Connect to a wireless local area network

From LQWiki
Jump to: navigation, search

This covers how to get wireless, or Wi-Fi networks to work under Linux, and the various applications that go along with them.

Start

You should start by means of your distribution - most probably, it works out of the box. Make sure you enabled WLAN on your laptop (there is mostly a button for it). Put it next to your WLAN router. Install your WLAN card as a network card, it will be called eth1,wlan0 or so. Use iwconfig to find out how it is called. You should be able to scan for wireless networks then, e.g. by

$ iwlist wlan0 scanning
wlan0     Scan completed :
          Cell 01 - Address: 00:0F:C9:01:F5:F4
                    ESSID:"foo"
                    Mode:Managed
                    Channel:10
                    Encryption key:off
                    Bit Rates:0 kb/s

$

If you get a Command not found error, install the Wireless tools and try again.
If you do not get a list like the above, see the next section Wireless configuration.
If it works, you can continue with the section Connect to an Accesspoint.

Wireless Configuration

The following provides the general steps required to get wireless networking enabled on your Linux machine.

Gaining root access

open a console and type su to log into root (you must type your root password. If you're on an Ubuntu-like where the root user is disabled then don't bother typing su but instead add sudo at the beginning of each command. If you're on Ubuntu and, like me, hate using the sudo command so much then run sudo bash which logs you into root just like su.

Find out your wifi card's chipset

In order to get your card working you will have to determine its chipset. There is one, generic, way for PCI and PCMCIA cards, and one for USB cards:

  • The generic way
If this command does not succeed, this can mean that you have an old kernel that does not recognize your card as a WLAN card. In this case, you cannot use it. Anyway, to find out its type use hwinfo --pci or hwinfo --pcmcia.
  • Methods for USB cards
    • Run hwinfo --usb.
This will give you information about the chipset and tell you a Driver activation command (like "modprobe rt73usb").

Hopefully you now have a chipset name but...

Which driver to load and how?

To find out which driver you have to load, use

hwinfo --wlan|grep -i driver

See below for additional relevant information on given chipsets or drivers.

Open Source

Proprietary

Note that building a kernel module requires the kernel sources. Download your driver sources in .tar.gz format and compile from source.

Connect to an Accesspoint

This chapter covers how to connect to an unencrypted or WEP encrypted accesspoint. For WPA encryption, have a look here. The example interface will be called wlan0.

To set up the interface, start by:

 $ ifconfig wlan0 up

If you want, you could scan for an accesspoint first:

 $ iwlist wlan0 scanning

You will then see the available accesspoints, their ESSID's, the frequency, etc. To associate with an accesspoint (for example "test"), run:

 $ iwconfig wlan0 essid test

Most drivers will automatically find the right channel in a minute. You should now be able to see something like this when you run iwconfig:

 $ iwconfig
 lo        no wireless extensions

 wlan0     IEEE 802.11b  ESSID:"test"  
           Mode:Managed  Frequency:2.437 GHz  Access Point: 00:00:00:00:00:00   
           Bit Rate:11 Mb/s   Tx-Power=15 dBm   
           Retry limit:8   RTS thr=1536 B   Fragment thr=1536 B   
           Encryption key: off
           Power Management:off
           Link Quality=0/0  Signal level=0/255  Noise level=0/0
           Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
           Tx excessive retries:0  Invalid misc:0   Missed beacon:0

This means that everything has been installed properly.

Using WEP encryption

If the accesspoint uses WEP, you set the encryption like so:

$ iwconfig wlan0 key s:"the_ascii_key"

Or you can use a hexadecimal key:

$ iwconfig wlan0 key 00000000000

The bits of encryption is determined by the key length. Note that this command, along with the key, can be seen in "ps aux".

# ifconfig ath0 down
# iwconfig ath0 essid disaster-master enc 1234abcdef mode Managed channel auto
# ifconfig ath0 up
# dhclient ath0

If you don't like typing a large command sequence to reconnect your login each time then here is a helpful script which can speed up the process.

#!/bin/sh
#this is a comment
#all commands must be run as root (script must be run as root or as startup script)

#Router WEP settings
iface=ath0
ssid=disaster-master
wephexkey=1234abcdef
chan=auto

#setting up and applying wireless config, no need to edit beyond this point
ifconfig $iface down
iwconfig $iface essid $ssid enc $wephexkey mode Managed channel $chan
ifconfig $iface up
dhclient $iface

Use WPA/WPA2 Personal

For this you must have the wpasupplicant package installed on your distro in order to use the wpa_supplicant and related commands. This tutorial is the same whether you are using WPA-PSK or WPA2-PSK.

