at the > prompt. A notification will appear when the scan is complete:
> scan OK <3>CTRL-EVENT-SCAN-RESULTS >
Then enter "scan_results" to display them:
> scan_results bssid / frequency / signal level / flags / ssid 00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID 11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID >
To associate with MYSSID, tell wpa_supplicant about it. Each network in the configuration file is indexed numerically, beginning with zero. If you add a new network, it will be assigned a new number accordingly.
> add_network 0 >
Use this number to specify which network your settings apply to. For a new network, set its SSID, in quotes:
> set_network 0 ssid "MYSSID" OK >
Even if your access point is not is protected, the cli apparently still requires a PSK, again in quotes. The passkey must be 8-63 characters.:
> set_network 0 psk "passkey" OK >
Enable it:
> enable_network 0 OK >
And write the changes to the configuration file:
> save_config OK >
Action script
wpa_cli can run in daemon mode and execute a specified script based on events from wpa_supplicant. Two events are supported: CONNECTED and DISCONNECTED. Some environment variables are available to the script, see man 8 wpa_cli for details.
The following example will use desktop notifications to notify the user about the events:
#!/bin/bash
case "$2" in
CONNECTED)
notify-send "WPA supplicant: connection established";
;;
DISCONNECTED)
notify-send "WPA supplicant: connection lost";
;;
esac
Remember to make the script executable, then use the -a to pass the script path to wpa_cli:
$ wpa_cli -a path_to_script