- With this setup, wpa_supplicant automatically changes network when needed. - Moreover, the network can be changed in userspace and new networks can be added. - All withouth the bloat of NetworkManager and ModemManager. -
- - -- /etc/network/interfaces needs for direct use with a wpa_supplicant daemon. - This is done by setting the wireless network as follows. -
- --allow-hotplug wlp2s0 -iface wlp2s0 inet manual - wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf -- -
- This basically means that a wpa_supplicant will be watching the networks specified in the config and switch when in range. - Note that the iface is set to manual and not dhcp. - This means that below those lines you can configure your networks from the config manually. - So say that you have a network in the wpa_supplicant.conf with id_str="work"" that needs to be configured with dhcp, you add the following lines: -
- --iface work inet dhcp -- -
- Setting id_strs for all networks is tedious so to create a default setting you can use the default network name to for example set all wifi networks to dhcp. -
- --iface default inet dhcp -- -
- The config file for wpa_supplicant should at least contain the following lines. - The interface line defines the control socket and states that all users in the netdev group may control wpa_supplicant. - The update_config line states that the config file may be updated, thus having persistent changes. - Users you allow changing the config therefore have to be added to netdev. -
- --interface=DIR=/run/wpa_supplicant GROUP=netdev -update_config=1 -- -
- Followed are all the network configurations. - For these configuration consult the manpage for wpa_supplicant. - E.g. for WPA2 networks you can use the wpa_passphrase tool. - For eduroam, don't handcraft configs either, use the configuration assistant. - This tool will generate a wpa_supplicant.conf if it fails to talk to networkmanager. -
- -- Editing the config file is tedious and error prone. - Moreover, it requires a restart of wpa_supplicant to reinistate the config. - Luckily there are two tools that allow you to do this in-place using either the command line (wpa_cli is not discussed here) and via a GUI(wpa_gui). - If your user is a member of the netdev group you can just start it up. - Note that it resides by default in /usr/sbin. - wpa_gui is a graphical frontend where you can add, remove, diagnose and change wireless networks with almost as much functionality as wpa_cli. -
- -- Eduroam gives a nice configuration assistant tools nowadays that will generate a wpa_supplicant.conf entry for you. - Previously you could hash your password using md4 but I haven't tested whether this still works. -
- -- The tool worked before™ but not anymore on my debian testing version. - Therefore I've pasted my config here for later reference. - You get the ca_cert from the assistant tool. - I might upload that here as well. -
-
-network={
- ssid="eduroam"
- proto=RSN
- key_mgmt=WPA-EAP
- pairwise=CCMP
- auth_alg=OPEN
- eap=PEAP
- identity="YOURUSERNAME@ru.nl"
- anonymous_identity="anonymous@ru.nl"
- password="YOURPASSWORD"
-# ca_cert="/home/frobnicator/.cat_installer/ca.pem"
- domain_suffix_match="authenticatie.ru.nl"
- phase2="auth=MSCHAPV2"
-}
-
-
- - The new version of openssl disables everything lower than TLSv1.2. - If you see errors in /var/log/syslog about TLS you have to allow lower version TLS versions by changing the last two lines in /etc/ssl/openssl.cnf to: -
--MinProtocol = TLSv1.0 -CipherString = DEFAULT@SECLEVEL=1 -- -
- When you have an ethernet jack as well in your laptop you might be tempted to put this in your /etc/network/interfaces as well -
--auto enp0s31f6 -iface enp0s31f6 inet dhcp --
- However, this results in your machine eagerly waiting for a connection at boot because a connected ethernet jack means a connected card, and the card is always connected in a laptop. - ifupdown-extra contains scripts to fix this. - Just link /etc/network/if-up.d/00check-network-cable to /etc/network/if-pre-up.d/00check-network-cable and be good to go. - If your system has predictable network names you might need to apply this patch first -
- -