Differences between revisions 2 and 61 (spanning 59 versions)
Revision 2 as of 2008-10-28 18:52:42
Size: 937
Editor: FranklinPiat
Comment: import ipw3945's wpasuplicant section.
Revision 61 as of 2015-03-05 09:06:44
Size: 12120
Editor: ?TimSmall
Comment: clarify PSK precalculation section
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

= How To use Wifi network adapter =
''Foreword : The [wiki:WikiPedia:Wired_Equivalent_Privacy WEP] wireless protocol is insecure. DO NOT USE IT ! (It is very easy to capture the network traffic, including your email content and password)''

 {i} This page is ''under construction'' : your contribution is welcome.

== Gnome GUI ==

== KDE GUI ==

== Command line ==

== WPA : using wpasupplicant ==

Theoretically, you can just install DebPkg:wpasupplicant :
~-Translations: English - [[fr/WiFi/HowToUse|French]] - [[it/WiFi/HowToUse|Italiano]] - [[ru/WiFi/HowToUse|Русский]] - [[zh-CN/WiFi/HowToUse|简体中文]] -~

= How to use a WiFi interface =
This page describes how to configure a !WiFi interface on a Debian system, for use on a network.

<<TableOfContents(3)>>

Once your wireless device has an interface available (verifiable with [[DebianMan:8/iwconfig|iwconfig]]), it is required to be configured to access a network. If you do not have a wireless interface present, please refer to [[WiFi]] for information on providing a driver for your device.

Wireless network interface configuration can be performed using a connection manager (such as [[#network-manager|NetworkManager]]) or through Debian's {{{/etc/network/interfaces}}} file with a special purpose utility (such as [[#wpasupplicant|wpa_supplicant]]). Examples of !NetworkManager and wpa_supplicant configuration are described below.

<!> The [[WikiPedia:Wired_Equivalent_Privacy|WEP]] algorithm is insecure and deprecated by [[WPA]]. Use of WEP is '''not recommended''' and is not covered within this document.

<<Anchor(network-manager)>>
== NetworkManager ==
## 'network-manager' is brought in as a dependency of either frontend package.
NetworkManager is configured through graphical interfaces, which are available for [[Gnome|GNOME]] and [[KDE]]. Your wireless interface should ''not'' be referenced within Debian's {{{/etc/network/interfaces}}} file.

!NetworkManager is also a front-end for [[#wpasupplicant|wpa_supplicant]].
=== GNOME ===
 1. Ensure your user account is a member of the {{{netdev}}} group.
 1. Install the DebianPkg:network-manager-gnome package: {{{
$ su
# apt-get update
# apt-get install network-manager-gnome
}}}
 1. Log out of GNOME, then log back in to your system.
 1. A new applet (computer icon) will appear in the notification area / system tray. Left-click this icon to present the nm-applet pop-up menu.
 1. Neighboring wireless networks with a broadcasted SSID should be listed:
  * Click on the desired network's name.
  * If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
  * The wireless network connection will be activated.
 If the desired network is not listed (e.g. SSID not broadcast/hidden):
  * Click "Connect to Other Wireless Network...".
  * Enter the network's SSID at "Network Name".
  * If encryption is used, select the method from the "Wireless Security" drop-down list (usually "WPA Personal" or "WPA2 Personal").
   * Enter the passphrase/pre-shared key at "Password".
  * Click the "Connect" button to activate the wireless network connection.

See the [[NetworkManager]] page for frequently asked questions, documentation and support references.

=== KDE ===
 1. Ensure your user account is a member of the {{{netdev}}} group.
 1. Install the DebianPkg:plasma-widget-networkmanagement package: {{{
$ su
# aptitude update
# aptitude install plasma-widget-networkmanagement
}}}
 1. Add the Network Management plasma widget to your system tray.
  * Click on the Plasma "foot"
  * Click "Add Widget"
  * Search for "Network"
  * Drag the "Network Management" item to your system tray.
 1. A new applet (wallplug/socket icon) will appear in the system tray. Click this icon.
 1. Neighboring wireless networks with a broadcasted SSID should be listed:
  * Click on the desired network's name.
  * If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
  * The wireless network connection will be activated.
 If the desired network is not listed (e.g. SSID not broadcast/hidden):
  * Click "Connect to Other Wireless Network...".
  * Enter the network's name in "Name (ESSID)".
  * Tick "Use Encryption" if in use on the network.
   * Select the encryption method used (usually "WPA Personal").
   * Enter the passphrase/pre-shared key at "Password".
   * Select "WPA 1" or "WPA 2" for the protocol version, as used by the network.
  * Click the "Connect" button to activate the wireless network connection.

See the [[NetworkManager]] page for frequently asked questions, documentation and support references.

