Connecting with WPA or WPA2

Core Networking supports connecting to a wireless network using the more secure option of WPA (Wi-Fi Protected Access) or WPA2 (802.11i) protocols.

The wpa_supplicant application can manage your connection to a single access point, or it can manage a configuration that includes settings for connections to multiple wireless networks (SSIDs) either implementing WPA, or WEP to support roaming from network to network. The wpa_supplicant application supports IEEE802.1X EAP Authentication (referred to as WPA), WPA-PSK, and WPA-NONE (for ad hoc networks) key-management protocols along with encryption support for TKIP and AES (CCMP). A WAP for a simple home or small office wireless network would likely use WPA-PSK for the key-management protocol, while a large office network would use WAP along with a central authentication server such as RADIUS.

To enable a wireless client (or supplicant) to connect to a WAP configured to use WPA, you must first determine the network name (as described above) and get the authentication and encryption methods used from your network administrator. The wpa_supplicant application uses a configuration file (/etc/wpa_supplicant.conf by default) to configure its settings, and then runs as a daemon in the background. You can also use the wpa_cli utility to change the configuration of wpa_supplicant while it's running. Changes done by the wpa_cli utility are saved in the /etc/wpa_supplicant.conf file.

The /etc/wpa_supplicant.conf file has a rich set of options that you can configure, but wpa_supplicant also uses various default settings that help simplify your wireless configuration. For more information, see http://netbsd.gw.com/cgi-bin/man-cgi?wpa_supplicant.conf++NetBSD-4.0.

If you're connecting to a WAP, and your WPA configuration consists of a network name (SSID) and a pre-shared key, your /etc/wpa_supplicant.conf would look like this:

network={ 
    ssid="my_network_name"  #The name of the network you wish to join 
    psk="1234567890"        #The preshared key applied by the access point 
}
Note: Make sure that only root can read and write this file, because it contains the key information in clear text.

Start wpa_supplicant as:

wpa_supplicant -B -i abc0 -c /etc/wpa_supplicant.conf

The -i option specifies the network interface, and -B causes the application to run in the background.

The wpa_supplicant application by default negotiates the use of the WPA protocol, WPA-PSK for key-management, and TKIP or AES for encryption. It uses infrastructure mode by default.

Once the interface status is active (use ifconfig abc0, where abc0 is the interface name, to check), you can apply the appropriate TCP/IP configuration. For more information, see TCP/IP configuration in a wireless network,” later in this chapter.

If you were to create an ad hoc network using WPA, your /etc/wpa_supplicant.conf file would look like this:

network={
    mode=1                   # This sets the mode to be ad hoc.
                             # 0 represents Infrastructure mode 
    ssid="my_network_name"   # The name of the ad hoc network 
    key_mgmt=NONE            # Sets WPA-NONE 
    group=CCMP               # Use AES encryption  
    psk="1234567890"         # The preshared key applied by the access point 
 }  
Note: Again, make sure that this file is readable and writable only by root, because it contains the key information in clear text.

Start wpa_supplicant with:

wpa_supplicant -B -i abc0 -c /etc/wpa_supplicant.conf

where -i specifies the network interface, and -B causes the application to run in the background.