1 1.1 christos <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> 2 1.1 christos 3 1.1 christos <refentry> 4 1.1.1.9 christos <refentryinfo> 5 1.1.1.9 christos <date>1 February 2023</date> 6 1.1.1.9 christos </refentryinfo> 7 1.1.1.9 christos 8 1.1 christos <refmeta> 9 1.1 christos <refentrytitle>wpa_supplicant</refentrytitle> 10 1.1 christos <manvolnum>8</manvolnum> 11 1.1 christos </refmeta> 12 1.1 christos <refnamediv> 13 1.1 christos <refname>wpa_supplicant</refname> 14 1.1 christos <refpurpose>Wi-Fi Protected Access client and IEEE 802.1X supplicant</refpurpose> 15 1.1 christos </refnamediv> 16 1.1 christos <refsynopsisdiv> 17 1.1 christos <cmdsynopsis> 18 1.1 christos <command>wpa_supplicant</command> 19 1.1.1.4 christos <arg>-BddfhKLqqsTtuvW</arg> 20 1.1 christos <arg>-i<replaceable>ifname</replaceable></arg> 21 1.1 christos <arg>-c<replaceable>config file</replaceable></arg> 22 1.1 christos <arg>-D<replaceable>driver</replaceable></arg> 23 1.1 christos <arg>-P<replaceable>PID_file</replaceable></arg> 24 1.1 christos <arg>-f<replaceable>output file</replaceable></arg> 25 1.1.1.9 christos <arg>-I<replaceable>additional config file</replaceable></arg> 26 1.1 christos </cmdsynopsis> 27 1.1 christos </refsynopsisdiv> 28 1.1 christos <refsect1> 29 1.1 christos <title>Overview</title> 30 1.1 christos 31 1.1 christos <para> 32 1.1 christos Wireless networks do not require physical access to the network equipment 33 1.1.1.9 christos in the same way that wired networks do. This makes it easier for unauthorized 34 1.1 christos users to passively monitor a network and capture all transmitted frames. 35 1.1 christos In addition, unauthorized use of the network is much easier. In many cases, 36 1.1 christos this can happen even without user's explicit knowledge since the wireless 37 1.1 christos LAN adapter may have been configured to automatically join any available 38 1.1 christos network. 39 1.1 christos </para> 40 1.1 christos 41 1.1 christos <para> 42 1.1 christos Link-layer encryption can be used to provide a layer of security for 43 1.1 christos wireless networks. The original wireless LAN standard, IEEE 802.11, 44 1.1 christos included a simple encryption mechanism, WEP. However, that proved to 45 1.1.1.9 christos be flawed in many areas and networks protected with WEP cannot be considered 46 1.1 christos secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys 47 1.1 christos can be used to improve the network security, but even that has inherited 48 1.1 christos security issues due to the use of WEP for encryption. Wi-Fi Protected 49 1.1.1.9 christos Access and the IEEE 802.11i amendment to the wireless LAN standard introduce 50 1.1.1.9 christos a much improved mechanism for securing wireless networks. IEEE 802.11i 51 1.1.1.9 christos enabled networks that are using CCMP (an encryption mechanism based on the strong 52 1.1.1.9 christos cryptographic algorithm AES) can finally be called secure and used for 53 1.1 christos applications which require efficient protection against unauthorized 54 1.1 christos access. 55 1.1 christos </para> 56 1.1 christos 57 1.1 christos <para><command>wpa_supplicant</command> is an implementation of 58 1.1 christos the WPA Supplicant component, i.e., the part that runs in the 59 1.1 christos client stations. It implements WPA key negotiation with a WPA 60 1.1 christos Authenticator and EAP authentication with Authentication 61 1.1 christos Server. In addition, it controls the roaming and IEEE 802.11 62 1.1 christos authentication/association of the wireless LAN driver.</para> 63 1.1 christos 64 1.1 christos <para><command>wpa_supplicant</command> is designed to be a 65 1.1 christos "daemon" program that runs in the background and acts as the 66 1.1 christos backend component controlling the wireless 67 1.1 christos connection. <command>wpa_supplicant</command> supports separate 68 1.1 christos frontend programs and an example text-based frontend, 69 1.1 christos <command>wpa_cli</command>, is included with 70 1.1 christos wpa_supplicant.</para> 71 1.1 christos 72 1.1 christos <para>Before wpa_supplicant can do its work, the network interface 73 1.1.1.9 christos must be available. That means that the physical device must be 74 1.1 christos present and enabled, and the driver for the device must be 75 1.1 christos loaded. The daemon will exit immediately if the device is not already 76 1.1 christos available.