Introduction
The purpose of this how-to is to setup simple wireless roaming (automatic network recognition and connection) on Debian Lenny. By simple I do not mean really easy. By simple I mean clean, without unnecessary programs, daemons or services. This is almost certainly not the easiest way. But I like it.
We're going to use wpa_supplicant as called by the ifupdown networking components of Lenny to automatically connect to networks that we define in advance. Why are we using wpa_supplicant? If you want to connect to any wireless network worth connecting to, you're going to need wpa_supplicant. You want easy? Just install some app to manage your wireless network, like wicd or network-manager. But why install another app to do what we can already do? It's just one more app that can crash, one more app that can potentially be exploited, one more app eating up your hardware's resources. Here's a description from the man pages, lightly edited:
The Debian wpasupplicant packages provides two modes of operation that are closely integrated with ifupdown (the core networking infrastructure); Managed Mode and Roaming Mode. A self contained, simplistic roaming mechanism is provided by wpasupplicant, in the form of a wpa_cli action script, /sbin/wpa_action, and it assumes control of ifupdown once activated. See the wpa_action man page for more info.
Pre-Req's / Assumptions
- 1. You need a working internet connection. You should be able to bring up your wireless network, and connect to all the places you want to connect to manually. This means knowing about /etc/network/interfaces, ifupdown, iwconfig, iwlist, and so on. If you can't manually connect you probably can't use this guide.
2. You need wpa_supplicant installed, but it has to be from at least Debian Lenny. The man pages talk about significant changes from earlier kernel versions, if you're not running Lenny stop now and read the man pages and docs listed below. It's probably not going to work, but maybe you can figure it out. If you do, post how you did it below. Here's a website that may help you out: http://home.telomsa.net/richm/hp-nx6125.html
3. You read /usr/share/doc/wpasupplicant/README.modes. You don't even need this if you read that. It's that good. I highly recommend you read everything else under /usr/share/doc/wpasupplicant/, the man pages for interfaces, iwconfig, iwlist, and wpa_supplicant.conf.
4. You don't trust me, and are concerned that these steps may harm your computer. That's a good assumption to have considering that all of these instructions require root privileges and I "wrote" this how-to because I didn't want to forget everything I learned in the previous four hours.
Ok, time to end the attribution and begin the execution; And it's the network interfaces that are first against the wall.
Instructions & Crib Notes
To start, open /etc/network/interfaces file and place this in there:
- Code: Select all
allow-hotplug wlan0
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
Change wlan0 if necessary. If you have references to your wireless interface anywhere else, for example something like "auto lo wlan0" remove the reference to your wireless network device. The documentation says you can use either auto or allow-hotplug.
Some important info about drivers:
The Intel Pro Wireless adapters (ipw2100, ipw2200 and ipw3945) all use the 'wext' driver, the 'ipw' backend is deprecated and no longer provided. The Madwifi supports both the 'wext' and 'madwifi' driver backends and 'wext' is the preferred driver interface. Ndiswrapper no longer supports the 'ndiswrapper' driver backend as of version 1.16. Therefore, 'wext' must be used. See readme.modes for more info.
The file location may not be important, but change it at your own peril. Next we deal with the wpa_supplicant.conf file. It's very important. Here's what respectable people have to say about it:
It is required to provide a wpa_supplicant.conf containing a minimal amount of global options, and any known network blocks that should be connected to without interaction. A good starting point is provided by an example configuration file:
Let's do what he tells us:
- Code: Select all
cp /usr/share/doc/wpasupplicant/examples/wpa-roam.conf /etc/wpa_supplicant/wpa_supplicant.conf
chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
Ok, now we lightly edit the file to our own use. Pay attention to the big scary warning about the ctrl_interface, and don't touch it if you don't know exactly what it means. Here's what the wpa_supplicant.conf file looks like, minus all the very important comments:
- Code: Select all
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="Example WEP Network"
key_mgmt=NONE
wep_key0=6162636465
wep_tx_keyidx=0
id_str="johns_house"
priority=5
}
network={
ssid="Example WPA Network"
psk="mysecretpassphrase"
id_str="home"
priority=10
}
network={
key_mgmt=NONE
}
Amazingly you don't need all the info you usually need when manually setting up your wpa connections. You would think that you have to move all the wpa-* info, but for whatever reason, it's not needed. Also, the reason we chmod'd the file so that non-root couldn't read it is because you put your ASCII password in there. Does wpa_supplicant md5 hash it before transmit? I don't know.
