Scribd
Upload
59 views

WiFi - HowToUse - Debian Wiki

This document describes how to configure a WiFi interface on a Debian system using NetworkManager, wicd, or wpa_supplicant. NetworkManager provides graphical configuration for GNOME and KDE and is a front-end for wpa_supplicant. Wicd is an alternative to NetworkManager that works across desktop environments. Wpa_supplicant can also be configured from the command line to connect to WPA-PSK, WPA2-PSK, or WPA-EAP secured networks by editing configuration files and bringing the interface up with ifup.

Uploaded by

Mike Dessenov
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
59 views

WiFi - HowToUse - Debian Wiki

This document describes how to configure a WiFi interface on a Debian system using NetworkManager, wicd, or wpa_supplicant. NetworkManager provides graphical configuration for GNOME and KDE and is a front-end for wpa_supplicant. Wicd is an alternative to NetworkManager that works across desktop environments. Wpa_supplicant can also be configured from the command line to connect to WPA-PSK, WPA2-PSK, or WPA-EAP secured networks by editing configuration files and bringing the interface up with ifup.

Uploaded by

Mike Dessenov
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

How to use a WiFi interface

Translations: English - French - Italiano - Русский -

This page describes how to configure a WiFi interface on a Debian system, for use on a network.

Once your wireless device has an interface available (verifiable with iwconfig), it is required to be
configured to access a network. If you do not have a wireless interface present, please refer to
WiFi for information on providing a driver for your device.

Wireless network interface configuration can be performed using a connection manager (such as
NetworkManager) or through Debian's /etc/network/interfaces file with a special
purpose utility (such as wpa_supplicant). Examples of NetworkManager and wpa_supplicant
configuration are described below.

The WEP algorithm is insecure and deprecated by WPA. Use of WEP is not recommended
and is not covered within this document.

NetworkManager

NetworkManager is configured through graphical interfaces, which are available for GNOME
and KDE. Your wireless interface should not be referenced within Debian's
/etc/network/interfaces file.

NetworkManager is also a front-end for wpa_supplicant.

GNOME

1. Ensure your user account is a member of the netdev group.

2. Install the network-manager-gnome package:

$ su
# apt-get update
# apt-get install network-manager-gnome

3. Log out of GNOME, then log back in to your system.


4. A new applet (computer icon) will appear in the notification area / system tray. Left-click
this icon to present the nm-applet pop-up menu.
5. Neighboring wireless networks with a broadcasted SSID should be listed:
Click on the desired network's name.
If the network uses WPA encryption with a password (aka passphrase/pre-shared
key), you will be prompted to enter it. After providing, click the "Connect" button.
The wireless network connection will be activated.
If the desired network is not listed (e.g. SSID not broadcast/hidden):
Click "Connect to Other Wireless Network...".
Enter the network's SSID at "Network Name".
If encryption is used, select the method from the "Wireless Security" drop-down list
(usually "WPA Personal" or "WPA2 Personal").
Enter the passphrase/pre-shared key at "Password".
Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support
references.

KDE

1. Ensure your user account is a member of the netdev group.

2. Install the plasma-widget-networkmanagement package:

$ su
# aptitude update
# aptitude install plasma-widget-networkmanagement

3. Add the Network Management plasma widget to your system tray.


Click on the Plasma "foot"
Click "Add Widget"
Search for "Network"
Drag the "Network Management" item to your system tray.
4. A new applet (wallplug/socket icon) will appear in the system tray. Click this icon.
5. Neighboring wireless networks with a broadcasted SSID should be listed:
Click on the desired network's name.
If the network uses WPA encryption with a password (aka passphrase/pre-shared
key), you will be prompted to enter it. After providing, click the "Connect" button.
The wireless network connection will be activated.
If the desired network is not listed (e.g. SSID not broadcast/hidden):
Click "Connect to Other Wireless Network...".
Enter the network's name in "Name (ESSID)".
Tick "Use Encryption" if in use on the network.
Select the encryption method used (usually "WPA Personal").
Enter the passphrase/pre-shared key at "Password".
Select "WPA 1" or "WPA 2" for the protocol version, as used by the network.
Click the "Connect" button to activate the wireless network connection.
See the NetworkManager page for frequently asked questions, documentation and support
references.

Wicd

You must remove network-manager to get wicd to work. Check to see if network-manager is
installed and see if, after you installed the driver, your wireless is already working in the
notification area of your desktop manager. You may already be good to go.

wicd (Wireless Interface Connection Daemon) is a lightweight alternative to NetworkManager.


It is environment-independent, making it suitable for all desktop environments, including
GNOME, Xfce, LXDE, and Fluxbox. Like NetworkManager, wicd is configured via a graphical
interface. Your wireless interface should not be referenced within Debian's
/etc/network/interfaces file.

