Tags:
tag this topic
create new tag
view all tags
---+!! Using Uni-Münster Wireless LAN with WPA and wpa_supplicant The first revision of this manual has been written by David Vernazobres (dv@uni-muenster.de)<br /> January Weiner (january@uni-muenster.de)<br /> Institute for Evolution and Biodiversity.<br /> Evolution of Biopolymers and Biochemical Pathways The access to the Uni wireless is done using the wpa_supplicant package. We have only figured out the manual configuration via configuration files, requiring root privileges. This has the advantage that you can configure that on the computers you are administering for all users without the need to involve the users directly. However, you will have to provide a mechanism for the users to actually use the configuration (sudo mechanism, or making sure that the automatic roaming works and is started at launch time). Possibly, a simpler solution exists using wpa_gui or the GNOME network management. We will update this document if such information becomes available. However, this solution means that every user of the laptop probably needs to set up her or his own configuration. Further: you need to be *very patient*. The authentication process can take sometimes as much as a couple of _minutes_! You can use the command <pre>wpa_cli status</pre> to monitor what is happening. Furthermore: sometimes, you do not get an IP via DHCP. You just do not get it, or there is some other problem, or otherwise. 1) Make sure that no dhclient process is running (pkill dhclient). 2) start dhclient manually: dhclient eth1 %TOC{title="Contents"}% ---++ 1. Prerequisites ---+++ 1.1 Linux kernel version 2.6.14 or higher You can find out your kernel version with <pre> uname -a </pre> ---+++ 1.2 wpasupplicant version 0.6.0, preferably CVS|GIT. _This branch is still in development (see "Appendix")_ The wpasupplicant package from Debian / stable (etch), Ubuntu / dapper (Ubuntu version 6.06) or Ubuntu / edgy (Ubuntu version 6.10) does not work. The working Debian packages is now in unstable (19th April 2007). It will be available in Debian / testing (lenny) in the beginning of May 2007. Make sure that you have the right wpasupplicant package (check the version!): * on Debian systems: <pre> apt-cache policy wpasupplicant apt-cache show wpasupplicant </pre> * on RPM systems (!RedHat, !SuSE): <pre> rpm -qi wpa_supplicant </pre> ---++ 2. WPA configuration for Uni-Muenster usage only This configuration is simpler, but it makes wireless to work only for the Uni-Münster network. That is, in an alien environment (e.g. airport) you will not be able to use your wireless. ---+++ 2.1. wpa_supplicant configuration You need to edit the file =/etc/wpa_supplicant/wpa_supplicant.conf= and enter the following: <pre> ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 fast_reauth=1 network={ ssid="uni-ms" key_mgmt=WPA-EAP proto=WPA2 pairwise=CCMP group=CCMP eap=PEAP identity="username" password="password" } </pre> Replace "username" with your username and "password" with your net password ("Netzwerkzugangspasswort"). _Note: only one wireless device will be able to access the wireless at a given time with the given username or password. That is, if you use it on two laptops, they will not be able to access network at the same time._ ---+++ 2.2 Configure the interfaces The below works for Debian/Ubuntu. No idea what you have to do on !SuSE / !RedHat: Edit =/etc/network/interfaces= Enter the following: <pre> iface eth1 inet dhcp wpa-driver wext wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf </pre> _Note: out-comment (precede with a '#' character) any other iface entries relating to eth1, assuming that eth1 is your wireless interface._ _Note: "wpa-driver wext" You will need to pick the right wpa-driver values. Available values are list in link link[[[#ReferenceLink1][1]]]. The wext driver is the default, and you should be able to use it with modern laptops with no problems. Users with the madwifi drivers (atheros chip) need to read carefully the madwifi section in link[[[#ReferenceLink1][1]]]._ ---+++ 2.3. Starting / closing the wireless: To start the wireless, enter as root <pre> ifup eth1 </pre> To close the wireless, enter as root <pre> ifdown eth1 </pre> ---++ 3. WPA configuration for "roaming" In this configuration, any network other than uni-ms will also be accessible. However, there are two issues: * the configuration is more troublesome * the usage is more complicated ---+++ 3.1. The wpa_supplicant configuration You need to edit the file =/etc/wpa_supplicant/wpa_supplicant.conf= and enter the following: <pre> # uni-ms WPA-CCMP/WPA2-TKIP using PEAP ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 fast_reauth=1 # association with open network # wpa roaming daemon will call "ifup default" network={ ssid="" key_mgmt=NONE } # association with AES on uni-ms # wpa roaming daemon will call "ifup aes_uni_ms" network={ id_str="aes_uni_ms" ssid="uni-ms" key_mgmt=WPA-EAP proto=WPA2 pairwise=CCMP group=CCMP eap=PEAP identity="username" password="password" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } # association with tkip on uni-ms # wpa roaming daemon will call "ifup tkip_uni_ms" network={ id_str="tkip_uni_ms" ssid="uni-ms" key_mgmt=WPA-EAP proto=WPA pairwise=TKIP group=TKIP eap=PEAP identity="username" password="password" } </pre> Replace "username" with your username and "password" with your net password ("Netzwerkzugangspasswort"). ---+++ 3.2 Configure the interfaces Edit =/etc/network/interfaces= Enter the following: <pre> iface eth1 inet manual wireless-mode Managed wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp iface tkip_uni_ms inet