Linux 如何配置无线网络 wpa_supplicant wpa_cli

# 请不要修改下面这一行内容，否则将不能正常工作

ctrl_interface=/var/run/wpa_supplicant

# 确保只有root用户能读取WPA的配置

ctrl_interface_group=0

# 使用wpa_supplicant来扫描和选择AP

ap_scan=1

# 简单的情形：WPA-PSk密码验证方式，PSK是ASCII密码短语，所有合法的加密方式都允许连接

network={

ssid="simple"

psk="very secret passphrase"

# 优先级越高，就能越早匹配到。

priority=5

}

# 与前面的设置相同，但要求对特定的SSID进行扫描（针对那些拒绝广播SSID的AP）

network={

ssid="second ssid"

scan_ssid=1

psk="very secret passphrase"

priority=2

}

# 仅使用WPA-PSK方式。允许使用任何合法的加密方式的组合

network={

ssid="example"

proto=WPA

key_mgmt=WPA-PSK

pairwise=CCMP TKIP

group=CCMP TKIP WEP104 WEP40

psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb

priority=2

}

# 明文连接方式（不使用WPA和IEEE802.1X）

network={

ssid="plaintext-test"

key_mgmt=NONE

}

# 共享WEP秘钥连接方式（不使用WPA和IEEE802.1X）

network={

ssid="static-wep-test"

key_mgmt=NONE

wep_key0="abcde"

wep_key1=0102030405

wep_key2="1234567890123"

wep_tx_keyidx=0

priority=5

}

# 共享WEP秘钥连接方式（无WPA和IEEE802.1X），使用共享秘钥IEEE802.11验证方式

network={

ssid="static-wep-test2"

key_mgmt=NONE

wep_key0="abcde"

wep_key1=0102030405

wep_key2="1234567890123"

wep_tx_keyidx=0

priority=5

auth_alg=SHARED

}

# 在IBSS/ad-hoc网络中使用WPA-None/TKIP

network={

ssid="test adhoc"

mode=1

proto=WPA

key_mgmt=WPA-NONE

pairwise=NONE

group=TKIP

psk="secret passphrase"

}

命令执行例子:

wpa_supplicant -B -ieth0 -c /etc/wpa_supplicant.conf

获得地址:

dhcpcd eth0

察看网卡状态以及参数:

bt ~ # iwconfig eth0

eth0      IEEE 802.11g  ESSID:"youssid"

Mode:Managed  Frequency:2.462 GHz  Access Point: 00:00:00:00:00:00

Bit Rate:54 Mb/s   Tx-Power:14 dBm

Retry limit:15   RTS thr:off   Fragment thr:off

Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx   Security mode:open

Power Management:off

Link Quality=74/100  Signal level=-57 dBm  Noise level=-57 dBm

Rx invalid nwid:0  Rx invalid crypt:1  Rx invalid frag:0

Tx excessive retries:0  Invalid misc:21   Missed beacon:0

bt ~ # ifconfig eth0

eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx

inet addr:192.168.2.100  Bcast:192.168.2.255  Mask:255.255.255.0

inet6 addr: fe80::218:deff:feb0:38e5/64 Scope:Link

UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:33 errors:2 dropped:31 overruns:0 frame:0

TX packets:12 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:11177 (10.9 KiB)  TX bytes:4324 (4.2 KiB)

Interrupt:11 Base address:0x2000 Memory:edf00000-edf00fff

这样linux就可以使用wpa 访问无线网络了.

---------------------------------------------------
wpa_supplicant usage

---------------------------------------------------
You will need to make a configuration file, e.g.,

/etc/wpa_supplicant.conf, with network configuration for the networks

you are going to use. Configuration file section below includes

explanation for the configuration file format and includes various

examples. Once the configuration is ready, you can test whether the

configuration work by first running wpa_supplicant with following

command to start it on foreground with debugging enabled:

wpa_supplicant -i wlan0 -c/etc/wpa_supplicant.conf -d

Assuming everything goes fine, you can start using following command

to start wpa_supplicant on background without debugging:

wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B

Please note that if you included more than one driver interface in the

build time configuration (.config), you may need to specify which

interface to use by including -D<driver name> option on the command

line. See following section for more details on command line options

for wpa_supplicant.

Command line options

--------------------

usage:

wpa_supplicant [-BddehLqqvw] -i<ifname> -c<config file> [-D<driver>] \

[-N -i<ifname> -c<conf> [-D<driver>] ...]

options:

-B = run daemon in the background

-d = increase debugging verbosity (-dd even more)

-K = include keys (passwords, etc.) in debug output

-t = include timestamp in debug messages

-h = show this help text

-L = show license (GPL and BSD)

-q = decrease debugging verbosity (-qq even less)

-v = show version

-w = wait for interface to be added, if needed

-N = start describing new interface

drivers:

hostap = Host AP driver (Intersil Prism2/2.5/3) [default]

(this can also be used with Linuxant DriverLoader)

hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II)

madwifi = MADWIFI 802.11 support (Atheros, etc.)

atmel = ATMEL AT76C5XXx (USB, PCMCIA)

wext = Linux wireless extensions (generic)

ndiswrapper = Linux ndiswrapper

broadcom = Broadcom wl.o driver

ipw = Intel ipw2100/2200 driver

wired = wpa_supplicant wired Ethernet driver

bsd = BSD 802.11 support (Atheros, etc.)

ndis = Windows NDIS driver

In most common cases, wpa_supplicant is started with

wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0

This makes the process fork into background and wait for the wlan0

interface if it is not available at startup time.

