Connect to Secure AP using WPA Supplicant

dwlinux_gs 2016-01-21

展开全文

[hide]

1 WLAN Station Configuration Scenario
- 1.1 Hardware Configuration
2 wpa_supplicant.conf
3 wpa_cli

WLAN Station Configuration Scenario

The following sections describe specific steps to configure station to connect to a WiFi network that supports arbitrary security modes.
The configuration commands can be executed using serial communication program connected to the platform's serial port.

Hardware Configuration

wpa_supplicant.conf

To be able to connect to a remote AP, wpa_supplicant daemon must run to provide WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server.

root@am37x-evm:/usr/sbin# wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B

wpa_supplicant is daemon and only one instance of it may run on a machine, all other modifications of security settings are made with frontend application wpa_cli.

wpa_cli

wpa_cli is a text-based frontend program for interacting with wpa_supplicant. It is used to query current status, change configuration, trigger events, and request interactive user input.

Usage

wpa_cli < -i ifname > [ -hv ] [ command ... ]

-h prints help information
-v verbose output
-i ifname - interface name, which is usually wlan0
In all commands used in the above scripts first argument is the interface that is being configured (-iwlan0).

wpa_cli Commands

wpa_cli -iwlan0 disconnect

puts the interface into a disconnected state and waits for a reassociate command before connecting.

wpa_cli -iwlan0 add_network

adds and assigns an index number to a new network for the specified interface. All necessary configuration of the newly added network is done with set_network command.

wpa_cli -iwlan0 set_network 0 auth_alg OPEN

configures network with index 0: set OPEN authentication algorithm

wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP

network #0 configuration: sets authenticated key management protocol for the network. WPA-EAP is WPA using EAP authentication (this can use an external program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication)

wpa_cli -iwlan0 set_network 0 psk '"12345678"'

network #0 configuration: sets WPA passphrase or pre-shared key to be used with the network

wpa_cli -iwlan0 set_network 0 wep_key0 ABCdef1234567890abcDEF3333

network #0 configuration: sets WEP key passphrase to be used by the network. WEP key is a security code which allows group of devices on a local network to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by outsiders

wpa_cli -iwlan0 set_network 0 pairwise CCMP

network #0 configuration: sets CCMP algorithm as pairwise (unicast) cipher for WPA

wpa_cli -iwlan0 set_network 0 group CCMP

network #0 configuration: sets CCMP algorithm as group (broadcast/multicast) cipher for WPA

wpa_cli -iwlan0 set_network 0 proto WPA2

network #0 configuration: sets security protocol as WPA2

wpa_cli -iwlan0 set_network 0 eap PEAP

network #0 configuration: sets PEAP as extensible authentication protocol's (EAP) method

wpa_cli -iwlan0 set_network 0 identity '"test"'

network #0 configuration: sets identity string for EAP

wpa_cli -iwlan0 set_network 0 password '"test"'

network #0 configuration: sets password string for EAP

wpa_cli -iwlan0 set_network 0 phase1 '"peapver=0"'

network #0 configuration: sets outer authentication method version as PEAPv0

wpa_cli -iwlan0 set_network 0 phase2 '"MSCHAPV2"'

network #0 configuration: sets inner authentication method as EAP-MSCHAPv2

wpa_cli -iwlan0 set_network 0 mode 0

network #0 configuration: sets IEEE 802.11 operation mode as infrastructure (Managed) mode, i.e., associate with an AP

wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'

network #0 configuration: sets network name

wpa_cli -iwlan0 select_network 0

selects network with index 0 and disables others

wpa_cli -iwlan0 enable_network 0

enables network with index 0

wpa_cli -iwlan0 reassociate

forces reassociation

wpa_cli -iwlan0 status

gets current WPA/EAPOL/EAP status

wpa_cli -iwlan0 list_networks

lists configured networks for the specified interface

wpa_cli -iwlan0 remove_network <ssid>

removes network with the specified SSID from the list of configured networks

Connect to non secured network

replace ssid value (i.e.

'"Bandipur"' ) with the SSID of a real wireless network you want to connect to.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt NONE
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"Bandipur"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Connect to secured network - WPA

make sure WPA supplicant is running -- that is "wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B" was called before (should be called only once)
replace “ssid” value with the SSID of a real wireless network you want to connect to.
replace pre-shared key argument (psk) with more appropriate one.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
wpa_cli -iwlan0 set_network 0 psk '"12345678"'
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Connect to secured network - WPA2

make sure WPA supplicant is running that is "wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B" was called before (should be called only once)
replace “ssid” value with the SSID of a real wireless network you want to connect to.
replace pre-shared key argument (psk) with more appropriate one.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
wpa_cli -iwlan0 set_network 0 psk '"12345678"'
wpa_cli -iwlan0 set_network 0 proto RSN
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"Matterhorn"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Connect to secured network - any WPA PSK

make sure WPA supplicant is running that is "wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B" was called before (should be called only once)
replace “ssid” value with the SSID of a real wireless network you want to connect to.
replace pre-shared key argument (psk) with more appropriate one.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
wpa_cli -iwlan0 set_network 0 psk '"12345678"'
wpa_cli -iwlan0 set_network 0 pairwise CCMP TKIP
wpa_cli -iwlan0 set_network 0 group CCMP TKIP
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Connect to secured network - WEP 40 Open

make sure WPA supplicant is running that is "wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B" was called before (should be called only once)
replace “ssid” value with the SSID of a real wireless network you want to connect to.
replace wep_key0 key argument value with the more appropriate one.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 wep_key0 1234567890
wpa_cli -iwlan0 set_network 0 key_mgmt NONE
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Connect to secured network - WEP 128 Open

make sure WPA supplicant is running that is "wpa_supplicant -d -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0 -B" was called before (should be called only once)
replace “ssid” value with the SSID of a real wireless network you want to connect to.
replace wep_key0 key argument value with the more appropriate one.

