Differences between revisions 22 and 23
Revision 22 as of 2009-06-07 09:52:32
Size: 8045
Editor: FranklinPiat
Comment: Fix interwiki link
Revision 23 as of 2009-06-08 05:25:42
Size: 8582
Editor: FranklinPiat
Comment: Start section "Security consideration"
Deletions are marked like this. Additions are marked like this.
Line 148: Line 148:
== Security consideration ==

 1. Every member of a network can ''listen'' to other members' traffic. (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). '''Use SSL/TLS protocols (https, imaps...) or VPN to preserve your privacy.'''
 2. WEP is so insecure that it is basically equivalent to not using any encryption at all.
 3. WPA ''1'' is deprecated. '''Use WPA2 instead.'''
 4. Make sure you use '''strong pass-phrase'''.

Network security, see: [[http://www.aircrack-ng.org/doku.php?id=tutorial]].
Line 150: Line 159:
 * [[DebianMan:8/iwconfig|iwconfig]]  * [[DebianMan:8/iwconfig|iwconfig(8)]]

How to use a WiFi interface

This page describes how to configure a WiFi interface on a Debian system, for use on a network.

Once your wireless device has an interface available (verifiable with iwconfig), it is required to be configured to access a network. If you do not have a wireless interface present, please refer to WiFi for information on providing a driver for your device.

Wireless network interface configuration can be performed using a connection manager (such as NetworkManager) or through Debian's /etc/network/interfaces file with a special purpose utility (such as wpa_supplicant). Examples of NetworkManager and wpa_supplicant configuration are described below.

<!> The WEP algorithm is insecure and deprecated by WPA. Use of WEP is not recommended and is not covered within this document.

NetworkManager

NetworkManager is configured through graphical interfaces, which are available for GNOME and KDE. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.

NetworkManager is also a front-end for wpa_supplicant.

GNOME

  1. Install the network-manager-gnome package:

    $ su
    # aptitude update
    # aptitude install network-manager-gnome
  2. Right-click on a GNOME panel and select "Add to Panel...".
  3. From the list presented, select "Network Monitor" and click "Add". A new systray applet will appear. Click "Close".
  4. Right-click on the applet and select "Properties".
  5. From the dialog presented, click "Configure". You will be asked for the administrative (root) password.
  6. A list of network interfaces will be displayed. Select your wireless interface, then click "Properties".
  7. Tick "Enable this connection" and enter details regarding your wireless network. Click "OK" when finished.

See the NetworkManager page for frequently asked questions, documentation and support references.

KDE

  1. Install the network-manager-kde package:

    $ su
    # aptitude update
    # aptitude install network-manager-kde
  2. From the K Menu, select "Run Command". Enter "knetworkmanager" and click "Run".
  3. A new systray applet will appear.

ToDo: Complete knetworkmanager procedure.

See the NetworkManager page for frequently asked questions, documentation and support references.

Other GUI

wicd - for Xfce, LXDE, Fluxbox

wicd (Wireless Interface Connection Daemon) is an alternative to NetworkManager. It is environment independent, making it a perfect replacement for other desktop environments (e.g. Xfce, LXDE, Fluxbox, etc.). Like NetworkManager, wicd is configured via a graphical interface. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.

Lenny users: wicd is not included in Lenny, but is available as a backported package. Configure /etc/apt/sources.list as explained in the Backports page before continuing.

  1. Update the list of available packages and install the wicd package:

    $ su
    # aptitude update
    # aptitude install wicd
  2. Amend /etc/network/interfaces to contain only the following:

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
  3. If not already performed, add your regular user account to the netdev group and reload DBus:

    # adduser yourusername netdev
    # /etc/init.d/dbus reload
  4. Start the wicd daemon:

    # /etc/init.d/wicd start
  5. Start the wicd GUI with your regular user account: 

    # exit
    $ wicd-client -n

See also wicd frequently asked questions.

wpa_supplicant

wpa_supplicant is a WPA client and IEEE 802.1X supplicant.

The wpasupplicant package provides wpa-* ifupdown options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.

  • {i} GNOME and KDE users shouldn't configure wpa_supplicant manually. Use NetworkManager as explained above.

Before continuing, install the wpasupplicant package:

  • $ su
    # aptitude update
    # aptitude install wpasupplicant

WPA-PSK and WPA2-PSK

{i} Also known as "WPA Personal" and "WPA2 Personal" respectively.

  1. Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure:

    # chmod 0600 /etc/network/interfaces
  2. Open /etc/network/interfaces in a text editor:

    # sensible-editor /etc/network/interfaces
  3. Define appropriate stanzas for your wireless interface, along with the SSID and PSK. For example:

    auto wlan0
    iface wlan0 inet dhcp
        wpa-ssid mynetworkname
        wpa-psk mysecretpassphrase
    The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
  4. Save the file and exit the editor.
  5. Bring your interface up. This will start wpa_supplicant as a background process.

    # ifup wlan0

Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.

For general /etc/network/interfaces information, see the interfaces(5) man page.

WPA-EAP

For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.

Once available, reference your configuration file in /etc/network/interfaces. For example:

  • auto wlan0
    iface wlan0 inet dhcp
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections

To switch between multiple distinct configurations:

  • GNOME users should use "Menu System > Administration > Network".

  • Console users can

Security consideration

  1. Every member of a network can listen to other members' traffic. (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (https, imaps...) or VPN to preserve your privacy.

  2. WEP is so insecure that it is basically equivalent to not using any encryption at all.
  3. WPA 1 is deprecated. Use WPA2 instead.

  4. Make sure you use strong pass-phrase.

Network security, see: http://www.aircrack-ng.org/doku.php?id=tutorial.

See Also


CategoryNetwork | CategoryWireless