</para> 77 1.1 christos 78 1.1 christos <para>After <command>wpa_supplicant</command> has configured the 79 1.1.1.9 christos network device, higher level configuration of the device, such as DHCP, may 80 1.1 christos proceed. There are a variety of ways to integrate wpa_supplicant 81 1.1 christos into a machine's networking scripts, a few of which are described 82 1.1 christos in sections below.</para> 83 1.1 christos 84 1.1 christos <para>The following steps are used when associating with an AP 85 1.1 christos using WPA:</para> 86 1.1 christos 87 1.1 christos <itemizedlist> 88 1.1 christos <listitem> 89 1.1 christos <para><command>wpa_supplicant</command> requests the kernel 90 1.1.1.9 christos driver to scan neighboring BSSes (Basic Service Set)</para> 91 1.1 christos </listitem> 92 1.1 christos 93 1.1 christos <listitem> 94 1.1 christos <para><command>wpa_supplicant</command> selects a BSS based on 95 1.1 christos its configuration</para> 96 1.1 christos </listitem> 97 1.1 christos 98 1.1 christos <listitem> 99 1.1 christos <para><command>wpa_supplicant</command> requests the kernel 100 1.1 christos driver to associate with the chosen BSS</para> 101 1.1 christos </listitem> 102 1.1 christos 103 1.1 christos <listitem> 104 1.1 christos <para>If WPA-EAP: integrated IEEE 802.1X Supplicant 105 1.1 christos completes EAP authentication with the 106 1.1 christos authentication server (proxied by the Authenticator in the 107 1.1 christos AP)</para> 108 1.1 christos </listitem> 109 1.1 christos 110 1.1 christos <listitem> 111 1.1 christos <para>If WPA-EAP: master key is received from the IEEE 802.1X 112 1.1 christos Supplicant</para> 113 1.1 christos </listitem> 114 1.1 christos 115 1.1 christos <listitem> 116 1.1 christos <para>If WPA-PSK: <command>wpa_supplicant</command> uses PSK 117 1.1 christos as the master session key</para> 118 1.1 christos </listitem> 119 1.1 christos 120 1.1 christos <listitem> 121 1.1 christos <para><command>wpa_supplicant</command> completes WPA 4-Way 122 1.1 christos Handshake and Group Key Handshake with the Authenticator 123 1.1 christos (AP)</para> 124 1.1 christos </listitem> 125 1.1 christos 126 1.1 christos <listitem> 127 1.1 christos <para><command>wpa_supplicant</command> configures encryption 128 1.1 christos keys for unicast and broadcast</para> 129 1.1 christos </listitem> 130 1.1 christos 131 1.1 christos <listitem> 132 1.1 christos <para>normal data packets can be transmitted and received</para> 133 1.1 christos </listitem> 134 1.1 christos </itemizedlist> 135 1.1 christos </refsect1> 136 1.1 christos 137 1.1 christos <refsect1> 138 1.1 christos <title>Supported Features</title> 139 1.1 christos <para>Supported WPA/IEEE 802.11i features:</para> 140 1.1 christos <itemizedlist> 141 1.1 christos <listitem> 142 1.1 christos <para>WPA-PSK ("WPA-Personal")</para> 143 1.1 christos </listitem> 144 1.1 christos 145 1.1 christos <listitem> 146 1.1 christos <para>WPA with EAP (e.g., with RADIUS authentication server) 147 1.1 christos ("WPA-Enterprise") Following authentication methods are 148 1.1 christos supported with an integrate IEEE 802.1X Supplicant:</para> 149 1.1 christos 150 1.1 christos <itemizedlist> 151 1.1 christos <listitem> 152 1.1 christos <para>EAP-TLS</para> 153 1.1 christos </listitem> 154 1.1 christos </itemizedlist> 155 1.1 christos 156 1.1 christos <itemizedlist> 157 1.1 christos <listitem> 158 1.1 christos <para>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</para> 159 1.1 christos </listitem> 160 1.1 christos 161 1.1 christos 162 1.1 christos <listitem> 163 1.1 christos <para>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</para> 164 1.1 christos </listitem> 165 1.1 christos 166 1.1 christos <listitem> 167 1.1 christos <para>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</para> 168 1.1 christos </listitem> 169 1.1 christos 170 1.1 christos <listitem> 171 1.1 christos <para>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</para> 172 1.1 christos </listitem> 173 1.1 christos 174 1.1 christos <listitem> 175 1.1 christos <para>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</para> 176 1.1 christos </listitem> 177 1.1 christos 178 1.1 christos <listitem> 179 1.1 christos <para>EAP-TTLS/EAP-MD5-Challenge</para> 180 1.1 christos </listitem> 181 1.1 christos 182 1.1 christos <listitem> 183 1.1 christos <para>EAP-TTLS/EAP-GTC</para> 184 1.1 christos </listitem> 185 1.1 christos 186 1.1 christos <listitem><para>EAP-TTLS/EAP-OTP</para></listitem> 187 1.1 christos 188 1.1 christos <listitem><para>EAP-TTLS/EAP-MSCHAPv2</para></listitem> 189 1.1 christos 190 1.1 christos <listitem><para>EAP-TTLS/EAP-TLS</para></listitem> 191 1.1 christos 192 1.1 christos <listitem><para>EAP-TTLS/MSCHAPv2</para></listitem> 193 1.1 christos 194 1.1 christos <listitem><para>EAP-TTLS/MSCHAP</para></listitem> 195 1.1 christos 196 1.1 christos <listitem><para>EAP-TTLS/PAP</para></listitem> 197 1.1 christos 198 1.1 christos <listitem><para>EAP-TTLS/CHAP</para></listitem> 199 1.1 christos 200 1.1 christos <listitem><para>EAP-SIM</para></listitem> 201 1.1 christos 202 1.1 christos <listitem><para>EAP-AKA</para></listitem> 203 1.1 christos 204 1.1 christos <listitem><para>EAP-PSK</para></listitem> 205 1.1 christos 206 1.1 christos <listitem><para>EAP-PAX</para></listitem> 207 1.1 christos 208 1.1 christos <listitem><para>LEAP (note: requires special support from 209 1.1 christos the driver for IEEE 802.11 authentication)</para></listitem> 210 1.1 christos 211 1.1 christos <listitem><para>(following methods are supported, but since 212 1.1 christos they do not generate keying material, they cannot be used 213 1.1 christos with WPA or IEEE 802.1X WEP keying)</para></listitem> 214 1.1 christos 215 1.1 christos <listitem><para>EAP-MD5-Challenge </para></listitem> 216 1.1 christos 217 1.1 christos <listitem><para>EAP-MSCHAPv2</para></listitem> 218 1.1 christos 219 1.1 christos <listitem><para>EAP-GTC</para></listitem> 220 1.1 christos 221 1.1 christos <listitem><para>EAP-OTP</para></listitem> 222 1.1 christos </itemizedlist> 223 1.1 christos </listitem> 224 1.1 christos 225 1.1 christos <listitem> 226 1.1 christos <para>key management for CCMP, TKIP, WEP104, WEP40</para> 227 1.1 christos </listitem> 228 1.1 christos 229 1.1 christos <listitem> 230 1.1 christos <para>RSN/WPA2 (IEEE 802.11i)</para> 231 1.1 christos <itemizedlist> 232 1.1 christos <listitem> 233 1.1 christos <para>pre-authentication</para> 234 1.1 christos </listitem> 235 1.1 christos 236 1.1 christos <listitem> 237 1.1 christos <para>PMKSA caching</para> 238 1.1 christos </listitem> 239 1.1 christos </itemizedlist> 240 1.1 christos </listitem> 241 1.1 christos </itemizedlist> 242 1.1 christos </refsect1> 243 1.1 christos 244 1.1 christos <refsect1> 245 1.1 christos <title>Available Drivers</title> 246 1.1 christos <para>A summary of available driver backends is below. Support for each 247 1.1 christos of the driver backends is chosen at wpa_supplicant compile time. For a 248 1.1 christos list of supported driver backends that may be used with the -D option on 249 1.1 christos your system, refer to the help output of wpa_supplicant 250 1.1 christos (<emphasis>wpa_supplicant -h</emphasis>).</para> 251 1.1 christos 252 1.1 christos <variablelist> 253 1.1 christos <varlistentry> 254 1.1.1.8 christos <term>nl80211</term> 255 1.1.1.8 christos <listitem> 256 1.1.1.8 christos <para>Uses the modern Linux nl80211/cfg80211 netlink-based 257 1.1.1.8 christos interface (most new drivers).</para> 258 1.1.1.8 christos </listitem> 259 1.1.1.8 christos </varlistentry> 260 1.1.1.8 christos 261 1.1.1.8 christos <varlistentry> 262 1.1 christos <term>wext</term> 263 1.1 christos <listitem> 264 1.1.1.8 christos <para>Uses the legacy Linux wireless extensions ioctl-based 265 1.1.1.8 christos interface (older hardware/drivers).</para> 266 1.1 christos </listitem> 267 1.1 christos </varlistentry> 268 1.1 christos 269 1.1 christos <varlistentry> 270 1.1 christos <term>wired</term> 271 1.1 christos <listitem> 272 1.1 christos <para>wpa_supplicant wired Ethernet driver</para> 273 1.1 christos </listitem> 274 1.1 christos </varlistentry> 275 1.1 christos 276 1.1 christos <varlistentry> 277 1.1.1.9 christos <term>macsec_linux</term> 278 1.1.1.9 christos <listitem> 279 1.1.1.9 christos <para>MACsec Ethernet driver for Linux</para> 280 1.1.1.9 christos </listitem> 281 1.1.1.9 christos </varlistentry> 282 1.1.1.9 christos 283 1.1.1.9 christos <varlistentry> 284 1.1 christos <term>roboswitch</term> 285 1.1 christos <listitem> 286 1.1 christos <para>wpa_supplicant Broadcom switch driver</para> 287 1.1 christos </listitem> 288 1.1 christos </varlistentry> 289 1.1 christos 290 1.1 christos <varlistentry> 291 1.1.1.9 christos <term>none</term> 292 1.1.1.9 christos <listitem> 293 1.1.1.9 christos <para>no driver (RADIUS server/WPS ER only)</para> 294 1.1.1.9 christos </listitem> 295 1.1.1.9 christos </varlistentry> 296 1.1.1.9 christos 297 1.1.1.9 christos <varlistentry> 298 1.1 christos <term>bsd</term> 299 1.1 christos <listitem> 300 1.1 christos <para>BSD 802.11 support (Atheros, etc.).