The easiest way to debug problems, and to get debug log for bug

reports, is to start wpa_supplicant on foreground with debugging

enabled:

wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d

wpa_supplicant can control multiple interfaces (radios) either by

running one process for each interface separately or by running just

one process and list of options at command line. Each interface is

separated with -N argument. As an example, following command would

start wpa_supplicant for two interfaces:

wpa_supplicant \

-c wpa1.conf -i wlan0 -D hostap -N \

-c wpa2.conf -i ath0 -D madwifi

Configuration file

------------------

wpa_supplicant is configured using a text file that lists all accepted

networks and security policies, including pre-shared keys. See

example configuration file, wpa_supplicant.conf, for detailed

information about the configuration format and supported fields.

Changes to configuration file can be reloaded be sending SIGHUP signal

to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly,

reloading can be triggered with 'wpa_cli reconfigure' command.

Configuration file can include one or more network blocks, e.g., one

for each used SSID. wpa_supplicant will automatically select the best

betwork based on the order of network blocks in the configuration

file, network security level (WPA/WPA2 is prefered), and signal

strength.

Example configuration files for some common configurations:

1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work

network

# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

#

# home network; allow all valid ciphers

network={

ssid="home"

scan_ssid=1

key_mgmt=WPA-PSK

psk="very secret passphrase"

}

#

# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers

network={

ssid="work"

scan_ssid=1

key_mgmt=WPA-EAP

pairwise=CCMP TKIP

group=CCMP TKIP

eap=TLS

identity="user@example.com"

ca_cert="/etc/cert/ca.pem"

client_cert="/etc/cert/user.pem"

private_key="/etc/cert/user.prv"

private_key_passwd="password"

}

2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel

(e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series)

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="example"

scan_ssid=1

key_mgmt=WPA-EAP

eap=PEAP

identity="user@example.com"

password="foobar"

ca_cert="/etc/cert/ca.pem"

phase1="peaplabel=0"

phase2="auth=MSCHAPV2"

}

3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the

unencrypted use. Real identity is sent only within an encrypted TLS tunnel.

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="example"

scan_ssid=1

key_mgmt=WPA-EAP

eap=TTLS

identity="user@example.com"

anonymous_identity="anonymous@example.com"

password="foobar"

ca_cert="/etc/cert/ca.pem"

phase2="auth=MD5"

}

4) IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and

broadcast); use EAP-TLS for authentication

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="1x-test"

scan_ssid=1

key_mgmt=IEEE8021X

eap=TLS

identity="user@example.com"

ca_cert="/etc/cert/ca.pem"

client_cert="/etc/cert/user.pem"

private_key="/etc/cert/user.prv"

private_key_passwd="password"

eapol_flags=3

}

5) Catch all example that allows more or less all configuration modes. The

configuration options are used based on what security policy is used in the

selected SSID. This is mostly for testing and is not recommended for normal

use.

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="example"

scan_ssid=1

key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE

pairwise=CCMP TKIP

group=CCMP TKIP WEP104 WEP40

psk="very secret passphrase"

eap=TTLS PEAP TLS

identity="user@example.com"

password="foobar"

ca_cert="/etc/cert/ca.pem"

client_cert="/etc/cert/user.pem"

private_key="/etc/cert/user.prv"

private_key_passwd="password"

phase1="peaplabel=0"

ca_cert2="/etc/cert/ca2.pem"

client_cert2="/etc/cer/user.pem"

private_key2="/etc/cer/user.prv"

private_key2_passwd="password"

}

6) Authentication for wired Ethernet. This can be used with 'wired' interface

(-Dwired on command line).

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

ap_scan=0

network={

key_mgmt=IEEE8021X

eap=MD5

identity="user"

password="password"

eapol_flags=0

}
---------------------------------------------------
wpa_cli  usage

---------------------------------------------------

wpa_cli commands

status = get current WPA/EAPOL/EAP status

mib = get MIB variables (dot1x, dot11)

help = show this usage help

interface [ifname] = show interfaces/select interface

level <debug level> = change debug level

license = show full wpa_cli license

logoff = IEEE 802.1X EAPOL state machine logoff

logon = IEEE 802.1X EAPOL state machine logon

set = set variables (shows list of variables when run without arguments)

pmksa = show PMKSA cache

reassociate = force reassociation

reconfigure = force wpa_supplicant to re-read its configuration file

preauthenticate <BSSID> = force preauthentication

identity <network id> <identity> = configure identity for an SSID

password <network id> <password> = configure password for an SSID

pin <network id> <pin> = configure pin for an SSID

otp <network id> <password> = configure one-time-password for an SSID

passphrase <network id> <passphrase> = configure private key passphrase

for an SSID

bssid <network id> <BSSID> = set preferred BSSID for an SSID

list_networks = list configured networks

select_network <network id> = select a network (disable others)

enable_network <network id> = enable a network

disable_network <network id> = disable a network

add_network = add a network

remove_network <network id> = remove a network

set_network <network id> <variable> <value> = set network variables (shows

list of variables when run without arguments)

get_network <network id> <variable> = get network variables

save_config = save the current configuration

disconnect = disconnect and wait for reassociate command before connecting

scan = request new BSS scan

scan_results = get latest scan results

get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilies

terminate = terminate wpa_supplicant

quit = exit wpa_cli

wpa_cli command line options

wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \

[-P<pid file>] [-g<global ctrl>]  [command..]

-h = help (show this usage text)

-v = shown version information

-a = run in daemon mode executing the action file based on events from

wpa_supplicant

-B = run a daemon in the background

default path: /var/run/wpa_supplicant

default interface: first interface found in socket path