Note the priority settings, those aren't in the example file. But if, like me, you've got a neighbour with an unsecured wireless and your own secured wireless, you naturally want to connect to yours. To ensure that happens (or perhaps, only to make it more likely) you need to set it at a higher priority. If my home and John's house were side by side and I could access both, my home would take priority (10 > 5). The default network (aka, fall back network, very important you have this) has no priority, which is as good as zero as makes no difference.
Anyway, once you've edited that example file to your tastes, you just need to go back into /etc/network/interfaces and make a few minor additions. This is what it would look like, based on the above example.
- Code: Select all
debian:/# cat /etc/network/interfaces
# Loopback
auto lo
iface lo inet loopback
# Ethernet
iface eth0 inet dhcp
# Wireless
allow-hotplug wlan0
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface home inet dhcp
iface johns_house inet dhcp
iface default inet dhcp
If you have a static setup instead of dhcp, just have a look at the example files, documents and man pages referenced above. Examples are included. Note that for every network block in the wpa_supplicant.conf file there is a corresponding iface. Also, the last network block was blank, but in interfaces, it is called default. Just go with it. It's all good.
At this point I'm just gonna to cut and paste this entire section, because it's all relevant and directly to the point:
Once the roaming daemon is started, it assumes control of ifupdown. That is; wpa_cli calls ifup when wpa_supplicant has successfully associated with an access point, and calls ifdown when the connection is lost or terminated. While the roaming daemon is active, ifupdown should not be controlled directly by manually issued commands... For example, to stop the roaming daemon on the device 'wlan0':
- Code: Select all
wpa_action wlan0 stop
When it is required to update the roaming daemon with a new networks details, it can be done without stopping it. Edit the wpa_supplicant.conf file that is being used by the daemon with the new networks details, add optional network settings to /etc/network/interfaces that are specific to the new network (linked by the 'id_str') and then 'reload' the daemon like so:
- Code: Select all
wpa_action wlan0 reload
For the complete technical details of what wpa_action can do, read the wpa_action manpage.
Anyway, at this point everything should hopefully be working. So run
- Code: Select all
/etc/init.d/networking force-reload
wpa_action wlan0 reload
- Code: Select all
wpa_cli
A handy-dandy "interface" pops up. Type status to see your connection status. If you're not connected to anything you can type "list" to see what networks are actually available. If you see networks in your list but aren't connected try typing "reassociate"
Type help to check out all the useful commands. You'll see that you can actually use wpa_cli to add new networks, which could be handy if you want to add new networks as non-root. I haven't experimented with this, but you'll need to make sure to uncomment #update_config=1 in /etc/wpa_supplicant/wpa_supplicant if you want to try this method out.
The last thing to do is make this available to your normal user. Assuming your normal user is a part of the netdev group, you don't need to make any changes. Just run
- Code: Select all
/sbin/wpa_cli
If you decide to create a new group, just change the group in /etc/wpa_supplicant/wpa_supplicant.conf on the control interface line. As always, there is more than one way to skin a cat.
Credits & Feedback:
I've tried to condense what was -- to me -- the most essential information from the manpages, which are really quite excellent with respect to documenting these features. Thanks to the developers for making them so good that even a new Debian user could bungle his way through it all.
That said, please give me feedback so I can improve this how-to. Have I misrepresented something in the manpages? Given bad advice? Typo? Don't like my avatar? Let me know so that I can improve this post / cry.