<<Anchor(wicd)>>
== Wicd ==

<!> You must remove network-manager to get wicd to work. Check to see if network-manager is installed and see if, after you installed the driver, your wireless is already working in the notification area of your desktop manager. You may already be good to go.

[[WikiPedia:Wicd|wicd]] (Wireless Interface Connection Daemon) is a lightweight alternative to !NetworkManager. It is environment-independent, making it suitable for all desktop environments, including GNOME, Xfce, LXDE, and Fluxbox. Like !NetworkManager, wicd is configured via a graphical interface. Your wireless interface should ''not'' be referenced within Debian's {{{/etc/network/interfaces}}} file.

## extended /usr/share/doc/wicd/README.Debian instructions follow
## - wicd conflicts with network-manager as of wicd 1.5.7-1 (Debian bug #509051)
## - wicd daemon may (IME) fail to start after package installation, start it prior to running wicd-client
 1. Update the list of available packages and install the DebianPkg:wicd package: {{{
$ su
# aptitude update
# aptitude install wicd}}}
 1. Amend {{{/etc/network/interfaces}}} to contain only the following: {{{
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback}}}
 '''Note:''' as of wheezy it is fine to have your wireless interface in {{{/etc/network/interfaces}}}, but not required. You can set the wireless interface (e.g. wlan0) in the wicd client's preferences.
 1. If not already performed, add your regular user account to the {{{netdev}}} group and reload DBus: {{{
# adduser yourusername netdev
# /etc/init.d/dbus reload}}}
 1. Start the wicd daemon: {{{
# /etc/init.d/wicd start}}}
 1. Start the wicd GUI with your regular user account: {{{
# exit
$ wicd-client -n}}}

See also [[http://wicd.sourceforge.net/moinmoin/FAQ|wicd frequently asked questions]].

<<Anchor(command line)>>
== Command Line ==

Find your wireless interface and bring it up:

{{{
# ip a
# iwconfig
# ip link set wlan0 up
}}}

Scan for available networks and get network details:

{{{
$ su
# iwlist scan
}}}

Now edit {{{/etc/network/interfaces}}}. The required configuration is much dependent on your particular setup. See the following example to get an idea of how it works:

{{{
# my wifi device
auto wlan0
iface wlan0 inet dhcp
        wireless-essid [ESSID]
        wireless-mode [MODE]
}}}

For further information on available configuration options, see {{{man interfaces}}}, {{{man wireless}}} and {{{/usr/share/doc/wireless-tools/README.Debian}}}.

You can now bring your interface up and down with the usual {{{ifup}}} and {{{ifdown}}} commands. If you added {{{auto wlan0}}} as in the example above, the interface should be brought up automatically during boot up.

<<Anchor(wpasupplicant)>>
== wpa_supplicant ==
wpa_supplicant is a [[WPA]] client and IEEE 802.1X [[WikiPedia:Supplicant_(computer)|supplicant]].

The DebianPkg:wpasupplicant package provides {{{wpa-*}}} [[DebianMan:8/ifup|ifupdown]] options for {{{/etc/network/interfaces}}}. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.

 {i} GNOME and KDE users shouldn't configure wpa_supplicant manually. Use !NetworkManager as [[#network-manager|explained above]].

Before continuing, install the DebianPkg:wpasupplicant package:
Line 18: Line 146:
apt-get install wpasupplicant
}}}

Look at the [http://manpages.debian.net/cgi-bin/man.cgi?query=wpa_supplicant.conf&apropos=0&sektion=5 wpa_supplicant.conf] manpage to determine how to write it.


[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]
[[BR]]

------
CategoryProposedDeletion : This page was created on 2008-10. It should be deleted by 2009-04 if it's still empty.
$ su
# aptitude update
# aptitude install wpasupplicant
}}}

=== WPA-PSK and WPA2-PSK ===
{i} Also known as "WPA Personal" and "WPA2 Personal" respectively.

 1. Restrict the permissions of {{{/etc/network/interfaces}}}, to prevent pre-shared key (PSK) disclosure (alternatively use a separate config file such as /etc/network/interfaces.d/wlan0 on newer Debian versions): {{{
# chmod 0600 /etc/network/interfaces
}}}
 1. Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following example: {{{
$ wpa_passphrase myssid my_very_secret_passphrase
}}}
If you don't put the passphrase on the command line, it will be prompted for. The above command gives the output:{{{
network={
 ssid="myssid"
 #psk="my_very_secret_passphrase"
 psk=ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
}
}}}
... you'll need to copy from "psk=" to the end of the line, to put in your /etc/network/interfaces file.

