Saturday, August 31, 2013

Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA_Supplicant

I found myself configuring a lot of CentOS based devices as nodes for my lab environment. Sometimes it is easier to connect them wirelessly than having a bunch of cables around. Since I use this nodes with CentOS 6.4 minimal install, getting the wireless to be the primary uplink interface requires a series of steps.

First we need to install the wireless tools and other tools that we need for wireless encryption configuration and so on. So, the first step is this:

yum install wireless-tools wpa_supplicant dbus



Once you have those installed in your system, then edit the ifcfg-wlan0 with the correct parameters. There are many parameters that are not needed but I kept them in case I want to use NetworkManager or similar tool in the future. Your wireless NIC configuration should look something like this:

[edited: May 2014]
/etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0
HWADDR=<your-mac-address>
TYPE=Wireless
UUID=<an-optional-uuid>
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
PEERDNS=yes
USERCTL=yes
NETWORKING_IPV6=no
ESSID=<your-ssid>
CHANNEL=<ssid-channel>
MODE=Managed
RATE=Auto

Disable NetworkManager

# chkconfig NetworkManager off

If you don't know the wireless channel for your SSID you can use the iwlist command to scan and find out the channel information.

# iwlist wlan0 scan

Then you have to configure the wpa_supplicant options and devices:

/etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0"
DRIVERS="-Dnl80211"
OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

Notice than I'm using the n180211 driver since the wext is considered legacy.

Now, lets create an entry for our SSID at the wpa_supplicant configuration. If you are using a passphrase you have to write the heximal representation for the configuration. Fortunately there is a tool that helps us with that. The tool generates the basic network configuration so you can append it to the wpa_supplicant.conf file directly.

Format:
# wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant/wpa_supplicant.conf

Using ssid=MyESSID with passphrase=12345678 the command will be:
# wpa_passphrase MyESSID 12345678 >> /etc/wpa_supplicant/wpa_supplicant.conf


For this example I'm using WPA PSK for my local wireless network so I have to add those parameters as well. In this case I'm adding the key_mgmt and scan_ssid statements.

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

network={
        ssid="MyESSID"
  scan_ssid=1
key_mgmt=WPA-PSK
        #psk="12345678"
        psk=843f314c3357dd62e8f1865fa8d6a06918e26c0e7bdc0b4208b49d975333fce
}

Other common configuration options for wpa_supplicat are:

Plain text (no encryption) network
network={
 ssid="MyESSID"
 key_mgmt=NONE
}

Static WEP keys
network={
 ssid="MyESSID"
 key_mgmt=NONE
 wep_key0="abcde"
 wep_key1=0102030405
 wep_tx_keyidx=0
}

IEEE 802.1x with dynamic WEP keys using EAP-PEAP/MSCHAPv2
network={
 ssid="MyESSID"
key_mgmt=IEEE8021X eap=PEAP phase2="auth=MSCHAPV2" identity="user name" password="password" ca_cert="/etc/cert/ca.pem" }

WPA-PSK/TKIP
network={
 ssid="MyESSID"
key_mgmt=WPA-PSK proto=WPA pairwise=TKIP group=TKIP psk="secret passphrase" }

WPA2-EAP/CCMP using EAP-TLS
network={
 ssid="MyESSID"
key_mgmt=WPA-EAP proto=WPA2 pairwise=CCMP group=CCMP eap=TLS ca_cert="/etc/cert/ca.pem" private_key="/etc/cert/user.p12" private_key_passwd="PKCS#12 passhrase" }




Finally, make sure DBUS and WAP Supplicant services are set to start automatically with the system and/or manually start them for a test.

Enabling the services at boot time:

# chkconfig messagebus on
# chkconfig wpa_supplicant on

During the init boot process the network script will be executed before the messagebus and wpa_supplicant scripts so the wlan0 activation will fail. You should add "ifup wlan0" to your rc.local if you want for the wlan0 to be your primary connectivity.

echo "ifup wlan0" >> /etc/rc.local

Testing the configuration:

# service messagebus start
# service wpa_supplicant start
# ifup wlan0

Done. That should do it!

7 comments:

  1. Sorry for my bad english. :)

    1. file: /etc/sysconfig/network-scripts/ifcfg-wlan0
    NM_CONTROLLED=yes - this fatal error! need: NM_CONTROLLED=no
    ESSID= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    CHANNEL= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    MODE=Managed - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    RATE=Auto - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    2. metod:
    echo "ifup wlan0" >> /etc/rc.local
    - is not right!
    success execute internal metod OS! :)

    If exist question or ... please e-mail:
    tvlm00@mail.ru

    ReplyDelete
  2. It throws the error "cannot find the repo:base". Since wireless is not enabled, it cannot dynamically connect to mirrorlist url. Is there any way to download all those mirrorlist .
    Which all files are required?
    Thanks in advance
    Sneha

    ReplyDelete
    Replies
    1. Adding to above:running the basic command "yum install wireless tools" itself throws the above error

      Delete
  3. Good job bro. Centos 6.5
    UUID= Don´t used
    USERCTL=yes >>>> Don´t used
    NM_CONTROLLED=no >>>>>> and >>>> chkconfig NetworkManager on

    That´s it.!!!!

    ReplyDelete
  4. Securing information you transmit while using a wireless device has never been easier. I wish this was not the case but in the real world this happens every day, people go down to their local electronics store, buy a wireless router put the box under their arm and off they go.RouterReset

    ReplyDelete
  5. Which means if you just take it out of the box and use it you could be allowing your neighbor, a person sitting in a vehicle down the road to access your now wireless Internet. www.wolffofcanada.com

    ReplyDelete