wpa_supplicant

       cant

SYNOPSIS
       wpa_supplicant [ -BddfhKLqqtuvW ] [ -iifname ]  [  -cconfig  file  ]  [
       -Ddriver ] [ -PPID_file ] [ -foutput file ]


OVERVIEW
       Wireless  networks do not require physical access to the network equip-
       ment in the same way as wired networks. This makes it easier for  unau-
       thorized users to passively monitor a network and capture all transmit-
       ted frames.  In addition, unauthorized use of the network is much  eas-
       ier. In many cases, this can happen even without user's explicit knowl-
       edge since the wireless LAN adapter may have been configured  to  auto-
       matically join any available network.

       Link-layer  encryption  can  be used to provide a layer of security for
       wireless networks. The original wireless  LAN  standard,  IEEE  802.11,
       included a simple encryption mechanism, WEP. However, that proved to be
       flawed in many areas and network protected with WEP cannot be  consider
       secure.  IEEE  802.1X authentication and frequently changed dynamic WEP
       keys can be used to improve the network security,  but  even  that  has
       inherited  security  issues due to the use of WEP for encryption. Wi-Fi
       Protected Access and IEEE 802.11i amendment to the wireless  LAN  stan-
       dard  introduce a much improvement mechanism for securing wireless net-
       works. IEEE 802.11i enabled networks that are  using  CCMP  (encryption
       mechanism  based  on strong cryptographic algorithm AES) can finally be
       called secure used for applications which require efficient  protection
       against unauthorized access.

       wpa_supplicant  is  an  implementation of the WPA Supplicant component,
       i.e., the part that runs in the client stations. It implements WPA  key
       negotiation  with  a  WPA  Authenticator  and  EAP  authentication with
       Authentication Server. In addition, it controls the  roaming  and  IEEE
       802.11 authentication/association of the wireless LAN driver.

       wpa_supplicant  is  designed  to be a "daemon" program that runs in the
       background and acts as the backend component controlling  the  wireless
       connection.  wpa_supplicant  supports separate frontend programs and an
       example text-based frontend, wpa_cli, is included with wpa_supplicant.

       Before wpa_supplicant can do its work, the network  interface  must  be
       available.   That  means  that  the physical device must be present and
       enabled, and the driver for the device must be loaded. The daemon  will
       exit immediately if the device is not already available.

       After  wpa_supplicant  has  configured the network device, higher level
       configuration such as DHCP may proceed.  There are a variety of ways to
       integrate  wpa_supplicant into a machine's networking scripts, a few of
       which are described in sections below.

       The following steps are used when associating with an AP using WPA:

       o wpa_supplicant requests the kernel driver to scan neighboring BSSes
       o If WPA-PSK: wpa_supplicant uses PSK as the master session key

       o wpa_supplicant  completes WPA 4-Way Handshake and Group Key Handshake
         with the Authenticator (AP)

       o wpa_supplicant configures encryption keys for unicast and broadcast

       o normal data packets can be transmitted and received

SUPPORTED FEATURES
       Supported WPA/IEEE 802.11i features:

       o WPA-PSK ("WPA-Personal")

       o WPA with EAP (e.g., with RADIUS authentication  server)  ("WPA-Enter-
         prise")  Following authentication methods are supported with an inte-
         grate IEEE 802.1X Supplicant:

         o EAP-TLS

         o EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)

         o EAP-PEAP/TLS (both PEAPv0 and PEAPv1)

         o EAP-PEAP/GTC (both PEAPv0 and PEAPv1)

         o EAP-PEAP/OTP (both PEAPv0 and PEAPv1)

         o EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)

         o EAP-TTLS/EAP-MD5-Challenge

         o EAP-TTLS/EAP-GTC

         o EAP-TTLS/EAP-OTP

         o EAP-TTLS/EAP-MSCHAPv2

         o EAP-TTLS/EAP-TLS

         o EAP-TTLS/MSCHAPv2

         o EAP-TTLS/MSCHAP

         o EAP-TTLS/PAP

         o EAP-TTLS/CHAP

         o EAP-SIM

         o EAP-AKA

         o EAP-PSK


         o EAP-GTC

         o EAP-OTP

       o key management for CCMP, TKIP, WEP104, WEP40

       o RSN/WPA2 (IEEE 802.11i)

         o pre-authentication

         o PMKSA caching

AVAILABLE DRIVERS
       A  summary  of  available driver backends is below. Support for each of
       the driver backends is chosen at wpa_supplicant  compile  time.  For  a
       list  of  supported driver backends that may be used with the -D option
       on your system, refer to the help output of wpa_supplicant (wpa_suppli-
       cant -h).

