Geilt

Getting Wireless LAN Working in Linux using ifcfg and wpa_supplicant over WPA2_Personal with AES

This took me almost a full day to figure out so I figure I write down what I did for reference and for others benefit, seeing as I optimized my titles, tags and content. Makes it easier to find this site when using the searches I did to get to the information. I had to piece this together from multiple posts and instructions as each one didn’t work exactly right.

So, I recently got AT&T uVerse, and after configuring it accidentally with a WEP Open Shared Key, realized that not only is it not secure, but some devices have major problems connecting to it. Sometimes I would have a visitor with a laptop come over and the wi-fi just wouldn’t work.

I know Windows 7 has some issues connecting to an older less secure network, in fact, I have found myself having to manually configure networks sometimes in order to get it working if a network is using WEP, the automatic detection just fails. On my network however, even windows XP was failing, so it was time to change. I decided to go with WPA2_Personal using AES Encryption.

Everything was fine, all myd evices connected happily, even the linux box…taht is until I decided ot try to configure it using ifcfg and not Fedora’s built in whatever it is…

I knew how to bind eth0 style devices to my network, but I had never had to do it wirelessly, needless to say the need arose only because my wife decided that it was not acceptable to have a long wire running from the bedroom to the living room to use the extra PC as a server…hence the wireless solution! (At least now I don’t trip over the cord at night!)

I wont bother to bore with the details of the errors I was getting, so, after much frustration, here is how I figured out how to do it:

Firstly, find out if your device is present

ifconfig

Your output should look something like this:

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:3199 errors:0 dropped:0 overruns:0 frame:0
TX packets:3199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:257327 (251.2 KiB)  TX bytes:257327 (251.2 KiB)
wlan1     Link encap:Ethernet  HWaddr 00:FD:07:92:D9:54
inet addr:192.168.1.87  Bcast:192.168.1.255  Mask:255.255.255.0
inet6 addr: fe80::2fd:7ff:fe92:d954/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:7424 errors:0 dropped:0 overruns:0 frame:0
TX packets:955 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1423097 (1.3 MiB)  TX bytes:202122 (197.3 KiB)
Obviously, yours, if its not working, wont show the inet addr, Bcast or Mask. Rememebr to note the name of the wireless device, in this case, wlan1.
Then we should verify that the device is configured properly in network scripts (this is a first step, but was my final piece of the puzzle) by going to the directory and editing the file. This is both the commands and what the file should look like after editing
cd /etc/sysconfig/network-scripts
vi ifcfg-wlan1
DEVICE=wlan1
ONBOOT=yes
TYPE=Wireless
BOOTPROTO=dhcp
ESSID=”Command Center”
CHANNEL=2
Obviously Change “Command Center” (Geeky, I know.) to your Wireless ESSID, as well as changing the chanel. Make sure the device name is set properly. If there is nothing in this file, then add it and save it, it should have been there (mine wasn’t). There are other commands you can put into this file, look them up! But they are not needed.
Next we need to make sure that wpa_supplicant is installed, run the following:
yum install wpa_supplicant
Once that is done, run the following:
wpa_passphrase “Command Center” mypassword
Change mypassword to your actual password and “Command Center” d to the SSID of the network and it should output a key. Use double quotes when your SSID has a space in it. In this case, it looks like this when you use it.
network={
ssid=”Command Center”
#psk=”mypassword”
psk=5cdd33b91fb63436dd4fe751fe63d63b50bd37412dec1dcabb5cc7eefd5570c5
}
Save this block of text, because it is going to be inserted directly into another file next.
Next we get to play with wpa_supplicant:
cd /etc/wpa_supplicant
vi wpa_supplicant.conf
This should contain soem ifnormation in it, what you are going to do is either replace or add (if not existing) the network password information you just generated plus some other things in the network bracket included below. You dont have to copy the commented out physica password #psk=”mypassword” This is how it should look in the end:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=2
fast_reauth=1
network={
scan_ssid=0
proto=WPA RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
ssid=”Command Center”
psk=5cdd33b91fb63436dd4fe751fe63d63b50bd37412dec1dcabb5cc7eefd5570c5
}
Now for the final steps
Run this to make sure that wlan1 is at the top of the list ni devices
sudo ifconfig wlan1 up
then scan for networks
iwlist scan
Next, we are going to connect to the Wireless Access Point
sudo iwconfig essid “Command Center” channel 2
Now, we need to enable/start wpa_supplicant
sudo wpa_supplicant -B -Dwext -iwlan1 -c/etc/wpa_supplicant/wpa_supplicant.conf
If it stated sucessfully then run:
sudo dhclient wlan1
You should be online! Congrats! And yes, it is a lengty and difficult process but once you understand it you can do it again and again.
I would like to thank the following websites for providing clues and how to’s of their own that led me to my answer.
Servers
  • Share:

Digital Nomad. Programmer, Entrepreneur. Academic, Philosopher, Spiritualist. Gamer, VR/AR, IoT & Wearables. CTO @esotech.com @tldcrm.com. Miami, FL Native

Servers

Manually Adding IP Address Range to Linux – Fedora and Redhat – Thanks @Softlayer

  • Alexander Conroy
Repair

Reset TCP/IP and Winsock in Windows – Fix your Broken Internet and Local Network Connections

  • Alexander Conroy
SEO

How to Move Your Website without Losing SEO Rankings: A Records, 301’s and Not Taking BS From Your Designer

  • Alexander Conroy
Next Post
Servers

Manually Adding IP Address Range to Linux – Fedora and Redhat – Thanks @Softlayer

This took me almost a full day to figure out so I figure I write down what I did for...