This is a personal guide showing how I configured two laptops to run a wireless connection that makes it seemless for the user, connecting to a home wireless LAN using WEP or WPA, and a different wireless system at work. The guide was written initially for Fedora F7 but I have updated this page for the small changes needed for wireless to work the same way in F8.
There are several advantages to setting up wireless this way. The setup is independent of which desktop you use so Gnome, KDE or any other desktop will not change the way in which this works. Also you have total control over which networks you allow the machine to connect to, and it will connect to the strongest signal among the networks you have chosen to allow. Adding new networks is very simple once the system is working.
In order to prepare the laptop for using wpa_supplicant you should make sure that the wireless chip is one which already has a driver in the kernel. In my case one laptop ( Dell D610 ) has a built-in ipw2200 wireless card, and in the other case there is a built-in ipw3945 wireless card. With an up to date Fedora 7 kernel these drivers need no additional installation and the wireless will work out-of-the-box, provided the wireless software is set up appropriately.
There is an issue which has often caught me out in the past and that is the matter of firewalls blocking outbound traffic. If you find that you have set up everything according to the instructions below and yet you cannot send any traffic or make a connection, then try to turn off the firewall (i.e. as root do "service iptables stop") and test again. Very often any message you get will not lead you to suspect that there is a firewall blocking traffic. If this is the case then once everything is working with your firewall off then open the apppropriate ports to allow traffic out on the wireless interface and all should be well.
First check that the appropriate software is installed:
The earlier kernels had less mature copies of the iwl3945 driver. Make sure your system is up-to-date. In all the changes that follow it is necessary to switch user to root - i.e. "su -" (without quotes) and then enter the root password. Note that the hyphen is necessary.
Now the system is ready to set up wireless.
In FC6 wpa_supplicant was much less mature and getting the wireless set up with the method shown in this how-to did not work unless additional changes were made. Therefore if you are still running FC6 I would strongly recommend installing F7 instead.
INTERFACES="-ieth1" DRIVERS="-Dwext"
If you are setting up for a machine with an ipw3945 card, then instead use the following lines in this file:
INTERFACES="-iwlan0" DRIVERS="-Dwext"
Next we make sure that the interface card definition is set up in case you want to use manual networking, note that manual set up will not be able to use WPA encryption, only WEP.
For ipw3945 card the file /etc/sysconfig/network-scripts/ifcfg-eth1 should have a similar structure to that below.
# Please read /usr/share/doc/initscripts-*/sysconfig.txt # for the documentation of these parameters. ONBOOT=no USERCTL=yes PEERDNS=yes TYPE=Wireless DEVICE=eth1 HWADDR=00:13:CE:xx:xx:xx BOOTPROTO=dhcp ESSID=myssid KEY='my_long_wep_key restricted' MODE=Managed PEERNTP=no IPV6INIT=no
Note that the PEERDNS=yes allows the system to re-write the /etc/resolv.conf when dhcp starts and this allows the system to pull ip addresses from the correct location when internet calls are made, and this is needed when using the laptop at different locations where the contents of this file will be different.
For the ipw3945 card we need to have a file called ifcfg-wlan0 instead of ifcfg-eth1. In this case we need a line DEVICE=wlan0 and not eth1. Put the correct MAC address in for HWADDR and the correct ssid and WEP key.
When testing this initially I started with this file defined correctly and did "ifup eth1" or "ifup wlan0" as appropriate with the Wireless Access Point set to use WEP encryption only. If this works then you can change over from using manual start of the interface to using wpa_supplicant with WEP encryption instead, and then later swap over to WPA encryption. Testing in stages is very useful!
# wpa_supplicant # # chkconfig: - 12 88are changed to become:
# wpa_supplicant # # chkconfig: - 09 88i.e. the 12 becomes 09. This allows the supplicant to startup correctly if set to do so at boot time.
The main definition of the different networks is placed within this file. Once the supplicant is working then all that is needed is to change this file on any laptop in order to connect to the most appropriate wireless network that you specify. All the home and work (or other) networks that you may wish to connect to are defined in this file.
My file has content that defines a home WEP encrypted AP for initial testing, as well as a home WPA encrypted AP, and finally a WPA-PEAP wireless system at work that needs authentication using my work username and password. The contents are:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
#Taking examples from /usr/share/doc/wpa_supplicant-0.5.7/wpa_supplicant.conf
eapol_version=1
ap_scan=1
fast_reauth=1
#Home network WEP only - now commented out
#network={
# ssid="myssid"
# key_mgmt=NONE
# wep_key0=xxxxxxxxxxxxxxxxxxxx
# wep_tx_keyidx=0
# priority=5
#}
# Home WPA network block - this will connect to home WPA or WPA2
network={
ssid="myssid"
key_mgmt=WPA-PSK
proto=WPA RSN
pairwise=CCMP TKIP
group=CCMP TKIP
psk="xxxxxxxxxxxxxxxxxxxxxx"
priority=10
}
# York University eduroam network block
network={
ssid="eduroam"
scan_ssid=1
proto=WPA RSN
key_mgmt=WPA-EAP
eap=PEAP
pairwise=CCMP TKIP
identity="myusername@york.ac.uk"
password="mypassword"
ca_cert="/etc/pki/tls/cert.pem"
subject_match="/C=GB/L=York/O=University of York/OU=Computing Service/OU=Terms of use at www.verisign.co.uk/rpa (c)05/OU=Authenticated by VeriSign/OU=Member, VeriSign Trust Network/CN=nasaaa1.york.ac.uk"
phase2="auth=MSCHAPV2"
# priority=5
}
For the initial tests with WEP encryption I uncommented the first "network block" from
#network={
# ssid="myssid"
to
priority=10
}
Once I was sure that using wpa_supplicant with WEP was working then I commented this out.