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 wep_key0 ABCdef1234567890abcDEF3333
wpa_cli -iwlan0 set_network 0 key_mgmt NONE
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

to verify connection status with the WPA supplicant command:

wpa_cli -iwlan0 status

or with the IW command:

iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Enterprise environment: connect to WPA EAP TLS

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP
wpa_cli -iwlan0 set_network 0 pairwise TKIP
wpa_cli -iwlan0 set_network 0 group TKIP
wpa_cli -iwlan0 set_network 0 proto WPA
wpa_cli -iwlan0 set_network 0 eap TLS
wpa_cli -iwlan0 set_network 0 identity '"test"'
wpa_cli -iwlan0 set_network 0 client_cert '"/etc/certs/cert.pem"'
wpa_cli -iwlan0 set_network 0 private_key '"/etc/certs/key.pem"'
wpa_cli -iwlan0 set_network 0 private_key_passwd '"test"'
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Enterprise environment: connect to WPA EAP PEAP0

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP
wpa_cli -iwlan0 set_network 0 pairwise TKIP
wpa_cli -iwlan0 set_network 0 group TKIP
wpa_cli -iwlan0 set_network 0 proto WPA
wpa_cli -iwlan0 set_network 0 eap PEAP
wpa_cli -iwlan0 set_network 0 identity "test"
wpa_cli -iwlan0 set_network 0 password "test"
wpa_cli -iwlan0 set_network 0 phase1 "peapver=0"
wpa_cli -iwlan0 set_network 0 phase2 "MSCHAPV2"
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Enterprise environment: connect to WPA2 EAP TLS

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 proactive_key_caching 1
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP
wpa_cli -iwlan0 set_network 0 pairwise CCMP
wpa_cli -iwlan0 set_network 0 group CCMP
wpa_cli -iwlan0 set_network 0 proto WPA2
wpa_cli -iwlan0 set_network 0 eap TLS
wpa_cli -iwlan0 set_network 0 identity '"test"'
wpa_cli -iwlan0 set_network 0 client_cert '"/etc/certs/cert.pem"'
wpa_cli -iwlan0 set_network 0 private_key '"/etc/certs/key.pem"'
wpa_cli -iwlan0 set_network 0 private_key_passwd '"test"'
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Enterprise environment: connect to WPA EAP PEAP0

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP
wpa_cli -iwlan0 set_network 0 pairwise CCMP
wpa_cli -iwlan0 set_network 0 group CCMP
wpa_cli -iwlan0 set_network 0 proto WPA2
wpa_cli -iwlan0 set_network 0 eap PEAP
wpa_cli -iwlan0 set_network 0 identity '"test"'
wpa_cli -iwlan0 set_network 0 password '"test"'
wpa_cli -iwlan0 set_network 0 phase1 '"peapver=0"'
wpa_cli -iwlan0 set_network 0 phase2 '"MSCHAPV2"'
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

Enterprise environment: connect to any WPA EAP TLS

wpa_cli -iwlan0 disconnect
for i in `wpa_cli -iwlan0 list_networks | grep ^[0-9] | cut -f1`; do wpa_cli -iwlan0 remove_network $i; done
wpa_cli -iwlan0 add_network
wpa_cli -iwlan0 set_network 0 auth_alg OPEN
wpa_cli -iwlan0 set_network 0 key_mgmt WPA-EAP
#wpa_cli -iwlan0 set_network 0 pairwise CCMP TKIP
#wpa_cli -iwlan0 set_network 0 group CCMP TKIP
wpa_cli -iwlan0 set_network 0 proto WPA2
wpa_cli -iwlan0 set_network 0 eap TLS
wpa_cli -iwlan0 set_network 0 identity '"test"'
wpa_cli -iwlan0 set_network 0 client_cert '"/etc/certs/cert.pem"'
wpa_cli -iwlan0 set_network 0 private_key '"/etc/certs/key.pem"'
wpa_cli -iwlan0 set_network 0 private_key_passwd '"test"'
wpa_cli -iwlan0 set_network 0 mode 0
wpa_cli -iwlan0 set_network 0 ssid '"vic_BSS"'
wpa_cli -iwlan0 select_network 0
wpa_cli -iwlan0 enable_network 0
wpa_cli -iwlan0 reassociate
wpa_cli -iwlan0 status
iw wlan0 link

Note: For detailed information about each command, please refer to wpa_cli commands section.

For technical support please post your questions at http://e2e.. Please post only comments about the article Connect to Secure AP using WPA Supplicant here.