</para> 301 1.1 christos </listitem> 302 1.1 christos </varlistentry> 303 1.1 christos 304 1.1 christos <varlistentry> 305 1.1 christos <term>ndis</term> 306 1.1 christos <listitem> 307 1.1 christos <para>Windows NDIS driver.</para> 308 1.1 christos </listitem> 309 1.1 christos </varlistentry> 310 1.1 christos </variablelist> 311 1.1 christos </refsect1> 312 1.1 christos 313 1.1 christos <refsect1> 314 1.1 christos <title>Command Line Options</title> 315 1.1 christos <para>Most command line options have global scope. Some are given per 316 1.1 christos interface, and are only valid if at least one <option>-i</option> option 317 1.1 christos is specified, otherwise they're ignored. Option groups for different 318 1.1 christos interfaces must be separated by <option>-N</option> option.</para> 319 1.1 christos <variablelist> 320 1.1 christos <varlistentry> 321 1.1 christos <term>-b br_ifname</term> 322 1.1 christos <listitem> 323 1.1 christos <para>Optional bridge interface name. (Per interface)</para> 324 1.1 christos </listitem> 325 1.1 christos </varlistentry> 326 1.1 christos 327 1.1 christos <varlistentry> 328 1.1 christos <term>-B</term> 329 1.1 christos <listitem> 330 1.1 christos <para>Run daemon in the background.</para> 331 1.1 christos </listitem> 332 1.1 christos </varlistentry> 333 1.1 christos 334 1.1 christos <varlistentry> 335 1.1 christos <term>-c filename</term> 336 1.1 christos <listitem> 337 1.1 christos <para>Path to configuration file. (Per interface)</para> 338 1.1 christos </listitem> 339 1.1 christos </varlistentry> 340 1.1 christos 341 1.1 christos <varlistentry> 342 1.1 christos <term>-C ctrl_interface</term> 343 1.1 christos <listitem> 344 1.1 christos <para>Path to ctrl_interface socket (Per interface. Only used if 345 1.1 christos <option>-c</option> is not).</para> 346 1.1 christos </listitem> 347 1.1 christos </varlistentry> 348 1.1 christos 349 1.1 christos <varlistentry> 350 1.1 christos <term>-i ifname</term> 351 1.1 christos <listitem> 352 1.1 christos <para>Interface to listen on. Multiple instances of this option can 353 1.1 christos be present, one per interface, separated by <option>-N</option> 354 1.1 christos option (see below).</para> 355 1.1 christos </listitem> 356 1.1 christos </varlistentry> 357 1.1 christos 358 1.1 christos <varlistentry> 359 1.1.1.9 christos <term>-I filename</term> 360 1.1.1.9 christos <listitem> 361 1.1.1.9 christos <para>Path to additional configuration file.</para> 362 1.1.1.9 christos </listitem> 363 1.1.1.9 christos </varlistentry> 364 1.1.1.9 christos 365 1.1.1.9 christos <varlistentry> 366 1.1 christos <term>-d</term> 367 1.1 christos <listitem> 368 1.1 christos <para>Increase debugging verbosity (<option>-dd</option> even 369 1.1 christos more).</para> 370 1.1 christos </listitem> 371 1.1 christos </varlistentry> 372 1.1 christos 373 1.1 christos <varlistentry> 374 1.1 christos <term>-D driver</term> 375 1.1 christos <listitem> 376 1.1 christos <para>Driver to use (can be multiple drivers: nl80211,wext). 377 1.1 christos (Per interface, see the available options below.)</para> 378 1.1 christos </listitem> 379 1.1 christos </varlistentry> 380 1.1 christos 381 1.1 christos <varlistentry> 382 1.1.1.4 christos <term>-e entropy file</term> 383 1.1.1.4 christos <listitem> 384 1.1.1.4 christos <para>File for <command>wpa_supplicant</command> to use to 385 1.1.1.4 christos maintain its internal entropy store in over restarts.</para> 386 1.1.1.4 christos </listitem> 387 1.1.1.4 christos </varlistentry> 388 1.1.1.4 christos 389 1.1.1.4 christos <varlistentry> 390 1.1 christos <term>-f output file</term> 391 1.1 christos <listitem> 392 1.1.1.4 christos <para>Log output to specified file instead of stdout. (This 393 1.1.1.4 christos is only available if <command>wpa_supplicant</command> was 394 1.1.1.4 christos built with the <literal>CONFIG_DEBUG_FILE</literal> 395 1.1.1.4 christos option.)