I initially tested by running the supplicant manually in a terminal, after shutting down the "normal" wireless connection with "ifdown eth1" or "ifdown wlan0", as appropriate. The command "wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -ieth1" runs the supplicant manually. For the ipw3945 chip use -iwlan0 insted of -ieth1. To check if the wireless is up use the command "iwconfig". You should see that you have the correct ssid and the key is set correctly. If so then you can get an ip using "dhclient eth1", or "dhclient wlan0" as appropriate
If this works and you then can make an ssh call or connect to an external web page using a web browser then you are set up.
Then kill the wpa_supplicant using ctrl-c, and kill the dhclient using "killall dhclient" and now start the supplicant using the daemon mode instead by "service wpa_supplicant start" and then, if this works, get an ip using, "dhclient eth1" or "dhclient wlan0" as previously.
At this point you are ready to see if it works at boot time. To do this type "chkconfig wpa_supplicant on" which will start the supplicant at boot time, and then edit /etc/rc.local to contain two extra lines after the "touch" line:
touch /var/lock/subsys/local /bin/sleep 1 /sbin/dhclient eth1
For the ipw3945 card change eth1 to wlan0
Now if you re-boot you should find that the machine boots up and by the time you have logged in you will already have the wireless connection running.
Now that WEP is working switching to WPA should be simple. Comment out the WEP network block in the wpa_supplicant.conf file and make sure that your WPA home network parameters are correct for the ssid and pre-shared key (psk) in the WPA home network block. Now switch your Access Point to use WPA (or WPA2 if it is available) and ensure that this is saved in the config in your Access Point using its web interface to control changes. Now simply do "service wpa_supplicant restart" and the connection should re-establish using WPA encryption instead of WEP. Now you are done, and any other laptops using the same home wireless LAN can have their wpa config files set up in the same way for access to the HOME lan.
If you have a work network, or other wireless network which has different ssid and other parameters then simply add new network blocks starting with network{ and ending with } to the wpa_supplicant.conf file, and add "priority" lines if you wish to prioritise which available networks should be tried before others.
A useful taskbar applet can be added in KDE showing the wireless information status - which shows a nice green bar when the wireless is connected and working. That way you can see if at any time the connection is lost.
The advantage of setting up wireless in this way is that for any non-technical users of the laptop no knowledge is needed of the wireless networks or how to connect. The machine can be booted up, and the browser started in a very simple way. This is ideal for elderly relatives who can use the browser but who have never had any computer training, but where the other relative responsible for the provision of the laptop knows about admin for Fedora.
The instructions above largely apply to F8 as well, apart from a few minor points
1) The workaround for getting the wpa_supplicant daemon to start at boot time needs to be changed. Leave the stock /etc/init.d/wpa_supplicant as it is from the install and don't modify it.
2) The lines in /etc/rc.local must instead be:
touch /var/lock/subsys/local /bin/sleep 1 /sbin/service wpa_supplicant start /bin/sleep 2 /sbin/dhclient eth1Everything else works as for F7.
Update on 30th December 2007
There is now an update to wpa_supplicant in Fedora Updates-testing - version wpa_supplicant-0.5.7-20.fc8. Hopefully this version will be pushed to the main updates repo soon. With this version wpa_supplicant will start at boot time if the following changes are made:
Change the lines in /etc/rc.local totouch /var/lock/subsys/local /bin/sleep 2 /sbin/dhclient eth1Then make sure that /etc/sysconfig/wpa_supplicant has the correct interface and driver definition after this version is installed. Also switch wpa_supplicant back on for boot time with
# chkconfig wpa_supplicant onThen reboot with everything else set as above. This worked for me for all machines without further change, except for a laptop with the iwl3945 driver for which it needed the -u flag removing in /etc/sysconfig/wpa_supplicant. The ipw2200 and rt73 drivers did not require this change and ran fine with the -u flag set (i.e. using messagebus)
Disclaimer: The author makes no claim to the accuracy of the information provided. This information is provided in the hope that it will be useful, but WITHOUT ANY WARRANTY. There is no implied support from referencing this guide. Use this information at your own risk. Always make proper backups and use caution when modifying critical system files.
Mike Cohler
