Everyone knows that WEP isn't secure for wireless networks anymore and WPA/WPA2 should be used instead. Configuring WPA security is a matter of a few clicks on all modern hardware access points.

But connecting your Linux system to such a secured network requires a little helper utility called wpa_supplicant. Tools like Network Manager or Wicd will automatically configure and run wpa_supplicant for you.

But for my desktop PC I didn't need a flexible connection manager. My PC doesn't change networks, it will always connect to the same WLAN. But how to configure such a static network in Arch?

The default network mechanism only supports WEP, so I had to create my own little solution…

As said before, wpa_supplicant is the key to WPA secured networks. The basic setup is well described in the Arch Wiki page. After following the steps outlined there, my /etc/wpa_supplicant.conf looks like this:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

network={
	ssid="mynetwork"
	#psk="secret passphrase"
	psk=079d2fae6076188a16502cb87dbe30ad893549ca52c0a837c02bb272bfdccb5f
}

Now we need a script that

1. configures the wireless interface
2. runs wpa_supplicant
3. brings up the network interface

And that's exactly what the script below does. Put it in /etc/rc.d/network-wpa and make it executable by root.

#!/bin/bash
 
WPA_IF='wlan0'
WPA_ESSID='none'
WPA_IFCFG=''
 
. /etc/rc.conf
. /etc/rc.d/functions
 
case "$1" in
    start)
        if ! ck_daemon network-wpa; then
            echo "WPA Network is already running.  Try 'network restart'"
            exit
        fi
        stat_busy "Starting WPA Network"
 
        # setup wireless interface
        if ! /usr/sbin/iwconfig $WPA_IF essid "$WPA_ESSID" mode Managed; then
            stat_fail
            exit
        fi
 
        # wait for associacion
        /bin/sleep 10
 
        # run wpa_supplicant
        if ! /usr/sbin/wpa_supplicant -B -Dwext -i $WPA_IF -c /etc/wpa_supplicant.conf; then
            stat_fail
            exit
        fi
 
        # bring up interface
        if [ -z "$WPA_IFCFG" ]; then
            if ! /sbin/dhcpcd $WPA_IF; then
                stat_fail
                exit
            fi
        else
            if ! /sbin/ifconfig $WPA_IF $WPA_IFCFG; then
                stat_fail
                exit
            fi
        fi
 
        add_daemon network-wpa
        stat_done
        ;;
    stop)
        stat_busy "Stopping WPA Network"
        killall wpa_supplicant
        /bin/sleep 1
        ifconfig $WPA_IF down
        rm_daemon network-wpa
        stat_done
        ;;
    restart)
        $0 stop
        /bin/sleep 2
        $0 start
        ;;
    hotplug_ifup|ifup|ifdown|iflist|rtup|rtdown|rtlist)
        $1 $2
        ;;
    *)
        echo "usage: $0 {start|stop|restart}"
        echo "       $0 {ifup|ifdown|iflist|rtup|rtdown|rtlist}"
esac

Now we need to configure our WPA secured network and make the init process load our new init script. Both is done in /etc/rc.conf:

# configure WPA encryption for wireless network
WPA_IF="ath0"
WPA_ESSID="mynetwork"
WPA_IFCFG="192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255"
 
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
#   - prefix an entry in ROUTES with a ! to disable it
#
gateway="default gw 192.168.1.1"
ROUTES=(gateway)
 
DAEMONS=(syslog-ng hal fam network-wpa network netfs ...)

The the three new WPA_* variables should be self explanatory. WPA_IF is your wireless interface, typically wlan0 or ath0. The next one is your ESSID (the same as configured in /etc/wpa_supplicant.conf). And the WPA_IFCFG variable is used for passing arguments to ifconfig, if you leave it empty DHCP should be used¹⁾.

The route lines standard Arch networking config and the last line adds our new network-wpa script. It is important that it is loaded before the usual network script to be able to setup additional network stuff like routes there.

Similar posts:

• Network Upgrade
• LAN Upgrade
• Google Gears on Firefox 3.6 (ArchLinux)