______ Y ______

My own personal time capsule.

Tag Archives: wpa_supplicant

wpa_supplicant – quick reference

Leave a comment Posted by on June 9, 2013

wpa_supplicant is an amazing tool for linux that allows to connect to various WPA-enabled networks. Frankly speaking is so simple to use that it should take less than 30sec to configure provided that you know what config can be used for which network. Here is the list of tested configs:

Open Network

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
ssid="<your SSID>"
key_mgmt=NONE
priority=2
}

WPA Network

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
scan_ssid=1 
ssid="<your SSID>"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=<psk key> 
}

WPA2 Network

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
scan_ssid=1
mode=0
ssid="<your SSID>"
proto=WPA2
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="<psk key>
}

EAP-PEAP

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
scan_ssid=1
mode=0
ssid="<your SSID>"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
wpa=group=CCMP
eap=PEAP
priority=2
eapol_flags=0
identity="<username>"
password="<password>"
}

Cisco LEAP

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
scan_ssid=1
mode=0
ssid="<your SSID>"
proto=WPA
key_mgmt=WPA-EAP
pairwise=TKIP
eap=LEAP
priority=2
auth_alg=LEAP
eapol_flags=0
identity="<username>"
password="<password>"
}

EAP-TTLS

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
scan_ssid=1
mode=0
ssid="<your SSID>"
proto=RSN
key_mgmt=IEEE8021X
wpa-phase2=PAP # [Can also be: CHAP, MSCHAP, MSCHAPV2]
eap=TTLS
identity="<username>"
password="<password>"
}

EAP-TLS

step 1)
openssl pkcs12 -in <your_network_certificate>.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in <your_network_certificate>.pfx -out user.pem -clcerts
step 2) wpa_supplicant config: 
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
ctrl_interface_group=0
network={
      ssid="<your SSID>"
      scan_ssid=1
      key_mgmt=WPA-EAP
      pairwise=CCMP TKIP
      group=CCMP TKIP
      eap=TLS
      identity="username"
      ca_cert="cert.pem"
      client_cert="ca.pem"
      private_key="user.pem"
      private_key_passwd="1234"
}

How do we even use wpa_supplicant? Simply follow these steps:

Step 1) download and install it (source here)
Step 2) save one of the above configs to a file – e.g. ‘/etc/wpa_supplicant_LEAP.conf’
Step 3) if the network is PSK based use wpa_passphase to generate it & copy into the config – note the ‘psk key’ markers in the configs above where the PSK should be
Step 4) run wpa_supplicant as follows:

wpa_supplicant -c <path_to_your_config_file> -i <your interface>

Alternatively run above command with -dd for extra debugging output.

api, linux, wireless , , ,