       hostap (default)  Host  AP  driver  (Intersil Prism2/2.5/3).  (this can
              also be used with Linuxant DriverLoader).

       hermes Agere Systems Inc. driver (Hermes-I/Hermes-II).

       madwifi
              MADWIFI 802.11 support (Atheros, etc.).

       atmel  ATMEL AT76C5XXx (USB, PCMCIA).

       wext   Linux wireless extensions (generic).

       ndiswrapper
              Linux ndiswrapper.

       broadcom
              Broadcom wl.o driver.

       ipw    Intel ipw2100/2200 driver.

       wired  wpa_supplicant wired Ethernet driver

       roboswitch
              wpa_supplicant Broadcom switch driver

       bsd    BSD 802.11 support (Atheros, etc.).

       ndis   Windows NDIS driver.

COMMAND LINE OPTIONS
       Most command line options have global scope. Some are given per  inter-
       face, and are only valid if at least one -i option is specified, other-
       wise they're ignored. Option groups for different  interfaces  must  be
       separated by -N option.

       -i ifname
              Interface to listen on. Multiple instances of this option can be
              present, one per interface, separated by -N option (see below).

       -d     Increase debugging verbosity (-dd even more).

       -D driver
              Driver  to  use  (can  be multiple drivers: nl80211,wext).  (Per
              interface, see the available options below.)

       -f output file
              Log output to specified file instead of stdout.

       -g global ctrl_interface
              Path to global ctrl_interface socket.  If  specified,  interface
              definitions may be omitted.

       -K     Include keys (passwords, etc.) in debug output.

       -t     Include timestamp in debug messages.

       -h     Help.  Show a usage message.

       -L     Show license (GPL and BSD).

       -p     Driver parameters. (Per interface)

       -P PID_file
              Path to PID file.

       -q     Decrease debugging verbosity (-qq even less).

       -u     Enabled  DBus  control  interface. If enabled, interface defini-
              tions may be omitted.

       -v     Show version.

       -W     Wait for a control interface monitor before starting.

       -N     Start describing new interface.

EXAMPLES
       In most common cases, wpa_supplicant is started with:


              wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0

       This makes the process fork into background.

       The easiest way to debug  problems,  and  to  get  debug  log  for  bug
       reports,  is  to  start  wpa_supplicant  on  foreground  with debugging
       enabled:

       ning one process for each interface separately or by running  just  one
       process  and  list  of options at command line. Each interface is sepa-
       rated with -N argument. As an example, following  command  would  start
       wpa_supplicant for two interfaces:


              wpa_supplicant \
                   -c wpa1.conf -i wlan0 -D hostap -N \
                   -c wpa2.conf -i ath0 -D madwifi

OS REQUIREMENTS
       Current hardware/software requirements:

       o Linux  kernel  2.4.x  or  2.6.x with Linux Wireless Extensions v15 or
         newer

       o FreeBSD 6-CURRENT

       o Microsoft Windows with WinPcap (at least WinXP, may work  with  other
         versions)

SUPPORTED DRIVERS
       Host AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)
              (http://hostap.epitest.fi/)  Driver  needs  to be set in Managed
              mode (iwconfig wlan0 mode managed).  Please  note  that  station
              firmware version needs to be 1.7.0 or newer to work in WPA mode.

       Linuxant DriverLoader
              (http://www.linuxant.com/driverloader/) with Windows NDIS driver
              for your wlan card supporting WPA.