1. Update the list of available packages and install the wicd package:

$ su
# aptitude update
# aptitude install wicd

2. Amend /etc/network/interfaces to contain only the following:

# This file describes the network interfaces available on your


system
# and how to activate them. For more information, see
interfaces(5).

# The loopback network interface


auto lo
iface lo inet loopback

Note: as of wheezy it is fine to have your wireless interface in


/etc/network/interfaces, but not required. You can set the wireless interface (e.g.
wlan0) in the wicd client's preferences.

3. If not already performed, add your regular user account to the netdev group and reload
DBus:

# adduser yourusername netdev


# /etc/init.d/dbus reload

4. Start the wicd daemon:


# /etc/init.d/wicd start

5. Start the wicd GUI with your regular user account:

# exit
$ wicd-client -n

See also wicd frequently asked questions.

Command Line

Find your wireless interface and bring it up:

# ip a
# iwconfig
# ip link set wlan0 up

Scan for available networks and get network details:

$ su
# iwlist scan

Now edit /etc/network/interfaces. The required configuration is much dependent on


your particular setup. See the following example to get an idea of how it works:

# my wifi device
auto wlan0
iface wlan0 inet dhcp
wireless-essid [ESSID]
wireless-mode [MODE]

For further information on available configuration options, see man interfaces,


man wireless and /usr/share/doc/wireless-tools/README.Debian.

You can now bring your interface up and down with the usual ifup and ifdown commands. If
you added auto wlan0 as in the example above, the interface should be brought up
automatically during boot up.

wpa_supplicant

wpa_supplicant is a WPA client and IEEE 802.1X supplicant.

The wpasupplicant package provides wpa-* ifupdown options for


/etc/network/interfaces. If these options are specified, wpa_supplicant is started in the
background when your wireless interface is raised and stopped when brought down.
GNOME and KDE users shouldn't configure wpa_supplicant manually. Use
NetworkManager as explained above.

Before continuing, install the wpasupplicant package:

$ su
# aptitude update
# aptitude install wpasupplicant

WPA-PSK and WPA2-PSK

Also known as "WPA Personal" and "WPA2 Personal" respectively.

1. Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key


(PSK) disclosure (alternatively use a separate config file such as
/etc/network/interfaces.d/wlan0 on newer Debian versions):

# chmod 0600 /etc/network/interfaces

2. Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering
the following example:

$ wpa_passphrase myssid my_very_secret_passphrase

If you don't put the passphrase on the command line, it will be prompted for. The above
command gives the output:

network={
ssid="myssid"
#psk="my_very_secret_passphrase"

psk=ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b

you'll need to copy from "psk=" to the end of the line, to put in your
/etc/network/interfaces file.

3. Open /etc/network/interfaces in a text editor :

# sensible-editor /etc/network/interfaces

4. Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH.
For example :
auto wlan0
iface wlan0 inet dhcp
wpa-ssid myssid
wpa-psk
ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b

The "auto" stanza will bring your interface up at system startup. If not desired, remove or
comment this line.
5. Save the file and exit the editor.

6. Bring your interface up. This will start wpa_supplicant as a background process.

# ifup wlan0

Additional wpa-* options are described within


/usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if
connecting to a network not broadcasting its SSID.

For general /etc/network/interfaces information, see the interfaces(5) man page.

WPA-EAP

For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file
and provide the client-side certificate. An example WPA2-EAP configuration file can be found at
/usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.

Once available, reference your configuration file in /etc/network/interfaces. For


example:

auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented


wpa_supplicant configuration file example is at
/usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections

To switch between multiple distinct configurations:

GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't
work in etch)
Console users can

use logical interfaces, as

iface wlan_home inet dhcp


wpa-ssid mynetworkname
wpa-psk mysecretpassphrase

# ifup wlan0=wlan_home

use ifscheme, see the example configuration at alwayssunny.com.

You can use guessnet(8) to switch profiles automatically by your location.

Security consideration

1. Every member of a network can listen to other members' traffic (whether it's an
unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols
(HTTPS, IMAPS...) or VPN to preserve your privacy.

2. WEP is so insecure that it is basically equivalent to not using any encryption at all.

3. WPA1 is deprecated. Use WPA2 instead.

4. Make sure you use a strong pass-phrase.

Network security, see: http://www.aircrack-ng.org/doku.php?id=tutorial.

See Also

WiFi/AdHoc - Establishing a WiFi network without an access point.

iwconfig(8)

NetworkConfiguration

NetworkManager

WiFi

WPA

CategoryNetwork | CategoryWireless

You might also like