~~NOTOC~~




====== Wireless Security - WPA2 PSK using wpa_supplicant howto ======

More and more wireless access networks are adopting 802.11i, the latest IEEE wireless network security standard. This howto explains how to configure and run a 802.11i supplicant (wpa_supplicant) with pre-shared key (PSK)  authentication on your wireless network device.



===== Steps for configuring and using WAP2/PSK on your wireless device =====

===== 1. Install wpa_supplicant =====

[[http://hostap.epitest.fi/wpa_supplicant/|wpa_supplicant]] is an EAP/WPA/WPA2 supplicant available for Linux, Windows and Unix systems. Windows binaries are available from the website. The following are two methods for installing wpa_supplicant under linux and FreeBSD.


=== Install using package managers ===

Under debian compatible linux distributions, wpa_supplicant can be installed by typing 
 
   sudo apt-get install wpasupplicant

Under FreeBSD

   cd  /usr/ports/security/wpa_supplicant/
   make install

or 
  
   pkg_add -vrf wpa_supplicant


=== Compile from source ===

  * Downloaded wpa_supplicant from here [[http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz|here]]

     wget http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz

  * Extract the archive 

     tar xfz wpa_supplicant-0.5.10.tar.gz

  * Create a .config file 

     cp defconfig .config

  * Build and install

    make 
    make install





===== 2. Configure =====

Edit the wpa_supplicant configuration file (e.g. /etc/wpa_supplicant.conf), ant put the following

     network={
	     ssid="YOUR-SSSID"
	     psk=PSK
     }

  * "PSK" is the PSK generated from the password shared with the wireless access point
  * "YOUR-SSID" is the (B/E)SSID of the wireless access network.

To generate the wpa_supplicant.conf file, the //wpa_passphrase// tool can be used as follows.

<code>
wpa_passphrase YOUR-SSID PASSWORD
</code>

===== 3. Run the wpa_supplicant daemon =====

  wpa_supplicant -B -i IFACE -Dwext -c /etc/wpa_supplicant.conf

Where //IFACE// is the name of your wireless interface.

  * Check that you are associated

   iwconfig IFACE

  * Get an IP address 

   dhclient IFACE


===== 4.Automating =====
 
In order to avoid typing all these commands each time you reboot or want to connect to your wireless network, you can (under linux) use the ///etc/network/interfaces// file to automatically handle network association and IP address acquisition. For this purpose, put the following in /etc/network/interfaces

   auto IFACE
   iface IFACE inet dhcp
       pre-up wpa_supplicant -Bw -Dwext -i IFACE -c/etc/wpa_supplicant.conf
       post-down killall -q wpa_supplicant









===== Links =====

  * [[technotes:hostapd RADIUS server configuration howto]]


{{tag>howto wireless security}}




{{tag>}}