This weekend (Thanks to my Dad), I finally replaced the last 802.11b device on my network.  This device, a D-Link Wireless Client that I used to connect my Wired-Desktop to my Wireless router, forced me to run my entire network at 802.11b with WEP, as it didn’t support WPA and couldn’t find the router when G mode was enabled.  It was a pretty significant impact to both the speed and security of my network, but it did a fine job of what it did so I can’t complain too much.  Unfortunately, it finally died so I replaced it with a much simpler Airlink USB key, identical to the one on my MythTV.

With this in place, I reconfigured my network to support both G & B devices (Of course everything was running at G now), and switched from a 128-bit WEP key to WPA Personal with TKIP encryption.  The laptop and the desktop connected without too much trouble, but the linux machine proved quite difficult.  At first I thought I could simply change the ‘wireless-key’ entry in the /etc/network/interfaces file to the new WPA passphrase and then restart the device.  This never worked.  After many failed iterations, I slunk back to my computer to dig through some google search results.

It didn’t take long before I found out that apparently Linux Wireless support is lacking WPA.  To remedy this, there is a tool called wpa_supplicant that adds this functionality.  Of course, I had to reset the network back to WEP, run ‘apt-get install wpasupplicant’, then reconfigure everything back to WPA again. Then I was finally ready to enable it.

The new /etc/network/interfaces file looks like this:

# /etc/network/interfaces — configuration file for ifup(8), ifdown(8)

# The loopback interface
# automatically added when upgrading
auto lo eth3
iface lo inet loopback

iface eth3 inet dhcp
        wireless-essid Gauntlet
        pre-up wpa_supplicant -Bw -Dwext -i eth3 -c /etc/wpa_supplicant.conf
        down killall wpa_supplicant

This is significantly simpler that the previous one, with the exception of the long "pre-up" line which starts the WPA daemon.  It uses the wpa_supplicant.conf file, which looks like this:

# reading passphrase from stdin
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
        ssid="Gauntlet"
        psk=<encoded key>
}

(Again, you don’t think I’m silly enough to post my key here do ya?)  This file is mostly generated with the wpa_passphrase command, which spits out that entire "network" block with your WPA Passphrase encoded into a very long hexadecimal key.  Also, you might notice the "ap_scan=1" which forces the card to do a full AP scan prior to connecting.  This fixes the problem I had before where I had to add a "iwlist scan" to get my network device to work before.

So, for all the pain I had in setting it up, it’s running 10x faster now and much more securely.  It took me about 2 hours to get this all figured out, and I had alot of help from various forums. (An Article from Enterprise Networking planet, Gentoo Wiki Instructions, and the VERY useful Linux Home Networking article).  So hopefully my experience can save you some trouble getting it working yourself.
[tag:wifi][tag:linux][tag:wpasupplicant]

Be Sociable, Share!