My network SSID is called disaster-master and it's currently running WPA2-PSK encryption on it. My WPA2 passphrase is "hindrance".

First create two text files and save them as wireless-wpa.sh and wireless-wpa.conf and make sure that they are saved into the same directory. Copy the following contents into each file.

wireless-wpa.sh
#!/bin/sh 
iface=ath0

#shut down interface
ifconfig $iface down

#set ad-hoc/management of wireless device
iwconfig $iface mode Managed

#enable interface
ifconfig $iface up

#stop any persistent wireless wpa2 sessions
killall wpa_supplicant

#apply WPA/WPA2 personal settings to device
wpa_supplicant -B -Dwext -i $iface -c ./wireless-wpa.conf -dd

#obtain an IP address
dhclient $iface
wireless-wpa.conf
# disaster-master network using WPA2-PSK

ctrl_interface=/var/run/wpa_supplicant

network={
        ssid="disaster-master"
        scan_ssid=1
        key_mgmt=WPA-PSK
        psk="hindrance"
}

Don't forget to edit wireless-wpa.sh and set iface equal to your wireless device and edit wireless-wpa.conf with your WPA settings. Navigate to the current directory of your shell scripts in your terminal (mine are located in ~/Documents/wireless/). Run the following command sequence:

# chmod 755 wireless-wpa.sh
# chmod 644 wireless-wpa.conf
# ./wireless-wpa.sh

You should be successfully connected to your WPA/WPA2 wireless network. Please note that you only need to run the chmod commands the first time. After that you don't need to run them. You must run wireless-wpa.sh every time you restart your computer.

You can read up on the wpa_supplicant setup by viewing it's man pages. Just type:

man wpa_supplicant
man wpa_supplicant.conf

Use WPA/WPA2 Enterprise

For this you must have the wpasupplicant package installed on your distro in order to use the wpa_supplicant and related commands. This tutorial is the same whether you are using WPA-Enterprise or WPA2-Enterprise.

My enterprise network SSID is called dragonfly3 and it has a radius login server at radius.irt.drexel.edu (which is automatically detected and not needed to be set up). The Enterprise network is currently running WPA2-Enterprise encryption with IEEE 802.1X login using EAP-TTLS/MSCHAPv2. My login (not real) at radius.irt.drexel.edu is "abc123" and my password is "hindrance".

First create two text files and save them as wireless-wpa-enterprise.sh and wireless-wpa-enterprise.conf and make sure that they are saved into the same directory. Copy the following contents into each file.

wireless-wpa-enterprise.sh
#!/bin/sh 
iface=ath0

#stop any persistent wireless wpa2 authentication sessions
killall wpa_supplicant

#shut down wireless interface
ifconfig $iface down

#set working mode of wireless device
iwconfig $iface mode Managed

#enable interface
ifconfig $iface up

#apply dragonfly3 settings to device
wpa_supplicant -B -Dwext -i $iface -c ./wireless-wpa-enterprise.conf -dd

#obtain an IP address
dhclient $iface
wireless-wpa-enterprise.conf
# Drexel dragonfly3 IEEE 802.1X login using EAP-TTLS/MSCHAPv2

ctrl_interface=/var/run/wpa_supplicant

network={
    ssid="dragonfly3"
    scan_ssid=0
    key_mgmt=WPA-EAP
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=TTLS
    phase2="auth=MSCHAPV2"
    identity="abc123"
    password="hindrance"
}

Don't forget to edit wireless-wpa-enterprise.sh and set iface equal to your wireless device and edit wireless-wpa-enterprise.conf with your network SSID and enterprise login information. Navigate to the current directory of your shell scripts in your terminal (mine are located in ~/Documents/wireless/. Run the following command sequence:

# chmod 755 wireless-wpa-enterprise.sh
# chmod 644 wireless-wpa-enterprise.conf
# ./wireless-wpa-enterprise.sh

You should be successfully connected to your WPA/WPA2 wireless network. Please note that you only need to run the chmod commands the first time. After that you don't need to run them. You must run wireless-wpa-enterprise.sh every time you restart your computer.

You can read up on the wpa_supplicant setup by viewing it's man pages. Just type:

man wpa_supplicant
man wpa_supplicant.conf

Getting an IP address

If you have associated properly, you should see the accesspoint's mac address in from iwconfig instead of 00:00:00:00:00:00. If the network you have connected to uses dhcp, it is time to obtain an ip address:

 $ dhclient wlan0

Or:

 $ dhcpcd wlan0

You should see "DHCPOFFER" or similar in a minute if all went well. If it sits there for a while with no DHCPOFFER, then something is wrong. Perhaps the encryption key was incorrect.

