Saturday, August 31, 2013

Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA_Supplicant

I found myself configuring a lot of CentOS based devices as nodes for my lab environment. Sometimes it is easier to connect them wirelessly than having a bunch of cables around. Since I use this nodes with CentOS 6.4 minimal install, getting the wireless to be the primary uplink interface requires a series of steps.

First we need to install the wireless tools and other tools that we need for wireless encryption configuration and so on. So, the first step is this:

yum install wireless-tools wpa_supplicant dbus



Once you have those installed in your system, then edit the ifcfg-wlan0 with the correct parameters. There are many parameters that are not needed but I kept them in case I want to use NetworkManager or similar tool in the future. Your wireless NIC configuration should look something like this:

[edited: May 2014]
/etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0
HWADDR=<your-mac-address>
TYPE=Wireless
UUID=<an-optional-uuid>
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
PEERDNS=yes
USERCTL=yes
NETWORKING_IPV6=no
ESSID=<your-ssid>
CHANNEL=<ssid-channel>
MODE=Managed
RATE=Auto

Disable NetworkManager

# chkconfig NetworkManager off

If you don't know the wireless channel for your SSID you can use the iwlist command to scan and find out the channel information.

# iwlist wlan0 scan

Then you have to configure the wpa_supplicant options and devices:

/etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0"
DRIVERS="-Dnl80211"
OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

Notice than I'm using the n180211 driver since the wext is considered legacy.

Now, lets create an entry for our SSID at the wpa_supplicant configuration. If you are using a passphrase you have to write the heximal representation for the configuration. Fortunately there is a tool that helps us with that. The tool generates the basic network configuration so you can append it to the wpa_supplicant.conf file directly.

Format:
# wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant/wpa_supplicant.conf

Using ssid=MyESSID with passphrase=12345678 the command will be:
# wpa_passphrase MyESSID 12345678 >> /etc/wpa_supplicant/wpa_supplicant.conf


For this example I'm using WPA PSK for my local wireless network so I have to add those parameters as well. In this case I'm adding the key_mgmt and scan_ssid statements.

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

network={
        ssid="MyESSID"
  scan_ssid=1
key_mgmt=WPA-PSK
        #psk="12345678"
        psk=843f314c3357dd62e8f1865fa8d6a06918e26c0e7bdc0b4208b49d975333fce
}

Other common configuration options for wpa_supplicat are:

Plain text (no encryption) network
network={
 ssid="MyESSID"
 key_mgmt=NONE
}

Static WEP keys
network={
 ssid="MyESSID"
 key_mgmt=NONE
 wep_key0="abcde"
 wep_key1=0102030405
 wep_tx_keyidx=0
}

IEEE 802.1x with dynamic WEP keys using EAP-PEAP/MSCHAPv2
network={
 ssid="MyESSID"
key_mgmt=IEEE8021X eap=PEAP phase2="auth=MSCHAPV2" identity="user name" password="password" ca_cert="/etc/cert/ca.pem" }

WPA-PSK/TKIP
network={
 ssid="MyESSID"
key_mgmt=WPA-PSK proto=WPA pairwise=TKIP group=TKIP psk="secret passphrase" }

WPA2-EAP/CCMP using EAP-TLS
network={
 ssid="MyESSID"
key_mgmt=WPA-EAP proto=WPA2 pairwise=CCMP group=CCMP eap=TLS ca_cert="/etc/cert/ca.pem" private_key="/etc/cert/user.p12" private_key_passwd="PKCS#12 passhrase" }




Finally, make sure DBUS and WAP Supplicant services are set to start automatically with the system and/or manually start them for a test.

Enabling the services at boot time:

# chkconfig messagebus on
# chkconfig wpa_supplicant on

During the init boot process the network script will be executed before the messagebus and wpa_supplicant scripts so the wlan0 activation will fail. You should add "ifup wlan0" to your rc.local if you want for the wlan0 to be your primary connectivity.

echo "ifup wlan0" >> /etc/rc.local

Testing the configuration:

# service messagebus start
# service wpa_supplicant start
# ifup wlan0

Done. That should do it!

6 comments:

  1. Sorry for my bad english. :)

    1. file: /etc/sysconfig/network-scripts/ifcfg-wlan0
    NM_CONTROLLED=yes - this fatal error! need: NM_CONTROLLED=no
    ESSID= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    CHANNEL= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    MODE=Managed - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    RATE=Auto - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    2. metod:
    echo "ifup wlan0" >> /etc/rc.local
    - is not right!
    success execute internal metod OS! :)

    If exist question or ... please e-mail:
    tvlm00@mail.ru

    ReplyDelete
  2. It throws the error "cannot find the repo:base". Since wireless is not enabled, it cannot dynamically connect to mirrorlist url. Is there any way to download all those mirrorlist .
    Which all files are required?
    Thanks in advance
    Sneha

    ReplyDelete
    Replies
    1. Adding to above:running the basic command "yum install wireless tools" itself throws the above error

      Delete
  3. Good job bro. Centos 6.5
    UUID= Don´t used
    USERCTL=yes >>>> Don´t used
    NM_CONTROLLED=no >>>>>> and >>>> chkconfig NetworkManager on

    That´s it.!!!!

    ReplyDelete
  4. Securing information you transmit while using a wireless device has never been easier. I wish this was not the case but in the real world this happens every day, people go down to their local electronics store, buy a wireless router put the box under their arm and off they go.RouterReset

    ReplyDelete