 1. Open {{{/etc/network/interfaces}}} in a text editor : {{{
# sensible-editor /etc/network/interfaces
}}}
 1. Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH. For example : {{{
auto wlan0
iface wlan0 inet dhcp
 wpa-ssid myssid
 wpa-psk ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
}}}
 The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.

 1. Save the file and exit the editor.
 1. Bring your interface up. This will start wpa_supplicant as a background process. {{{
# ifup wlan0
}}}

Additional {{{wpa-*}}} options are described within {{{/usr/share/doc/wpasupplicant/README.modes.gz}}}. This should also be read if connecting to a network not broadcasting its SSID.

For general {{{/etc/network/interfaces}}} information, see the [[DebianMan:5/interfaces|interfaces(5)]] man page.

=== WPA-EAP ===

For networks using [[WikiPedia:Extensible_Authentication_Protocol|EAP-TLS]], you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at [[file:///usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf|/usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf]].

Once available, reference your configuration file in {{{/etc/network/interfaces}}}. For example:
 {{{
auto wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
}}}

More information can be found in the [[DebianMan:5/wpa_supplicant.conf|wpa_supplicant.conf(5)]] man page. A fully-commented wpa_supplicant configuration file example is at {{{/usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz}}}.

== Switching Connections ==
To switch between multiple distinct configurations:
 * GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)
 * Console users can
   * use logical interfaces, as {{{
iface wlan_home inet dhcp
    wpa-ssid mynetworkname
    wpa-psk mysecretpassphrase}}}

   {{{
# ifup wlan0=wlan_home}}}
   * use DebianPkg:ifscheme, see the [[http://www.alwayssunny.com/blog/?p=30|example configuration at alwayssunny.com]].
   * You can use [[DebianMan:8/guessnet|guessnet(8)]] to switch profiles automatically by your location.

== Security consideration ==

 1. Every member of a network can ''listen'' to other members' traffic (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). '''Use SSL/TLS protocols (HTTPS, IMAPS...) or VPN to preserve your privacy.'''
 2. WEP is so insecure that it is basically equivalent to not using any encryption at all.
 3. WPA'''1''' is deprecated. '''Use WPA2 instead.'''
 4. Make sure you use a '''strong pass-phrase'''.

Network security, see: [[http://www.aircrack-ng.org/doku.php?id=tutorial]].

== See Also ==
 * [[WiFi/AdHoc]] - Establishing a !WiFi network without an access point.
 * [[DebianMan:8/iwconfig|iwconfig(8)]]
 * [[NetworkConfiguration]]
 * [[NetworkManager]]
 * [[WiFi]]
 * [[WPA]]

----
CategoryNetwork | CategoryWireless
----
CategoryNetwork

Translations: English - French - Italiano - Русский - 简体中文

How to use a WiFi interface

This page describes how to configure a WiFi interface on a Debian system, for use on a network.

Once your wireless device has an interface available (verifiable with iwconfig), it is required to be configured to access a network. If you do not have a wireless interface present, please refer to WiFi for information on providing a driver for your device.

Wireless network interface configuration can be performed using a connection manager (such as NetworkManager) or through Debian's /etc/network/interfaces file with a special purpose utility (such as wpa_supplicant). Examples of NetworkManager and wpa_supplicant configuration are described below.

<!> The WEP algorithm is insecure and deprecated by WPA. Use of WEP is not recommended and is not covered within this document.

NetworkManager

NetworkManager is configured through graphical interfaces, which are available for GNOME and KDE. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.

NetworkManager is also a front-end for wpa_supplicant.

GNOME

  1. Ensure your user account is a member of the netdev group.

  2. Install the network-manager-gnome package:

    $ su
    # apt-get update
    # apt-get install network-manager-gnome
  3. Log out of GNOME, then log back in to your system.
  4. A new applet (computer icon) will appear in the notification area / system tray. Left-click this icon to present the nm-applet pop-up menu.
  5. Neighboring wireless networks with a broadcasted SSID should be listed:
    • Click on the desired network's name.
    • If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
    • The wireless network connection will be activated.
    If the desired network is not listed (e.g. SSID not broadcast/hidden):
    • Click "Connect to Other Wireless Network...".
    • Enter the network's SSID at "Network Name".
    • If encryption is used, select the method from the "Wireless Security" drop-down list (usually "WPA Personal" or "WPA2 Personal").
      • Enter the passphrase/pre-shared key at "Password".
    • Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