</para> 396 1.1 christos </listitem> 397 1.1 christos </varlistentry> 398 1.1 christos 399 1.1 christos <varlistentry> 400 1.1 christos <term>-g global ctrl_interface</term> 401 1.1 christos <listitem> 402 1.1 christos <para>Path to global ctrl_interface socket. If specified, interface 403 1.1 christos definitions may be omitted.</para> 404 1.1 christos </listitem> 405 1.1 christos </varlistentry> 406 1.1 christos 407 1.1 christos <varlistentry> 408 1.1 christos <term>-K</term> 409 1.1 christos <listitem> 410 1.1 christos <para>Include keys (passwords, etc.) in debug output.</para> 411 1.1 christos </listitem> 412 1.1 christos </varlistentry> 413 1.1 christos 414 1.1 christos <varlistentry> 415 1.1 christos <term>-h</term> 416 1.1 christos <listitem> 417 1.1 christos <para>Help. Show a usage message.</para> 418 1.1 christos </listitem> 419 1.1 christos </varlistentry> 420 1.1 christos 421 1.1 christos <varlistentry> 422 1.1 christos <term>-L</term> 423 1.1 christos <listitem> 424 1.1.1.3 christos <para>Show license (BSD).</para> 425 1.1 christos </listitem> 426 1.1 christos </varlistentry> 427 1.1 christos 428 1.1 christos <varlistentry> 429 1.1.1.4 christos <term>-o override driver</term> 430 1.1.1.4 christos <listitem> 431 1.1.1.4 christos <para>Override the driver parameter for new 432 1.1.1.4 christos interfaces.</para> 433 1.1.1.4 christos </listitem> 434 1.1.1.4 christos </varlistentry> 435 1.1.1.4 christos 436 1.1.1.4 christos <varlistentry> 437 1.1.1.4 christos <term>-O override ctrl_interface</term> 438 1.1.1.4 christos <listitem> 439 1.1.1.4 christos <para>Override the ctrl_interface parameter for new 440 1.1.1.4 christos interfaces.</para> 441 1.1.1.4 christos </listitem> 442 1.1.1.4 christos </varlistentry> 443 1.1.1.4 christos 444 1.1.1.4 christos <varlistentry> 445 1.1 christos <term>-p</term> 446 1.1 christos <listitem> 447 1.1 christos <para>Driver parameters. (Per interface)</para> 448 1.1 christos </listitem> 449 1.1 christos </varlistentry> 450 1.1 christos 451 1.1 christos <varlistentry> 452 1.1 christos <term>-P PID_file</term> 453 1.1 christos <listitem> 454 1.1 christos <para>Path to PID file.</para> 455 1.1 christos </listitem> 456 1.1 christos </varlistentry> 457 1.1 christos 458 1.1 christos <varlistentry> 459 1.1 christos <term>-q</term> 460 1.1 christos <listitem> 461 1.1 christos <para>Decrease debugging verbosity (<option>-qq</option> even 462 1.1 christos less).</para> 463 1.1 christos </listitem> 464 1.1 christos </varlistentry> 465 1.1 christos 466 1.1 christos <varlistentry> 467 1.1.1.4 christos <term>-s</term> 468 1.1.1.4 christos <listitem> 469 1.1.1.4 christos <para>Log output to syslog instead of stdout. (This is only 470 1.1.1.4 christos available if <command>wpa_supplicant</command> was built 471 1.1.1.4 christos with the <literal>CONFIG_DEBUG_SYSLOG</literal> 472 1.1.1.4 christos option.)</para> 473 1.1.1.4 christos </listitem> 474 1.1.1.4 christos </varlistentry> 475 1.1.1.4 christos 476 1.1.1.4 christos <varlistentry> 477 1.1.1.4 christos <term>-T</term> 478 1.1.1.4 christos <listitem> 479 1.1.1.4 christos <para>Log output to Linux tracing in addition to any other 480 1.1.1.4 christos destinations. (This is only available 481 1.1.1.4 christos if <command>wpa_supplicant</command> was built with 482 1.1.1.4 christos the <literal>CONFIG_DEBUG_LINUX_TRACING</literal> 483 1.1.1.4 christos option.)</para> 484 1.1.1.4 christos </listitem> 485 1.1.1.4 christos </varlistentry> 486 1.1.1.4 christos 487 1.1.1.4 christos <varlistentry> 488 1.1.1.4 christos <term>-t</term> 489 1.1.1.4 christos <listitem> 490 1.1.1.4 christos <para>Include timestamp in debug messages.</para> 491 1.1.1.4 christos </listitem> 492 1.1.1.4 christos </varlistentry> 493 1.1.1.4 christos 494 1.1.1.4 christos <varlistentry> 495 1.1 christos <term>-u</term> 496 1.1 christos <listitem> 497 1.1.1.4 christos <para>Enable DBus control interface. If enabled, interface 498 1.1.1.4 christos definitions may be omitted. (This is only available 499 1.1.1.4 christos if <command>wpa_supplicant</command> was built with 500 1.1.1.8 christos the <literal>CONFIG_CTRL_IFACE_DBUS_NEW</literal> option.)