November 19, 2006

Unix Linux Wireless and WPA


Wi-Fi protected access for you Unix Linux workstation can be a bit tricky the first time you set it up.
The setup I use in my example is from Fedora and Red Hat, but it should work on most Linux flavours and some Unix distributions. Oh, you will need to have a working ieee80211_crypt module and subsystem working with you kernel. Intel Wi-Fi card owners might check out http://ipw3945.sourceforge.net/ for some excellent resources.

To start using WPA or WPA-PSK you will need wpa_supplicant implementation installed on your box.


(Red Hat and Fedora user can download the wpa_supplicant rpm from Red Hat.
Fedora Core 5 users will find the rpm here.
http://redhat.download.fedoraproject.org/pub/fedora/linux/core/updates/5/i386/

# rpm -Uvh wpa_supplicant-0.4.9-1.fc5.i386.rpm

There is even a GUI ( frontend to wpa_supplicant at the Red Hat ftp site. Same directory as the wpa_supplicant rpm.

Source code way.
Check the author to wpa_supplicant site for the source code.

http://hostap.epitest.fi/ for the source code. Read the docs unpack the tarball and install.


$ tar -zxvf wpa_supplicant-0.4.9.tar.gz
Change directory to wpa_supplicant-0.4.9
$ cd wpa_supplicant-0.4.9
To build wpa_supplicant and wpa_cli
$ make
Now you can copy the binaries wpa_cli and wpa_supplicant to /usr/local/bin for example
$ su - ( you will most likely need to be root user for this, otherwise you might need to do a local security audit of your system. :-)

# cp wpa_supplicant wpa_cli /usr/local/bin/

(# Symbol for root user)

Now you should be ready to start testing.

If you are using the ipw3945d (binary user space regularity daemon) check that it is starting ok.

# ipw3945d
ipw3945d - regulatory daemon
Copyright (C) 2005-2006 Intel Corporation. All rights reserved.
version: 1.7.18

Next fire up wpa_supplicant

You will usually find the wpa_supplicant.conf file under /etc/wpa_supplicant/wpa_supplicant.conf

# wpa_supplicant -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -d
For an Intel ipw3945 based card, the driver used in this example should work.

Next you will have to edit you configuration file to include your pre shared key or certificate.

Example wpa_supplicant.conf file

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
#
# home network; allow all valid ciphers
network={
ssid="home"
scan_ssid=1
key_mgmt=WPA-PSK
psk="YourPassKeyGoesHere"
}

The psk= line can contain either your password in cleartext or the pre calc value of the shared key.

Then try to start and see if it can authenticate against your access point.

# wpa_supplicant -Dwext -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf

You should see something like this;
Trying to associate with XX:XX:XX:XX:XX:XX (SSID='YOURSID' freq=0 MHz)
XX = Mac Address of your access point
Associated with XX:XX:XX:XX:XX:XX:XX:XX
WPA: Key negotiation completed with XX:XX:XX:XX:XX:XX:XX:XX [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to XX:XX:XX:XX:XX:XX:XX:XX completed (auth)
WPA: Group rekeying completed with XX:XX:XX:XX:XX:XX:XX:XX [GTK=TKIP]

$ man wpa_supplicant (If you get stuck)
Try the -K option or -q for debugging

If everything works fine, you are ready to get an ip address to your interface.

Either statically assign or through a dchp request.

DHCP

# dhclient eth1

If you are using Fedora or Red Hat you should be able to install the rpm wpa_supplicant-0.4.9-1.fc5
# yum install wpa_supplicant

Supported wireless cards/drivers



One of the best wireless routers is by the way Linksys WRT300N

Linksys WRT300N Wireless-N Broadband Router

WIRELESS GARDEN SCB10 Super Cantenna 802.11b 802.11g Booster Antenna