Wireless WPA/WPA2/IEEE802.1X supplicant
NOTE: WPA/Personal support has been integrated into OpenSolaris build 64, please refer wpad(1M), dladm(1M) for more details.
This tool is based on the Linux WPA/WPA2/IEEE 802.1X Supplicant project and Sun elected to provide it under the BSD license.
The wpa_supplicant is the IEEE 802.1X/WPA component that is used on wireless clients and implements key negotiation with WPA Authenticator, controls roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is a daemon that runs in the background and acts as backend component controlling wireless connections.
Supported WPA/IEEE 802.11i features:
- WPA-PSK ("WPA-Personal")
- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
- Key management for CCMP, TKIP, WEP104, WEP40
- WPA and full IEEE 802.11i/RSN/WPA2
- RSN: PMKSA caching, pre-authentication
Supported EAP methods (IEEE 802.1X Supplicant)
- EAP-TLS
Downloads
- wpa_supplicant v0.1 daemon package
- ath-0.5 driver package
- wificonfig-0.3 utility package
- wpa_supplicant source code
- ath-0.4 driver source code
Note that these binary packages only works before OpenSolaris build 64, after that, you should download source code, and build in lastest workspace.
Installation
Download pre-compiled wpa_supplicant package and install it
# wget http://www.opensolaris.org/os/community/laptop/downloads/wpa-0.1-pkg.tar.gz
# gzip -dc wpa-0.1-pkg.tar.gz | tar xvf -
# cd wpa-0.1; pkgadd -d . SUNWwupu
Download pre-compiled ath-0.4 driver package and install it
# wget http://www.opensolaris.org/os/community/laptop/downloads/ath-0.4-pkg.tar.gz
# gzip -dc ath-0.4-pkg.tar.gz | tar xvf -
# cd ath-0.4; pkgadd -d . SUNWatheros
Download pre-compiled wificonfig-0.3 utility package and install it
# wget http://www.opensolaris.org/os/community/laptop/downloads/wificonfig-0.3-pkg.tar.gz
# gzip -dc wificonfig-0.3-pkg.tar.gz | tar xvf -
# cd wificonfig-0.3; pkgadd -d . SUNwlanu
Note that Solaris Express already contains SUNWatheros (v0.1) and
SUNWwlanu (0.1) packages, so you need to manually remove them first using
pkgrm(1M).
Configuration
The wpa_supplicant daemon runs in the background, and wificonfig can
be used to connect to access points with WPA similarly to how it is done
for WEP.
Step 1. Start wpa_supplicant daemon:
# wpa~_supplicant -i ath0
To see debugging information, wpa_supplicant can be started as a frontend
program:
# wpa~_supplicant -i ath0 -F -dd
Step 2. Use wificonfig to create new profile. Note that configuration
parameters are case sensitive. For WPA-PSK mode:
# wificonfig createprofile home essid=dlink psk=whatever
Additional parameters can be specified (e.g., "proto=WPA key_mgmt=WPA-PSK pairwise=TKIP"), but they're not required.
For EAP-TLS mode:
# wificonfig createprofile office essid=linksys key~_mgmt=WPA-EAP eap=TLS identity=user@sun.com ca~_cert=/etc/inet/WPA/cacert.pem client~_cert=/etc/inet/WPA/client~_cert.pem private~_key=/etc/inet/WPA/client~_key.pem private~_key~_passwd=whatever
Step 3. Connect to your profile.
# ifconfig ath0 plumb
# wificonfig -i ath0 connect home
You might want to check the status of the wireless link:
# wificonfig -i ath0 showstatus
Link status property should say "connected". If not, try using the -dd option
for wpa_supplicant to get additional debugging information.
Step 4. Start DHCP client:
# ifconfig ath0 dhcp
Step 5. You can connect to another AP at any time using wificonfig:
# wificonfig -i ath0 disconnect
# wificonfig -i ath0 connect office
FAQ
1) I can connect to my access point successfully, but I can't get an IP
address through DHCP.
Due to certain export control restrictions, stardard Solaris encryption kit only supports 128 bit RC4, so you might need to download and install new SUNWcry package.
2) wpa_supplicant fails to start with error message °ld.so.1: wpa_supplicant: fatal : libssl.so.0.9.7: open failed: No such file or directory".
Make sure that openssl 0.9.7 or higher is installed on your system. You can
use the following command to determine your openssl version:
# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004
3) wpa_supplicant exits with "Failed to enable WPA in the driver error.
Make sure your wireless driver supports WPA. Currently, only Atheros
driver v0.4 or higher version supports WPA. Other drivers with WPA support have not yet been released.
4) EAP-TLS doesn't work.
The EAP-TLS mode needs a Radius Server, such as Freeradius. Please contact
your network administrator to make sure your Radius Server and your AP are configured correctly and you have a certificate for your machine.
5) Why doesn't CCMP encryption work?
The wpa_supplicant deamon supports both TKIP and CCMP, but Atheros wireless driver v0.4 does not yet support CCMP encryption.
Notes
This is work in progress. Please send your questions and comments to laptop-discuss@opensolaris.org mailing list.