______ Y ______
My own personal time capsule.
wpa_supplicant – quick reference
June 9, 2013
Posted by on wpa_supplicant is an amazing tool for linux that allows to connect to various WPA-enabled networks. Frankly speaking is so simple to use that it should take less than 30sec to configure provided that you know what config can be used for which network. Here is the list of tested configs:
Open Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ ssid="<your SSID>" key_mgmt=NONE priority=2 }
WPA Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 ssid="<your SSID>" proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=<psk key> }
WPA2 Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=WPA2 key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP psk="<psk key> }
EAP-PEAP
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=RSN key_mgmt=WPA-EAP pairwise=CCMP wpa=group=CCMP eap=PEAP priority=2 eapol_flags=0 identity="<username>" password="<password>" }
Cisco LEAP
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=WPA key_mgmt=WPA-EAP pairwise=TKIP eap=LEAP priority=2 auth_alg=LEAP eapol_flags=0 identity="<username>" password="<password>" }
EAP-TTLS
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=RSN key_mgmt=IEEE8021X wpa-phase2=PAP # [Can also be: CHAP, MSCHAP, MSCHAPV2] eap=TTLS identity="<username>" password="<password>" }
EAP-TLS
step 1) openssl pkcs12 -in <your_network_certificate>.pfx -out ca.pem -cacerts -nokeys openssl pkcs12 -in <your_network_certificate>.pfx -out user.pem -clcerts step 2) wpa_supplicant config: ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ ssid="<your SSID>" scan_ssid=1 key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=TLS identity="username" ca_cert="cert.pem" client_cert="ca.pem" private_key="user.pem" private_key_passwd="1234" }
How do we even use wpa_supplicant? Simply follow these steps:
Step 1) download and install it (source here)
Step 2) save one of the above configs to a file – e.g. ‘/etc/wpa_supplicant_LEAP.conf’
Step 3) if the network is PSK based use wpa_passphase to generate it & copy into the config – note the ‘psk key’ markers in the configs above where the PSK should be
Step 4) run wpa_supplicant as follows:
wpa_supplicant -c <path_to_your_config_file> -i <your interface>
Alternatively run above command with -dd for extra debugging output.