       Agere Systems Inc. Linux Driver
              (http://www.agere.com/support/drivers/)  Please  note  that  the
              driver  interface  file  (driver_hermes.c) and hardware specific
              include files are not included in the  wpa_supplicant  distribu-
              tion. You will need to copy these from the source package of the
              Agere driver.

       madwifi driver for cards based on Atheros chip set (ar521x)
              (http://sourceforge.net/projects/madwifi/) Please note that  you
              will  need  to modify the wpa_supplicant .config file to use the
              correct path for the madwifi driver root  directory  (CFLAGS  +=
              -I../madwifi/wpa line in example defconfig).

       ATMEL AT76C5XXx driver for USB and PCMCIA cards
              (http://atmelwlandriver.sourceforge.net/).

       Linux ndiswrapper
              (http://ndiswrapper.sourceforge.net/) with Windows NDIS driver.

       Broadcom wl.o driver
              This  is  a  generic  Linux  driver  for Broadcom IEEE 802.11a/g
              cards.  However, it is proprietary driver that is  not  publicly
              available except for couple of exceptions, mainly Broadcom-based

       Intel ipw2200 driver
              (http://sourceforge.net/projects/ipw2200/)

       Linux wireless extensions
              In  theory,  any  driver that supports Linux wireless extensions
              can be  used  with  IEEE  802.1X  (i.e.,  not  WPA)  when  using
              ap_scan=0 option in configuration file.

       Wired Ethernet drivers
              Use ap_scan=0.

       BSD net80211 layer (e.g., Atheros driver)
              At the moment, this is for FreeBSD 6-CURRENT branch.

       Windows NDIS
              The   current   Windows   port   requires  WinPcap  (http://win-
              pcap.polito.it/).  See README-Windows.txt for more information.

       wpa_supplicant was designed to be portable for  different  drivers  and
       operating systems. Hopefully, support for more wlan cards and OSes will
       be added in the future. See developer.txt for  more  information  about
       the  design  of  wpa_supplicant  and porting to other drivers. One main
       goal is to add full WPA/WPA2 support to Linux  wireless  extensions  to
       allow  new  drivers  to  be  supported  without having to implement new
       driver-specific interface code in wpa_supplicant.

ARCHITECTURE
       The wpa_supplicant system consists of the following components:

       wpa_supplicant.conf
              the configuration file describing all  networks  that  the  user
              wants the computer to connect to.

       wpa_supplicant
              the program that directly interacts with the network interface.

       wpa_cli
              the  client  program that provides a high-level interface to the
              functionality of the daemon.

       wpa_passphrase
              a utility needed to  construct  wpa_supplicant.conf  files  that
              include encrypted passwords.

QUICK START
       First,  make a configuration file, e.g.  /etc/wpa_supplicant.conf, that
       describes  the  networks  you  are  interested  in.   See   wpa_suppli-
       cant.conf(5) for details.

       Once the configuration is ready, you can test whether the configuration
       works by running wpa_supplicant with following command to start  it  on
       foreground with debugging enabled:


       interface to use by including -D<driver name>  option  on  the  command
       line.

INTERFACE TO PCMCIA-CS/CARDMRG
       For  example,  following small changes to pcmcia-cs scripts can be used
       to enable WPA support:

       Add MODE="Managed" and WPA="y"  to  the  network  scheme  in  /etc/pcm-
       cia/wireless.opts.

       Add the following block to the end of start action handler in /etc/pcm-
       cia/wireless:


              if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                  /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
              fi


       Add the following block to the end of stop action handler (may need  to
       be separated from other actions) in /etc/pcmcia/wireless:


              if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                  killall wpa_supplicant
              fi


       This  will  make  cardmgr start wpa_supplicant when the card is plugged
       in.

SEE ALSO
       wpa_background(8) wpa_supplicant.conf(5) wpa_cli(8) wpa_passphrase(8)

LEGAL
       wpa_supplicant is copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>  and
       contributors.  All Rights Reserved.

       This  program  is  dual-licensed  under  both the GPL version 2 and BSD
       license. Either license may be used at your option.



                               07 September 2010             WPA_SUPPLICANT(8)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2017 Hurricane Electric. All Rights Reserved.