NetWorld Tips from William Caban: Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA

Saturday, August 31, 2013

Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA_Supplicant

I found myself configuring a lot of CentOS based devices as nodes for my lab environment. Sometimes it is easier to connect them wirelessly than having a bunch of cables around. Since I use this nodes with CentOS 6.4 minimal install, getting the wireless to be the primary uplink interface requires a series of steps.

First we need to install the wireless tools and other tools that we need for wireless encryption configuration and so on. So, the first step is this:

yum install wireless-tools wpa_supplicant dbus

Once you have those installed in your system, then edit the ifcfg-wlan0 with the correct parameters. There are many parameters that are not needed but I kept them in case I want to use NetworkManager or similar tool in the future. Your wireless NIC configuration should look something like this:

[edited: May 2014]

/etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0

HWADDR=<your-mac-address>

TYPE=Wireless

UUID=<an-optional-uuid>

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=dhcp

PEERDNS=yes

USERCTL=yes

NETWORKING_IPV6=no

ESSID=<your-ssid>

CHANNEL=<ssid-channel>

MODE=Managed

RATE=Auto

Disable NetworkManager

# chkconfig NetworkManager off

If you don't know the wireless channel for your SSID you can use the iwlist command to scan and find out the channel information.

# iwlist wlan0 scan

Then you have to configure the wpa_supplicant options and devices:

/etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0"

DRIVERS="-Dnl80211"

OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

Notice than I'm using the n180211 driver since the wext is considered legacy.

Now, lets create an entry for our SSID at the wpa_supplicant configuration. If you are using a passphrase you have to write the heximal representation for the configuration. Fortunately there is a tool that helps us with that. The tool generates the basic network configuration so you can append it to the wpa_supplicant.conf file directly.

Format:

# wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant/wpa_supplicant.conf

Using ssid=MyESSID with passphrase=12345678 the command will be:

# wpa_passphrase MyESSID 12345678 >> /etc/wpa_supplicant/wpa_supplicant.conf

For this example I'm using WPA PSK for my local wireless network so I have to add those parameters as well. In this case I'm adding the key_mgmt and scan_ssid statements.

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="MyESSID"

scan_ssid=1

key_mgmt=WPA-PSK

#psk="12345678"

psk=843f314c3357dd62e8f1865fa8d6a06918e26c0e7bdc0b4208b49d975333fce

}

Other common configuration options for wpa_supplicat are:

Plain text (no encryption) network

network={

 ssid="MyESSID"
 key_mgmt=NONE
}

Static WEP keys

network={

 ssid="MyESSID"
 key_mgmt=NONE
 wep_key0="abcde"
 wep_key1=0102030405
 wep_tx_keyidx=0
}

IEEE 802.1x with dynamic WEP keys using EAP-PEAP/MSCHAPv2

network={

 ssid="MyESSID"

 key_mgmt=IEEE8021X
 eap=PEAP
 phase2="auth=MSCHAPV2"
 identity="user name"
 password="password"
 ca_cert="/etc/cert/ca.pem"
}

WPA-PSK/TKIP


network={

 ssid="MyESSID"
 key_mgmt=WPA-PSK
 proto=WPA
 pairwise=TKIP
 group=TKIP
 psk="secret passphrase"
}

WPA2-EAP/CCMP using EAP-TLS


network={

 ssid="MyESSID"
 key_mgmt=WPA-EAP
 proto=WPA2
 pairwise=CCMP
 group=CCMP
 eap=TLS
 ca_cert="/etc/cert/ca.pem"
 private_key="/etc/cert/user.p12"
 private_key_passwd="PKCS#12 passhrase"
}

For detailed explanations on wpa supplicant options visit:
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

and

http://hostap.epitest.fi/wpa_supplicant/

Finally, make sure DBUS and WAP Supplicant services are set to start automatically with the system and/or manually start them for a test.

Enabling the services at boot time:

# chkconfig messagebus on

# chkconfig wpa_supplicant on

During the init boot process the network script will be executed before the messagebus and wpa_supplicant scripts so the wlan0 activation will fail. You should add "ifup wlan0" to your rc.local if you want for the wlan0 to be your primary connectivity.

echo "ifup wlan0" >> /etc/rc.local

Testing the configuration:

# service messagebus start

# service wpa_supplicant start

# ifup wlan0

Done. That should do it!