WPA For Wireless

[EndianX]

By default, Ubuntu does not seem to support WPA Encryption. I am very new to linux. How hard would it be to get WPA (Pre Shared Key) support working?

How would I go about doing that?

[AlexK]

You will need to download a program called wp_supplicant, I am not sure if apt has wpa_supplicant in its repositories, so you can try the following command to see if it is in the repository:

Code:

sudo apt search wpa*

then install it with apt-get install whatever.

Once that is done, you will need to create a config file like the following:

Code:

ctrl_interface=/var/run/wpa_supplicant
network={
  ssid="My_ssid"
  psk="My_super_secret_pass"
  key_mgmt=WPA-PSK
}

place it in /etc and name it wpa_supplicant.conf, then run it via this command

Code:

sudo wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -Ddriver_name

replace the wlan0 with the name of your wireless card, this can be found using the iwconfig command, replace the driver_name with the name of the driver, e.g. ndiswrapper, madwifi etc...

EDIT: Note, there are no spaces in the last command, cos that is the way it expects stuff to be entered (between the -iwlan0 stuff)

[EndianX]

Thank you for the response. This looks easy enough.

replace the wlan0 with the name of your wireless card, this can be found using the iwconfig command, replace the driver_name with the name of the driver, e.g. ndiswrapper, madwifi etc...

How do I go about finding the "name" of my driver. Ubuntu has autodetected it. Is there a way I can figure out what driver it is using? Does name refer to a file, or do drivers have an actual "name" somewhere.

Thanks again,

[EndianX]

Well, I saw in the wpa_supplicant help this list of drivers...

Code:

  hostap = Host AP driver (Intersil Prism2/2.5/3)
  prism54 = Prism54.org driver (Intersil Prism GT/Duette/Indigo)
  madwifi = MADWIFI 802.11 support (Atheros, etc.)
  atmel = ATMEL AT76C5XXx (USB, PCMCIA)
  wext = Linux wireless extensions (generic)
  ndiswrapper = Linux ndiswrapper
  ipw = Intel ipw2100/2200 driver

I believe Intel ipw2200 is what I have. So I tried the following...

sudo wpa_supplicant -ieth1 -c/etc/wpa_supplicant.conf -Dipw

Here is my output...

Code:

ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported

Oh, also, output from iwconfig...

Code:

lo        no wireless extensions.

eth0      no wireless extensions.

eth1      unassociated  ESSID:off/any
          Mode:Managed  Channel=0  Access Point: 00:00:00:00:00:00
          Bit Rate=0 kb/s   Tx-Power=20 dBm
          RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:360   Missed beacon:0

sit0      no wireless extensions.

[AlexK]

I dont know why it says operation not supported when you try to run wpasupplicant, I did a quick google search and I found this howto in ubuntu forums regarding wpa_supplicant. Hope this helps.

[EndianX]

Oh my. A lot of steps there. But that looks to be exactly what I need.

Thank you very much.

[AlexK]

Well, most of the steps there are for installing the card's driver and firmware, only the last few are for getting wpa working.

Also, setup your wireless network so that the ssid is broadcast, for some reason, wpa_supplicant will refuse to connect to a AP whose ssid is hidden. Don't worry about the security implications about the ssid being broadcast, no one will be able to connect unless they supply the correct wpa key.

[EndianX]

Also, setup your wireless network so that the ssid is broadcast, for some reason, wpa_supplicant will refuse to connect to a AP whose ssid is hidden. Don't worry about the security implications about the ssid being broadcast, no one will be able to connect unless they supply the correct wpa key.

DOH! Well that explains a lot. I have it working but my connection is going up and down. My SSID is hidden though.

My roommate is a complete security nut. The kind of guy who uses encryption with IM. Will be difficult to convince him to allow it to be broadcast. You'd think a 50 character PSK with WPA and MAC address filtering would be enough...

Well, I'll turn it off for a least a while and see if that fixes the problem I am having.

[EndianX]

Awww, that didn't fix my problem

Sometimes I have a signal...

Code:

eth1      IEEE 802.11g  ESSID:"b7ar*i6a"
          Mode:Managed  Frequency:2.457 GHz  Access Point: 00:13:10:62:9B:08
          Bit Rate=54 Mb/s   Tx-Power=20 dBm
          Retry limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=77/100  Signal level=-52 dBm  Noise level=-86 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:440   Missed beacon:0

Sometimes I don't...

Code:

eth1      unassociated  ESSID:"b7ar*i6a"
          Mode:Managed  Channel=0  Access Point: 00:13:10:62:9B:08
          Bit Rate=0 kb/s   Tx-Power=20 dBm
          Retry limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:596   Missed beacon:0

And even when I do have a signal, pings to the gateway return "destination host not reachable". I'm so confused...

[AlexK]

ok then try this:

sudo gedit /etc/resolv.conf

replace gedit with your favourite text editor, e.g. vi, emacs etc.

then add the following line to it:

Code:

nameserver xxx.xxx.xxx.xxx

replace xxx.xxx.xxx.xxx with the ip address of your router.

That should help a bit with the destination unreachable problems. And don't worry a 50 char PSK with MAC filtering is more than enough until 802.11i comes out.