WPA
Wi-Fi Protected Access or WPA is a powerful, standards-based, interoperable security technology for Wi-Fi networks. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security.
WPA2 (Wi-Fi Protected Access 2) provides network administrators with a high level of assurance that only authorized users can access the network. Based on the ratified IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm. WPA2 is backward compatible with WPA.
How to use WPA
You will need the wpa-supplicant that enables the communication with a WPA-secured access point. Start the wpa-supplicant like this:
wpa_supplicant -ieth1 -c/etc/wpa_supplicant.conf -d
In this example, your password is contained in /etc/wpa_supplicant.conf. That file might look like this:
ctrl_interface=/var/run/wpa_supplicant eapol_version=1 network={ ssid="FOO" scan_ssid=1 priority=5 proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=7b7267507f40f82bef91a6d2442e7313f9757aaccf788fab9eabe66dbc4e17fe }
The password is encoded in the line with
psk=7b7267507f40f82bef91a6d2442e7313f9757aaccf788fab9eabe66dbc4e17fe
You can encode your password with the command wpa_passphrase
.
Examples
SUSE
Using SUSE 10.2 and an ipw3945 WLAN card. The WLAN router has the IP 192.168.0.1/24.
Note: This example is for teaching purposes only. If you want to set this up, you can do it in a few clicks using Yast2. However, if you want to look behind the scenes, read on...
First let's see what the WLAN network device is:
santosh:~ # iwconfig lo no wireless extensions. eth2 no wireless extensions. eth3 unassociated ESSID:"FOOLAN" Nickname:"santosh" Mode:Managed Frequency=nan kHz Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power:16 dBm Retry limit:15 RTS thr:off Fragment thr:off Encryption key:2102-2630-0BF8-AFA7-0E48-6EBE-F5 Security mode:restricted Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:7 Missed beacon:0 sit0 no wireless extensions. santosh:~ #
eth3 is the WLAN card. Now let's set a passphrase:
santosh:~ # wpa_passphrase FOOLAN mypassword network={ ssid="FOOLAN" #psk="mypassword" psk=1bb95e189e8196745abfa4e5dfeae03d3c634e1e1e75ea013e7125507fbef715 } santosh:~ # cat >/etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant eapol_version=1 network={ ssid="FOOLAN" scan_ssid=1 priority=5 proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=sorryIoverwritethisbetterblahblahbahblahblahblahblahblahblafdfff } santosh:~ #
Now get it connected:
$ wpa_supplicant -i eth3 -c /etc/wpa_supplicant.conf -D wext CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys Trying to associate with 00:0f:c9:01:f5:f4 (SSID='FOOLAN' freq=0 MHz) Associated with 00:0f:c9:01:f5:f4 WPA: Key negotiation completed with 00:0f:c9:01:f5:f4 [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 00:0f:c9:01:f5:f4 completed (auth)
In a parallel console session:
ifconfig eth3 192.168.0.70
Attention: dhcpcd does not work here.
Now iwconfig eth3 shows me something like:
eth3 IEEE 802.11g ESSID:"FOOLAN" Nickname:"santosh" Mode:Managed Frequency:2.457 GHz Access Point: 00:0F:C9:01:F5:F4 Bit Rate:24 Mb/s Tx-Power:15 dBm Retry limit:15 RTS thr:off Fragment thr:off Encryption key:F523-EBFF-0012-23D1-6F72-FE22-FDBE-C493-68BC-CFA4-F981-B984-48BB-E2AF-4878-0E59 Security mode:open Power Management:off Link Quality=72/100 Signal level=-62 dBm Noise level=-70 dBm Rx invalid nwid:0 Rx invalid crypt:1 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:52 Missed beacon:0
Test your connection:
santosh:~ # ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.970 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.00 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.970/0.989/1.009/0.037 ms santosh:~ # route add default gw 192.168.0.1 santosh:~ # ping wiki.linuxquestions.org PING wiki.linuxquestions.org (207.44.182.114) 56(84) bytes of data. 64 bytes from mx.linuxquestions.org (207.44.182.114): icmp_seq=1 ttl=53 time=171 ms