However, if you would connect to a AP that doesn't have a dhcp server, you can do the following:

First scan for the AP so you can see the ESSID and the mac address. Do the following

 $ iwconfig wlan0 essid "MyAP" (if that's the ESSID)
 $ iwconfig wlan0 ap 00:40:CA:45:10:9C (if that's the mac)
 $ ifconfig wlan0 192.168.0.20 up
 $ route add -net default gw 192.168.0.1

Provided that the AP has the IP 192.168.0.1.

Autostarting network configuration

I found a really good post which tells you how to do this located here and create the necessary system startup links. Depending on your distribution you can do it with chkconfig (RedHat, Fedora, CentOS, Mandriva, SuSE) or update-rc.d (Debian, Ubuntu). I'm going to proceed explaining how to manually set up a startup script rather than using the automated method like update-rc.d. This is per the documentation from the Debian Policy Manual Section 9.3.

The directory for startup scripts is located in /etc/rcS.d. Do a quick listing and see what is in your bootup script directory using ls /etc/rcS.d:

ls /etc/rcS.d
README                              S35mountall.sh
S01mountkernfs.sh                   S36mountall-bootclean.sh
S01readahead                        S37apparmor
S02hostname.sh                      S37mountoverflowtmp
S06keyboard-setup                   S37udev-finish
S07linux-restricted-modules-common  S39readahead-desktop
S08hwclockfirst.sh                  S39ufw
S08loopback                         S40networking
S10udev                             S45mountnfs.sh
S11hwclock.sh                       S46mountnfs-bootclean.sh
S11mountdevsubfs.sh                 S49console-setup
S13pcmciautils                      S55bootmisc.sh
S15module-init-tools                S55dns-clean
S17procps                           S55pppd-dns
S20checkroot.sh                     S55urandom
S22mtab.sh                          S70screen-cleanup
S25brltty                           S70x11-common
S30checkfs.sh                       S90console-screen.kbd.sh

Here is what my readme readme says:

cat /etc/rcS.d/README
The scripts in this directory whose names begin with an 'S' are executed
once when booting the system, even when booting directly into single user
mode.

The scripts are all symbolic links whose targets are located in
/etc/init.d/ .

To disable a script in this directory, rename it so that it begins with
a 'K'.

For more information see /etc/init.d/README.

The following sequence points are defined at this time:

* After the S40 scripts have executed, all local file systems are mounted
  and networking is available. All device drivers have been initialized.

* After the S60 scripts have executed, the system clock has been set, NFS
  filesystems have been mounted (unless the system depends on the automounter,
  which is started later) and the filesystems have been cleaned.

As a quick side note, if you are using WPA then you need to edit your wireless-wpa.sh script and change ./wireless-wpa.conf to /etc/init.d/wireless-wpa.conf. Here's the newly formatted command:

wpa_supplicant -B -Dwext -i $iface -c /etc/init.d/wireless-wpa.conf -dd

And also please note from the README that "After the S40 scripts have executed, all local file systems are mounted and networking is available. All device drivers have been initialized." As you can see from my listing that I have no S41 script so I'm going to make that my wireless networking startup script and call it S41wlan_net_connect (you can call it S41 whatever you want if you don't like it). Browse to the directory where you have your wireless-wpa.sh, then switch to root user and run the following command sequence:

cp ./wireless-wpa.sh /etc/init.d/wireless-wpa.sh
cp ./wireless-wpa.conf /etc/init.d/wireless-wpa.conf
chmod 755 /etc/init.d/wireless-wpa.sh
chmod 644 /etc/init.d/wireless-wpa.conf
ln -s /etc/init.d/wireless-wpa.sh /etc/rcS.d/S41wlan_net_connect

We just finished creating the symbolic link (ln -s) so now test it by restarting. It should be set up as a startup script now.

Turn off wireless Tx when computer starts

I used the iwconfig utility to switch off power to the wireless card at startup, and wrote a shell script to switch it back on again when I need to use it.

I added this line to the /etc/rc.local file:

/sbin/iwconfig wlan0 txpower off

and that powers off the wireless card at boot time.

The shell script just reverses that, and brings the card into the 'up' network state:

#!/bin/bash
sudo /sbin/iwconfig wlan0 txpower on
sleep 1
sudo /sbin/ifconfig wlan0 up

See also

Howtos,Guides

Chipset list

Specific cards