Introduction to WPA Supplicant
WPA Supplicant is a Wi-Fi
Protected Access (WPA) client and IEEE 802.1X supplicant. It
implements WPA key negotiation with a WPA Authenticator and
Extensible Authentication Protocol (EAP) authentication with an
Authentication Server. In addition, it controls the roaming and
IEEE 802.11 authentication/association of the wireless LAN driver.
This is useful for connecting to a password protected wireless
access point.
This package is known to build and work properly using an LFS-11.1
platform.
Package Information
WPA Supplicant Dependencies
Recommended
desktop-file-utils-0.26 (for running
update-desktop-database) and
libnl-3.5.0
Optional
dbus-1.12.20, libxml2-2.9.13, and Qt-5.15.2
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wpa_supplicant
Kernel Configuration
Enable the following options in the kernel configuration as well as
specific device drivers for your hardware and recompile the kernel
if necessary:
[*] Networking support ---> [CONFIG_NET]
[*] Wireless ---> [CONFIG_WIRELESS]
<*/M> cfg80211 - wireless configuration API [CONFIG_CFG80211]
[*] cfg80211 wireless extensions compatibility [CONFIG_CFG80211_WEXT]
<*/M> Generic IEEE 802.11 Networking Stack (mac80211) [CONFIG_MAC80211]
Device Drivers --->
[*] Network device support ---> [CONFIG_NETDEVICES]
[*] Wireless LAN ---> [CONFIG_WLAN]
Open the submenu and select the options that support your hardware:
lspci from pciutils-3.7.0 can be used to view your
hardware configuration.
Installation of WPA Supplicant
First you will need to create an initial configuration file for the
build process. You can read wpa_supplicant/README and wpa_supplicant/defconfig for the explanation of
the following options as well as other options that can be used.
Create a build configuration file that should work for standard
WiFi setups by running the following command:
cat > wpa_supplicant/.config << "EOF"
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
EOF
If you wish to use WPA Supplicant
with NetworkManager-1.34.0, make sure that
you have installed dbus-1.12.20 and libxml2-2.9.13, then add the following options
to the WPA Supplicant build
configuration file by running the following command:
cat >> wpa_supplicant/.config << "EOF"
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
EOF
cd wpa_supplicant &&
make BINDIR=/usr/sbin LIBDIR=/usr/lib
If you have installed Qt-5.15.2 and wish to build the WPA Supplicant GUI program, run the following
commands:
![[Note]](../images/note.png)
Note
The following directory name is labelled qt4, but is compatible
with Qt-5.15.2.
pushd wpa_gui-qt4 &&
qmake wpa_gui.pro &&
make &&
popd
This package does not come with a test suite.
Now, as the root user:
install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/
If you have built WPA Supplicant
with D-Bus support, you will need
to install D-Bus configuration
files. Install them by running the following commands as the
root user:
install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
/usr/share/dbus-1/system-services/ &&
install -v -d -m755 /etc/dbus-1/system.d &&
install -v -m644 dbus/dbus-wpa_supplicant.conf \
/etc/dbus-1/system.d/wpa_supplicant.conf
If you have built the WPA
Supplicant GUI program, install it by running the following
commands as the root user:
install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/
Note
You will need to restart the system D-Bus daemon before you can use the
WPA Supplicant D-Bus interface.
Note
This package installs desktop files into the /usr/share/applications hierarchy and you can
improve system performance and memory usage by updating
/usr/share/applications/mimeinfo.cache. To
perform the update you must have desktop-file-utils-0.26 installed
and issue the following command as the root user:
update-desktop-database -q
Configuring wpa_supplicant
Config File
/etc/sysconfig/wpa_supplicant-*.conf
Configuration Information
To connect to an access point that uses a password, you need to
put the pre-shared key in /etc/sysconfig/wpa_supplicant-wifi0.conf. SSID is
the string that the access point/router transmits to identify
itself. Run the following command as the root user:
wpa_passphrase SSID SECRET_PASSWORD > /etc/sysconfig/wpa_supplicant-wifi0.conf
/etc/sysconfig/wpa_supplicant-wifi0.conf can hold
the details of several access points. When wpa_supplicant is started, it
will scan for the SSIDs it can see and choose the appropriate
password to connect.
If you want to connect to an access point that isn't password
protected, put an entry like this in /etc/sysconfig/wpa_supplicant-wifi0.conf. Replace
"Some-SSID" with the SSID of the access point/router.
network={
ssid="Some-SSID"
key_mgmt=NONE
}
Connecting to a new access point that is not in the configuration
file can be accomplished manually via the command line or GUI,
but it must be done via a privileged user. To do that, add the
following to the configuration file:
ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
update_config=1
Replace the <privileged group> above with a system group
where members have the ability to connect to a wireless access
point.
There are many options that you could use to tweak how you
connect to each access point. They are described in some detail
in the wpa_supplicant/wpa_supplicant.conf file in the
source tree.
Connecting to an Access Point
If you want to
configure network interfaces at boot using wpa_supplicant, you need to
install the /lib/services/wpa
script included in blfs-bootscripts-20210826 package:
make install-service-wpa
If your router/access point uses DHCP to allocate IP addresses,
you can install DHCP-4.4.2-P1 client and use it to
automatically obtain network addresses. Create the /etc/sysconfig/ifconfig-wifi0 by running the
following command as the root
user:
cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"
# Additional arguments to wpa_supplicant
WPA_ARGS=""
WPA_SERVICE="dhclient"
DHCP_START=""
DHCP_STOP=""
# Set PRINTIP="yes" to have the script print
# the DHCP assigned IP address
PRINTIP="no"
# Set PRINTALL="yes" to print the DHCP assigned values for
# IP, SM, DG, and 1st NS. This requires PRINTIP="yes".
PRINTALL="no"
EOF
If you prefer dhcpcd-9.4.1 instead of DHCP-4.4.2-P1 client, then
create the /etc/sysconfig/ifconfig-wifi0 by running the
following command as the root
user:
cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"
# Additional arguments to wpa_supplicant
WPA_ARGS=""
WPA_SERVICE="dhcpcd"
DHCP_START="-b -q <insert appropriate start options here>"
DHCP_STOP="-k <insert additional stop options here>"
EOF
Alternatively, if you use static addresses on your local network,
then create the /etc/sysconfig/ifconfig-wifi0 by running the
following command as the root
user:
cat > /etc/sysconfig/ifconfig.wifi0 << "EOF"
ONBOOT="yes"
IFACE="wlan0"
SERVICE="wpa"
# Additional arguments to wpa_supplicant
WPA_ARGS=""
WPA_SERVICE="ipv4-static"
IP="192.168.1.1"
GATEWAY="192.168.1.2"
PREFIX="24"
BROADCAST="192.168.1.255"
EOF
You can connect to the wireless access point by running the
following command as the root
user:
ifup wifi0
Replace wlan0 with the
correct wireless interface and wifi0 with desired name for the
configuration file. Please note that wpa_supplicant-*.conf and ifconfig.* configuration files need to have
identical names, ie both contain wifi0 in their name.