</para> 501 1.1 christos </listitem> 502 1.1 christos </varlistentry> 503 1.1 christos 504 1.1 christos <varlistentry> 505 1.1 christos <term>-v</term> 506 1.1 christos <listitem> 507 1.1 christos <para>Show version.</para> 508 1.1 christos </listitem> 509 1.1 christos </varlistentry> 510 1.1 christos 511 1.1 christos <varlistentry> 512 1.1 christos <term>-W</term> 513 1.1 christos <listitem> 514 1.1 christos <para>Wait for a control interface monitor before starting.</para> 515 1.1 christos </listitem> 516 1.1 christos </varlistentry> 517 1.1 christos 518 1.1 christos <varlistentry> 519 1.1 christos <term>-N</term> 520 1.1 christos <listitem> 521 1.1 christos <para>Start describing new interface.</para> 522 1.1 christos </listitem> 523 1.1 christos </varlistentry> 524 1.1 christos </variablelist> 525 1.1 christos </refsect1> 526 1.1 christos 527 1.1 christos <refsect1> 528 1.1 christos <title>Examples</title> 529 1.1 christos 530 1.1 christos <para>In most common cases, <command>wpa_supplicant</command> is 531 1.1 christos started with:</para> 532 1.1 christos 533 1.1 christos <blockquote><programlisting> 534 1.1 christos wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0 535 1.1 christos </programlisting></blockquote> 536 1.1 christos 537 1.1.1.9 christos <para>This makes the process fork into the background.</para> 538 1.1 christos 539 1.1.1.9 christos <para>The easiest way to debug problems, and to get a debug log for 540 1.1.1.9 christos bug reports, is to start <command>wpa_supplicant</command> in the 541 1.1 christos foreground with debugging enabled:</para> 542 1.1 christos 543 1.1 christos <blockquote><programlisting> 544 1.1 christos wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d 545 1.1 christos </programlisting></blockquote> 546 1.1 christos 547 1.1 christos <para>If the specific driver wrapper is not known beforehand, it is 548 1.1 christos possible to specify multiple comma separated driver wrappers on the command 549 1.1 christos line. <command>wpa_supplicant</command> will use the first driver 550 1.1 christos wrapper that is able to initialize the interface.</para> 551 1.1 christos 552 1.1 christos <blockquote><programlisting> 553 1.1 christos wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0 554 1.1 christos </programlisting></blockquote> 555 1.1 christos 556 1.1 christos <para><command>wpa_supplicant</command> can control multiple 557 1.1 christos interfaces (radios) either by running one process for each 558 1.1 christos interface separately or by running just one process and list of 559 1.1 christos options at command line. Each interface is separated with -N 560 1.1 christos argument. As an example, following command would start 561 1.1 christos wpa_supplicant for two interfaces:</para> 562 1.1 christos 563 1.1 christos <blockquote><programlisting> 564 1.1 christos wpa_supplicant \ 565 1.1.1.3 christos -c wpa1.conf -i wlan0 -D nl80211 -N \ 566 1.1.1.3 christos -c wpa2.conf -i ath0 -D wext 567 1.1 christos </programlisting></blockquote> 568 1.1 christos </refsect1> 569 1.1 christos 570 1.1 christos <refsect1> 571 1.1 christos <title>OS Requirements</title> 572 1.1 christos <para>Current hardware/software requirements:</para> 573 1.1 christos 574 1.1 christos <itemizedlist> 575 1.1 christos <listitem> 576 1.1.1.8 christos <para>Linux kernel 2.6.30 or higher with 577 1.1.1.8 christos nl80211/cfg80211 support</para> 578 1.1 christos </listitem> 579 1.1 christos 580 1.1.1.8 christos <listitem> 581 1.1.1.8 christos <para>Linux kernel 2.4.x or higher with Linux Wireless 582 1.1.1.8 christos Extensions v15 or newer</para> 583 1.1.1.8 christos </listitem> 584 1.1 christos 585 1.1 christos <listitem> 586 1.1 christos <para>FreeBSD 6-CURRENT</para> 587 1.1 christos </listitem> 588 1.1 christos 589 1.1 christos <listitem> 590 1.1 christos <para>Microsoft Windows with WinPcap (at least WinXP, may work 591 1.1 christos with other versions)</para> 592 1.1 christos </listitem> 593 1.1 christos </itemizedlist> 594 1.1 christos </refsect1> 595 1.1 christos 596 1.1 christos <refsect1> 597 1.1 christos <title>Supported Drivers</title> 598 1.1 christos <variablelist> 599 1.1 christos <varlistentry> 600 1.1.1.8 christos <term>Linux nl80211/cfg80211</term> 601 1.1.1.8 christos <listitem> 602 1.1.1.8 christos <para>This is the preferred driver for Linux.