KDE

  1. Ensure your user account is a member of the netdev group.

  2. Install the plasma-widget-networkmanagement package:

    $ su
    # aptitude update
    # aptitude install plasma-widget-networkmanagement
  3. Add the Network Management plasma widget to your system tray.
    • Click on the Plasma "foot"
    • Click "Add Widget"
    • Search for "Network"
    • Drag the "Network Management" item to your system tray.
  4. A new applet (wallplug/socket icon) will appear in the system tray. Click this icon.
  5. Neighboring wireless networks with a broadcasted SSID should be listed:
    • Click on the desired network's name.
    • If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
    • The wireless network connection will be activated.
    If the desired network is not listed (e.g. SSID not broadcast/hidden):
    • Click "Connect to Other Wireless Network...".
    • Enter the network's name in "Name (ESSID)".
    • Tick "Use Encryption" if in use on the network.
      • Select the encryption method used (usually "WPA Personal").
      • Enter the passphrase/pre-shared key at "Password".
      • Select "WPA 1" or "WPA 2" for the protocol version, as used by the network.
    • Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

Wicd

<!> You must remove network-manager to get wicd to work. Check to see if network-manager is installed and see if, after you installed the driver, your wireless is already working in the notification area of your desktop manager. You may already be good to go.

wicd (Wireless Interface Connection Daemon) is a lightweight alternative to NetworkManager. It is environment-independent, making it suitable for all desktop environments, including GNOME, Xfce, LXDE, and Fluxbox. Like NetworkManager, wicd is configured via a graphical interface. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.

  1. Update the list of available packages and install the wicd package:

    $ su
    # aptitude update
    # aptitude install wicd
  2. Amend /etc/network/interfaces to contain only the following:

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback

    Note: as of wheezy it is fine to have your wireless interface in /etc/network/interfaces, but not required. You can set the wireless interface (e.g. wlan0) in the wicd client's preferences.

  3. If not already performed, add your regular user account to the netdev group and reload DBus:

    # adduser yourusername netdev
    # /etc/init.d/dbus reload
  4. Start the wicd daemon:

    # /etc/init.d/wicd start
  5. Start the wicd GUI with your regular user account: 

    # exit
    $ wicd-client -n

See also wicd frequently asked questions.

Command Line

Find your wireless interface and bring it up:

# ip a
# iwconfig
# ip link set wlan0 up

Scan for available networks and get network details:

$ su
# iwlist scan

Now edit /etc/network/interfaces. The required configuration is much dependent on your particular setup. See the following example to get an idea of how it works:

# my wifi device
auto wlan0
iface wlan0 inet dhcp
        wireless-essid [ESSID]
        wireless-mode [MODE] 

For further information on available configuration options, see man interfaces, man wireless and /usr/share/doc/wireless-tools/README.Debian.

You can now bring your interface up and down with the usual ifup and ifdown commands. If you added auto wlan0 as in the example above, the interface should be brought up automatically during boot up.

wpa_supplicant

wpa_supplicant is a WPA client and IEEE 802.1X supplicant.

The wpasupplicant package provides wpa-* ifupdown options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.

  • {i} GNOME and KDE users shouldn't configure wpa_supplicant manually. Use NetworkManager as explained above.

Before continuing, install the wpasupplicant package:

  • $ su
    # aptitude update
    # aptitude install wpasupplicant

WPA-PSK and WPA2-PSK

{i} Also known as "WPA Personal" and "WPA2 Personal" respectively.

  1. Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure (alternatively use a separate config file such as /etc/network/interfaces.d/wlan0 on newer Debian versions):

    # chmod 0600 /etc/network/interfaces
  2. Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following example:

    $ wpa_passphrase myssid my_very_secret_passphrase

If you don't put the passphrase on the command line, it will be prompted for. The above command gives the output:

network={
        ssid="myssid"
        #psk="my_very_secret_passphrase"
        psk=ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
}

... you'll need to copy from "psk=" to the end of the line, to put in your /etc/network/interfaces file.

  1. Open /etc/network/interfaces in a text editor :

    # sensible-editor /etc/network/interfaces
  2. Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH. For example :

    auto wlan0
    iface wlan0 inet dhcp
            wpa-ssid myssid
            wpa-psk ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
    The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
  3. Save the file and exit the editor.
  4. Bring your interface up. This will start wpa_supplicant as a background process.

    # ifup wlan0

Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.

For general /etc/network/interfaces information, see the interfaces(5) man page.

WPA-EAP

For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.

Once available, reference your configuration file in /etc/network/interfaces. For example:

  • auto wlan0
    iface wlan0 inet dhcp
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections

To switch between multiple distinct configurations:

  • GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)

  • Console users can

Security consideration

  1. Every member of a network can listen to other members' traffic (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (HTTPS, IMAPS...) or VPN to preserve your privacy.

  2. WEP is so insecure that it is basically equivalent to not using any encryption at all.
  3. WPA1 is deprecated. Use WPA2 instead.

  4. Make sure you use a strong pass-phrase.

Network security, see: http://www.aircrack-ng.org/doku.php?id=tutorial.

See Also


CategoryNetwork | CategoryWireless


CategoryNetwork