Setting up WPA encryption on Arch Linux
Everyone knows that WEP isn't secure for wireless networks anymore and WPA/WPA2 should be used instead. Configuring WPA security is a matter of a few clicks on all modern hardware access points.
But connecting your Linux system to such a secured network requires a little helper utility called wpa_supplicant. Tools like Network Manager or Wicd will automatically configure and run wpa_supplicant for you.
But for my desktop PC I didn't need a flexible connection manager. My PC doesn't change networks, it will always connect to the same WLAN. But how to configure such a static network in Arch?
The default network mechanism only supports WEP, so I had to create my own little solution…
Setup wpa_supplicant
As said before, wpa_supplicant is the key to WPA secured networks. The basic setup is well described in the Arch Wiki page. After following the steps outlined there, my /etc/wpa_supplicant.conf
looks like this:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel network={ ssid="mynetwork" #psk="secret passphrase" psk=079d2fae6076188a16502cb87dbe30ad893549ca52c0a837c02bb272bfdccb5f }
Creating an init script
Now we need a script that
- configures the wireless interface
- runs wpa_supplicant
- brings up the network interface
And that's exactly what the script below does. Put it in /etc/rc.d/network-wpa
and make it executable by root.
#!/bin/bash WPA_IF='wlan0' WPA_ESSID='none' WPA_IFCFG='' . /etc/rc.conf . /etc/rc.d/functions case "$1" in start) if ! ck_daemon network-wpa; then echo "WPA Network is already running. Try 'network restart'" exit fi stat_busy "Starting WPA Network" # setup wireless interface if ! /usr/sbin/iwconfig $WPA_IF essid "$WPA_ESSID" mode Managed; then stat_fail exit fi # wait for associacion /bin/sleep 10 # run wpa_supplicant if ! /usr/sbin/wpa_supplicant -B -Dwext -i $WPA_IF -c /etc/wpa_supplicant.conf; then stat_fail exit fi # bring up interface if [ -z "$WPA_IFCFG" ]; then if ! /sbin/dhcpcd $WPA_IF; then stat_fail exit fi else if ! /sbin/ifconfig $WPA_IF $WPA_IFCFG; then stat_fail exit fi fi add_daemon network-wpa stat_done ;; stop) stat_busy "Stopping WPA Network" killall wpa_supplicant /bin/sleep 1 ifconfig $WPA_IF down rm_daemon network-wpa stat_done ;; restart) $0 stop /bin/sleep 2 $0 start ;; hotplug_ifup|ifup|ifdown|iflist|rtup|rtdown|rtlist) $1 $2 ;; *) echo "usage: $0 {start|stop|restart}" echo " $0 {ifup|ifdown|iflist|rtup|rtdown|rtlist}" esac
Setup rc.conf
Now we need to configure our WPA secured network and make the init process load our new init script. Both is done in /etc/rc.conf
:
# configure WPA encryption for wireless network WPA_IF="ath0" WPA_ESSID="mynetwork" WPA_IFCFG="192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255" # Routes to start at boot-up (in this order) # Declare each route then list in ROUTES # - prefix an entry in ROUTES with a ! to disable it # gateway="default gw 192.168.1.1" ROUTES=(gateway) DAEMONS=(syslog-ng hal fam network-wpa network netfs ...)
The the three new WPA_* variables should be self explanatory. WPA_IF
is your wireless interface, typically wlan0
or ath0
. The next one is your ESSID (the same as configured in /etc/wpa_supplicant.conf
). And the WPA_IFCFG
variable is used for passing arguments to ifconfig, if you leave it empty DHCP should be used1).
The route lines standard Arch networking config and the last line adds our new network-wpa
script. It is important that it is loaded before the usual network
script to be able to setup additional network stuff like routes there.