splitbrain.org

electronic brain surgery since 2001

Setting up WPA encryption on Arch Linux

Everyone knows that WEP isn't secure for wireless networks anymore and WPA/WPA2 should be used instead. Configuring WPA security is a matter of a few clicks on all modern hardware access points.

But connecting your Linux system to such a secured network requires a little helper utility called wpa_supplicant. Tools like Network Manager or Wicd will automatically configure and run wpa_supplicant for you.

But for my desktop PC I didn't need a flexible connection manager. My PC doesn't change networks, it will always connect to the same WLAN. But how to configure such a static network in Arch?

The default network mechanism only supports WEP, so I had to create my own little solution…


Setup wpa_supplicant

As said before, wpa_supplicant is the key to WPA secured networks. The basic setup is well described in the Arch Wiki page. After following the steps outlined there, my /etc/wpa_supplicant.conf looks like this:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

network={
	ssid="mynetwork"
	#psk="secret passphrase"
	psk=079d2fae6076188a16502cb87dbe30ad893549ca52c0a837c02bb272bfdccb5f
}

Creating an init script

Now we need a script that

  1. configures the wireless interface
  2. runs wpa_supplicant
  3. brings up the network interface

And that's exactly what the script below does. Put it in /etc/rc.d/network-wpa and make it executable by root.

#!/bin/bash
 
WPA_IF='wlan0'
WPA_ESSID='none'
WPA_IFCFG=''
 
. /etc/rc.conf
. /etc/rc.d/functions
 
case "$1" in
    start)
        if ! ck_daemon network-wpa; then
            echo "WPA Network is already running.  Try 'network restart'"
            exit
        fi
        stat_busy "Starting WPA Network"
 
        # setup wireless interface
        if ! /usr/sbin/iwconfig $WPA_IF essid "$WPA_ESSID" mode Managed; then
            stat_fail
            exit
        fi
 
        # wait for associacion
        /bin/sleep 10
 
        # run wpa_supplicant
        if ! /usr/sbin/wpa_supplicant -B -Dwext -i $WPA_IF -c /etc/wpa_supplicant.conf; then
            stat_fail
            exit
        fi
 
        # bring up interface
        if [ -z "$WPA_IFCFG" ]; then
            if ! /sbin/dhcpcd $WPA_IF; then
                stat_fail
                exit
            fi
        else
            if ! /sbin/ifconfig $WPA_IF $WPA_IFCFG; then
                stat_fail
                exit
            fi
        fi
 
        add_daemon network-wpa
        stat_done
        ;;
    stop)
        stat_busy "Stopping WPA Network"
        killall wpa_supplicant
        /bin/sleep 1
        ifconfig $WPA_IF down
        rm_daemon network-wpa
        stat_done
        ;;
    restart)
        $0 stop
        /bin/sleep 2
        $0 start
        ;;
    hotplug_ifup|ifup|ifdown|iflist|rtup|rtdown|rtlist)
        $1 $2
        ;;
    *)
        echo "usage: $0 {start|stop|restart}"
        echo "       $0 {ifup|ifdown|iflist|rtup|rtdown|rtlist}"
esac

Setup rc.conf

Now we need to configure our WPA secured network and make the init process load our new init script. Both is done in /etc/rc.conf:

# configure WPA encryption for wireless network
WPA_IF="ath0"
WPA_ESSID="mynetwork"
WPA_IFCFG="192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255"
 
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
#   - prefix an entry in ROUTES with a ! to disable it
#
gateway="default gw 192.168.1.1"
ROUTES=(gateway)
 
DAEMONS=(syslog-ng hal fam network-wpa network netfs ...)

The the three new WPA_* variables should be self explanatory. WPA_IF is your wireless interface, typically wlan0 or ath0. The next one is your ESSID (the same as configured in /etc/wpa_supplicant.conf). And the WPA_IFCFG variable is used for passing arguments to ifconfig, if you leave it empty DHCP should be used1).

The route lines standard Arch networking config and the last line adds our new network-wpa script. It is important that it is loaded before the usual network script to be able to setup additional network stuff like routes there.

Tags:
arch, linux, wpa, wlan, wifi, wireless
Similar posts:
1)
haven't tested it