</para> 603 1.1.1.8 christos </listitem> 604 1.1.1.8 christos </varlistentry> 605 1.1.1.8 christos 606 1.1.1.8 christos <varlistentry> 607 1.1 christos <term>Linux wireless extensions</term> 608 1.1 christos <listitem> 609 1.1 christos <para>In theory, any driver that supports Linux wireless 610 1.1 christos extensions can be used with IEEE 802.1X (i.e., not WPA) when 611 1.1 christos using ap_scan=0 option in configuration file.</para> 612 1.1 christos </listitem> 613 1.1 christos </varlistentry> 614 1.1.1.7 christos 615 1.1 christos <varlistentry> 616 1.1 christos <term>Wired Ethernet drivers</term> 617 1.1 christos <listitem> 618 1.1 christos <para>Use ap_scan=0.</para> 619 1.1 christos </listitem> 620 1.1 christos </varlistentry> 621 1.1 christos 622 1.1 christos <varlistentry> 623 1.1 christos <term>BSD net80211 layer (e.g., Atheros driver)</term> 624 1.1 christos <listitem> 625 1.1 christos <para>At the moment, this is for FreeBSD 6-CURRENT branch.</para> 626 1.1 christos </listitem> 627 1.1 christos </varlistentry> 628 1.1 christos 629 1.1 christos <varlistentry> 630 1.1 christos <term>Windows NDIS</term> 631 1.1 christos <listitem> 632 1.1 christos <para>The current Windows port requires WinPcap 633 1.1 christos (http://winpcap.polito.it/). See README-Windows.txt for more 634 1.1 christos information.</para> 635 1.1 christos </listitem> 636 1.1 christos </varlistentry> 637 1.1 christos </variablelist> 638 1.1 christos 639 1.1.1.7 christos 640 1.1 christos <para>wpa_supplicant was designed to be portable for different 641 1.1 christos drivers and operating systems. Hopefully, support for more wlan 642 1.1 christos cards and OSes will be added in the future. See developer.txt for 643 1.1 christos more information about the design of wpa_supplicant and porting to 644 1.1 christos other drivers. One main goal is to add full WPA/WPA2 support to 645 1.1 christos Linux wireless extensions to allow new drivers to be supported 646 1.1 christos without having to implement new driver-specific interface code in 647 1.1 christos wpa_supplicant.</para> 648 1.1 christos </refsect1> 649 1.1 christos 650 1.1 christos <refsect1> 651 1.1 christos <title>Architecture</title> <para>The 652 1.1 christos <command>wpa_supplicant</command> system consists of the following 653 1.1 christos components:</para> 654 1.1 christos 655 1.1 christos <variablelist> 656 1.1 christos <varlistentry> 657 1.1 christos <term><filename>wpa_supplicant.conf</filename> </term> 658 1.1 christos <listitem> 659 1.1 christos <para>the configuration file describing all networks that the 660 1.1 christos user wants the computer to connect to. </para> 661 1.1 christos </listitem> 662 1.1 christos </varlistentry> 663 1.1 christos <varlistentry> 664 1.1 christos <term><command>wpa_supplicant</command></term> 665 1.1 christos <listitem><para>the program that directly interacts with the 666 1.1 christos network interface. </para></listitem> 667 1.1 christos </varlistentry> 668 1.1 christos <varlistentry> 669 1.1 christos <term><command>wpa_cli</command></term> <listitem><para> the 670 1.1 christos client program that provides a high-level interface to the 671 1.1 christos functionality of the daemon. </para></listitem> 672 1.1 christos </varlistentry> 673 1.1 christos <varlistentry> 674 1.1 christos <term><command>wpa_passphrase</command></term> 675 1.1 christos <listitem><para>a utility needed to construct 676 1.1 christos <filename>wpa_supplicant.conf</filename> files that include 677 1.1 christos encrypted passwords.</para></listitem> 678 1.1 christos </varlistentry> 679 1.1 christos </variablelist> 680 1.1 christos </refsect1> 681 1.1 christos 682 1.1 christos <refsect1> 683 1.1 christos <title>Quick Start</title> 684 1.1 christos 685 1.1 christos <para>First, make a configuration file, e.g. 686 1.1 christos <filename>/etc/wpa_supplicant.conf</filename>, that describes the networks 687 1.1 christos you are interested in. See <citerefentry> 688 1.1 christos <refentrytitle>wpa_supplicant.conf</refentrytitle> 689 1.1 christos <manvolnum>5</manvolnum> 690 1.1 christos </citerefentry> 691 1.1 christos for details.