dhcp iface aes_uni_ms inet dhcp </pre> _Note: out-comment (precede with a '#' character) any other iface entries relating to eth1, assuming again that eth1 is your wireless interface._ _Note: "wpa-driver wext" You will need to pick the right wpa-driver values. Available values are list in link[[[#ReferenceLink1][1]]]. The wext driver is the default, and you should be able to use it with modern laptops with no problems. Users with the madwifi drivers (atheros chip) need to read carefully the madwifi section in link[[[#ReferenceLink1][1]]]._ ---+++ 3.3. Starting / closing the wireless: To start the wireless, enter as root <pre> ifup eth1 </pre> once started, the wireless daemon from wpasupplicant has taken over the ifup/ifdown interface. It will automatically call ifup/ifdown when a network is discovered. From now on, you should not use ifup/ifdown. Instead, you need to use wpa_action. For example, to stop the eth1, you need to issue (as root) <pre> wpa_action eth1 stop </pre> _Note: on Debian lenny, an ifdown eth1 is also working. But this functionality is provided by some Debian script._ You can follow the wpa-authentication with the following command: <pre> wpa_cli status </pre> _Note: To simplify the day to day work with the wireless, you can use the sudo command on ifup|ifdown, wpa_action, wpa_cli, wpa_gui. See the sudo manual._ ---+++ 3.5 Adding additional networks The above configuration allows you to browse through three networks: i. any network with no authentication (anything goes) ii. the uni-ms network with AES authentication, which is preferred over the TKIP authentication iii. the uni-ms network with TKIP authentication (in case there are problems with the AES authentication; the Uni provides both methods) If you wish to add another configuration, for example a network at home with ssid "myhome" and a static network address, you need to first edit the file /etc/wpa_supplicant/wpa_supplicant.conf and add the following: <pre> network={ ssid="myhome" # this id_str will notify /sbin/wpa_action to 'ifup home_static' id_str="home_static" # psk is your private secure key psk=123456789... } </pre> Then you need to modify /etc/network/interfaces. Add the logical interface "home_static" with the parameters of your network at home, for example: <pre> # id_str="home_static" iface home_static inet static address 192.168.0.20 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 </pre> Now, when the roaming client detects the network with ssid "myhome", it automatically calls ifup on home_static. ---++ 4. Links #ReferenceLink1 [1]: http://hostap.epitest.fi/wpa_supplicant/<br /> #ReferenceLink2 [2]: http://manual.sidux.com/en/internet-connecting-wpa-en.htm ---++ 5. Notes ---+++ 22.5.2007, b we seem to have problems with the CCMP authentication. Apparently, although the connection seems to be established, no DHCP offers are being received at a later stage. ---+++ 22.5.2007 We seem to have troubles getting the wireless to always work. Currently, what works for me (January Weiner) is a completly manual configuration: * start the interface manually <pre>ifconfig eth1 up</pre> * launch the wpa_supplicant <pre> wpa_supplicant -d wext -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth1</pre> * from another terminal, start DHCP <pre> dhclient eth1</pre> ---++ 6. Das Zertifikat muss verifiziert werden Sie sollten zudem das Root-Zertifikat angeben (ca_cert="......."), um den Ursprung des WLANs zu verifizieren. Um die CA-Zertifikats-Datei (= Root-Zertifikat der deutschen Telekom Root CA2) eintragen zu können, muss sie auf Ihrem Rechner vorliegen. Hinweise zum Download und zu Zertifikaten allgemein finden Sie hier [[https://www.uni-muenster.de/ZIV/Anleitungen/verwendungvonzertifikaten/][Hinweise zur Verwendung von Zertifikaten an der WWU]]. ---++ 7. Appendix ---+++ Instruction for all distribution based on Debian (Ubuntu, Knoppix, Kanotix,...) If your WPA package is too old, you can just compile it from source, using the Debian package (available from http://packages.debian.org/ and search for wpasupplicant in all release.) unpack the source and build the package. <pre> apt-get install build-essential untar the archive, and cd to the directory. dpkg-buildpackage -rfakeroot -us -uc </pre> Package for Ubuntu/dapper and Ubuntu/Edgy were build successfully. ---+++ If not source are available for your distribution, ... ... you will need to download the source available from the link[[[#ReferenceLink1][1]]]. You can either take a Snapshot releases archive or download it using, the CVS or the GIT versioning system. ---+++ Most common problems * Most of the problems with a not working wpa authentication appear when several wpa_supplicant daemons are running on the computer. You should have used the wpa_action to stop all the wpa_supplicant daemons. When all wpa_supplicant daemons are stopped, start again with an ifup eth1 cycle. * In theory, you do not need to do it (apart with some buggy drivers). If you want to relaunch the wpa association, use the command wpa_cli reassociation * For more information, see the manual pages for wpa_cli and wpa_action.
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r12
<
r11
<
r10
<
r9
<
r8
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r12 - 2013-05-24
-
ArneScheffer
Home
Site map
Anleitungen web
Exchange web
Main web
TWiki web
Anleitungen Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Български
Cesky
Dansk
Deutsch
English
Español
Suomi
_Français_
Italiano
日本語
한글
Nederlands
Polski
Português
Русский
Svenska
Українська
简体中文
簡體中文
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ZIVwiki?
Send feedback
Datenschutzerklärung
Impressum