5443
Comment: Protect /etc/network/interfaces from disclosure *before* editing
|
5780
Import "Switching connexion" from Wifi + minor formating improvements
|
Deletions are marked like this. | Additions are marked like this. |
Line 47: | Line 47: |
wpa_supplicant is a ["WPA"] client and IEEE 802.1X [wiki:WikiPedia:Supplicant_(computer) supplicant], packaged for Debian as DebPkg:wpasupplicant. | wpa_supplicant is a ["WPA"] client and IEEE 802.1X [wiki:WikiPedia:Supplicant_(computer) supplicant], packaged. |
Line 49: | Line 49: |
The wpasupplicant package provides {{{wpa-*}}} DebPkg:ifupdown options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down. | The DebPkg:wpasupplicant package provides {{{wpa-*}}} [http://manpages.debian.net/man/8/ifup ifupdown] options for {{{/etc/network/interfaces}}}. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down. |
Line 61: | Line 61: |
1. Restrict the permissions of /etc/network/interfaces, to prevent PSK disclosure: {{{ | 1. Restrict the permissions of {{{/etc/network/interfaces}}}, to prevent pre-shared key (PSK) disclosure: {{{ |
Line 64: | Line 64: |
1. Open /etc/network/interfaces in a text editor: {{{ | 1. Open {{{/etc/network/interfaces}}} in a text editor: {{{ |
Line 67: | Line 67: |
1. Define appropriate stanzas for your wireless interface, along with the SSID and pre-shared key (PSK). For example: {{{ | 1. Define appropriate stanzas for your wireless interface, along with the SSID and PSK. For example: {{{ |
Line 80: | Line 80: |
Additional {{{wpa-*}}} options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID. | Additional {{{wpa-*}}} options are described within {{{/usr/share/doc/wpasupplicant/README.modes.gz}}}. This should also be read if connecting to a network not broadcasting its SSID. |
Line 82: | Line 82: |
For general /etc/network/interfaces information, see the [http://manpages.debian.net/cgi-bin/man.cgi?query=interfaces&apropos=0&sektion=5 interfaces] man page. | For general {{{/etc/network/interfaces}}} information, see the [http://manpages.debian.net/man/5/interfaces interfaces(5)] man page. |
Line 95: | Line 95: |
More information can be found in the [http://manpages.debian.net/cgi-bin/man.cgi?query=wpa_supplicant.conf&apropos=0&sektion=5 wpa_supplicant.conf] man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz. | More information can be found in the [http://manpages.debian.net/man/5/wpa_supplicant.conf wpa_supplicant.conf(5)] man page. A fully-commented wpa_supplicant configuration file example is at {{{/usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz}}}. == Switching connexion == To switch between multiple distinct configuration: * Gnome users should use "Menu System > Administration > Network". * Console users can use DebPkg:ifscheme. [http://www.alwayssunny.com/blog/?p=30 alwayssunny.com You can see a worked example of this]. |
Line 98: | Line 103: |
* ["WiFi/AdHoc"] - Establishing a !WiFi network without an access point. |
How to use a WiFi interface
This page describes how to configure a WiFi interface on a Debian system, for use on a network.
?TableOfContents(3)
Once your wireless device has an interface available (verifiable with ["iwconfig"]), it is required to be configured to access a network. If you do not have a wireless interface present, please refer to ["WiFi"] for information on providing a driver for your device.
Wireless network interface configuration can be performed using a connection manager (such as ["NetworkManager"]) or through Debian's /etc/network/interfaces file with a special purpose utility (such as wpa_supplicant). Examples of NetworkManager and wpa_supplicant configuration are described below.
The [wiki:Wired_Equivalent_Privacy WEP] algorithm is insecure and deprecated by ["WPA"]. Use of WEP is not recommended and is not covered within this document.
Network Manager
NetworkManager is configured by graphical interfaces, which are available for [:Gnome:GNOME] and ["KDE"]. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.
GNOME
Install the network-manager-gnome package:
$ su # aptitude update # aptitude install network-manager-gnome
- Right-click on a GNOME panel and select "Add to Panel...".
- From the list presented, select "Network Monitor" and click "Add". A new systray applet will appear. Click "Close".
- Right-click on the applet and select "Properties".
- From the dialog presented, click "Configure". You will be asked for the administrative (root) password.
- A list of network interfaces will be displayed. Select your wireless interface, then click "Properties".
- Tick "Enable this connection" and enter details regarding your wireless network. Click "OK" when finished.
See also ["NetworkManager"] for frequently asked questions, documentation and support references.
KDE
Install the network-manager-kde package:
$ su # aptitude update # aptitude install network-manager-kde
- From the K Menu, select "Run Command". Enter "knetworkmanager" and click "Run".
- A new systray applet will appear.
ToDo: Complete knetworkmanager procedure.
See also ["NetworkManager"] for frequently asked questions, documentation and support references.
wpa_supplicant
wpa_supplicant is a ["WPA"] client and IEEE 802.1X [wiki:Supplicant_(computer) supplicant], packaged.
The wpasupplicant package provides wpa-* [http://manpages.debian.net/man/8/ifup ifupdown] options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.
Before continuing, install the wpasupplicant package:
$ su # aptitude update # aptitude install wpasupplicant
WPA-PSK and WPA2-PSK
Also known as "WPA Personal" and "WPA2 Personal" respectively.
Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure:
# chmod 0600 /etc/network/interfaces
Open /etc/network/interfaces in a text editor:
# sensible-editor /etc/network/interfaces
Define appropriate stanzas for your wireless interface, along with the SSID and PSK. For example:
auto wlan0 iface wlan0 inet dhcp wpa-ssid mynetworkname wpa-psk mysecretpassphrase
The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.- Save the file and exit the editor.
Bring your interface up. This will start wpa_supplicant as a background process.
# ifup wlan0
Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.
For general /etc/network/interfaces information, see the [http://manpages.debian.net/man/5/interfaces interfaces(5)] man page.
WPA-EAP
For networks using [wiki:Extensible_Authentication_Protocol EAP-TLS], you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at [file:///usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf].
Once available, reference your configuration file in /etc/network/interfaces. For example:
auto wlan0 iface wlan0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
More information can be found in the [http://manpages.debian.net/man/5/wpa_supplicant.conf wpa_supplicant.conf(5)] man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.
Switching connexion
To switch between multiple distinct configuration:
Gnome users should use "Menu System > Administration > Network".
Console users can use ifscheme. [http://www.alwayssunny.com/blog/?p=30 alwayssunny.com You can see a worked example of this].
See Also
["WiFi/AdHoc"] - Establishing a WiFi network without an access point.
- ["iwconfig"]
["NetworkManager"]
["WiFi"]
- ["WPA"]