</para> 692 1.1 christos 693 1.1 christos <para>Once the configuration is ready, you can test whether the 694 1.1 christos configuration works by running <command>wpa_supplicant</command> 695 1.1 christos with following command to start it on foreground with debugging 696 1.1 christos enabled:</para> 697 1.1 christos 698 1.1 christos <blockquote><programlisting> 699 1.1 christos wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d 700 1.1 christos </programlisting></blockquote> 701 1.1 christos 702 1.1 christos <para>Assuming everything goes fine, you can start using following 703 1.1 christos command to start <command>wpa_supplicant</command> on background 704 1.1 christos without debugging:</para> 705 1.1 christos 706 1.1 christos <blockquote><programlisting> 707 1.1 christos wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B 708 1.1 christos </programlisting></blockquote> 709 1.1 christos 710 1.1 christos <para>Please note that if you included more than one driver 711 1.1 christos interface in the build time configuration (.config), you may need 712 1.1 christos to specify which interface to use by including -D<driver 713 1.1 christos name> option on the command line.</para> 714 1.1 christos 715 1.1 christos <!-- XXX at this point, the page could include a little script 716 1.1 christos based on wpa_cli to wait for a connection and then run 717 1.1 christos dhclient --> 718 1.1 christos 719 1.1 christos </refsect1> 720 1.1 christos 721 1.1 christos <refsect1> 722 1.1 christos <title>Interface to pcmcia-cs/cardmrg</title> 723 1.1 christos 724 1.1.1.9 christos <para>For example, the following small changes to pcmcia-cs scripts 725 1.1 christos can be used to enable WPA support:</para> 726 1.1 christos 727 1.1 christos <para>Add MODE="Managed" and WPA="y" to the network scheme in 728 1.1 christos <filename>/etc/pcmcia/wireless.opts</filename>.</para> 729 1.1 christos 730 1.1 christos <para>Add the following block to the end of <emphasis>start</emphasis> 731 1.1 christos action handler in <filename>/etc/pcmcia/wireless</filename>:</para> 732 1.1 christos 733 1.1 christos <blockquote><programlisting> 734 1.1 christos if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then 735 1.1 christos /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE 736 1.1 christos fi 737 1.1 christos </programlisting></blockquote> 738 1.1 christos 739 1.1 christos 740 1.1 christos <para>Add the following block to the end of <emphasis>stop</emphasis> 741 1.1 christos action handler (may need to be separated from other actions) in 742 1.1 christos <filename>/etc/pcmcia/wireless</filename>:</para> 743 1.1 christos 744 1.1 christos <blockquote><programlisting> 745 1.1 christos if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then 746 1.1 christos killall wpa_supplicant 747 1.1 christos fi 748 1.1 christos </programlisting></blockquote> 749 1.1 christos 750 1.1 christos <para>This will make <command>cardmgr</command> start 751 1.1 christos <command>wpa_supplicant</command> when the card is plugged 752 1.1 christos in.</para> 753 1.1 christos </refsect1> 754 1.1 christos 755 1.1 christos <refsect1> 756 1.1 christos <title>See Also</title> 757 1.1 christos <para> 758 1.1 christos <citerefentry> 759 1.1 christos <refentrytitle>wpa_background</refentrytitle> 760 1.1 christos <manvolnum>8</manvolnum> 761 1.1 christos </citerefentry> 762 1.1 christos <citerefentry> 763 1.1 christos <refentrytitle>wpa_supplicant.conf</refentrytitle> 764 1.1 christos <manvolnum>5</manvolnum> 765 1.1 christos </citerefentry> 766 1.1 christos <citerefentry> 767 1.1 christos <refentrytitle>wpa_cli</refentrytitle> 768 1.1 christos <manvolnum>8</manvolnum> 769 1.1 christos </citerefentry> 770 1.1 christos <citerefentry> 771 1.1 christos <refentrytitle>wpa_passphrase</refentrytitle> 772 1.1 christos <manvolnum>8</manvolnum> 773 1.1 christos </citerefentry> 774 1.1 christos </para> 775 1.1 christos </refsect1> 776 1.1 christos <refsect1> 777 1.1 christos <title>Legal</title> 778 1.1.1.9 christos <para>wpa_supplicant is copyright (c) 2003-2022, 779 1.1 christos Jouni Malinen <email>j (a] w1.fi</email> and 780 1.1 christos contributors. 781 1.1 christos All Rights Reserved.</para> 782 1.1 christos 783 1.1.1.3 christos <para>This program is licensed under the BSD license (the one with 784 1.1.1.3 christos advertisement clause removed).</para> 785 1.1 christos </refsect1> 786 1.1 christos </refentry> 787
Indexes created Tue May 05 00:25:04 UTC 2026