| View previous topic :: View next topic |
| Author |
Message |
abduct
Apprentice
Joined: 19 Mar 2015
Posts: 215
|
 Posted: Tue Mar 01, 2016 11:57 pm Post subject: DHCPCD-UI wireless issues |
 |
|
I have DHCPCD-UI installed with +gtk3 and so far it is working fine for hardwired connections with ETH0, which I can connect and modify through the preferences just fine.
Although for wireless I can't seem to connect to any given access points even though they are listed. I think DHCPCD-UI may not be filling out my wpa_supplicant.conf properly causing it to not connect. I've tried running DHCPCD-GTK as root and as my user (my user is added to wheel and dhcpd is properly configured for wheel) and it just doesn't seem to want to go.
This is the wpa_supplicant config DHCPCD-UI is generating.
| Code: | ~ $ cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
update_config=1
network={
ssid="testap1"
psk="XXXXXXXXX"
key_mgmt=WPA-PSK
}
network={
ssid="testap2"
psk="XXXXXXXXXX"
key_mgmt=WPA-PSK
} |
From iwlist wlan0 scan testap1 is listed as channel 1, quality 70/70 TKIP CCMP PSK, and testap2 is channel 11, quality 25/70 TKIP CCMP PSK.
When running DHCPCD-GTK from the command line, it keeps looping searching for APs with the message of "Message: wlan0: Received scan results".
I am not sure what else to check since it absolutely refuses to connect to the AP.
Thanks for any help.
--------------------------------------
Edit:: After reading the wpa_supplicant wiki page it seems the config is done correctly, so I am at a loss. Also is it possible to get DHCPCD-UI to use wpa_passphrase to obfuscate the PSK so it is not in plaintext? |
|
| Back to top |
|
 |
abduct
Apprentice
Joined: 19 Mar 2015
Posts: 215
|
| Posted: Wed Mar 02, 2016 1:25 am Post subject: |
|
|
Fixed the issue, when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).
The only real quesiton left is:
Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext. Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI?
Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored.
Also does DHCPCD-UI come with a CLI tool to aid in connection and setup? I thought I read there was a curses interface (http://roy.marples.name/projects/dhcpcd-ui/index) but I can't seem to find it. |
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Wed Mar 02, 2016 8:20 am Post subject: |
|
|
When you found answers to all your questions, please help improving that wiki article https://wiki.gentoo.org/wiki/Dhcpcd-ui.
I am using dhcpcd-ui with qt4 and it's working fine here. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Wed Mar 02, 2016 10:23 pm Post subject: |
|
|
| abduct wrote: | Fixed the issue, when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).
|
Maybe I can hook into a status wpa_supplicant sends when authentication is invalid.
File a ticket for this please at http://roy.marples.name/projects/dhcpcd-ui/
| Quote: |
The only real quesiton left is:
Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext. |
Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.
| Quote: | | Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI? |
No-one asked for the feature.
File a ticket and time permitting I will implement it.
| Quote: | | Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored. |
Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate.
The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
abduct
Apprentice
Joined: 19 Mar 2015
Posts: 215
|
| Posted: Thu Mar 03, 2016 12:59 am Post subject: |
|
|
| Quote: | Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good. |
That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.
| Quote: | | Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate. |
I should of just tried to enter a blank password to begin with, this works perfectly fine, thanks.
| Quote: | | The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface. |
Is there an ebuild available for the trunk build or do I have to install it manually? Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc? |
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Thu Mar 03, 2016 10:32 am Post subject: |
|
|
| abduct wrote: | | Quote: | Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good. |
That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible. |
What makes you think this is any more secure with wpa_passphrase if they gain access as you say?
They know the SSID and have a key - they can access the network without the psk.
See here: http://superuser.com/questions/679956/wpa-supplicant-passphrase-can-it-be-normal-password
| Quote: | | Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc? |
It only displays data - there is currently no AP management or IP config.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
chiefbag
Guru
Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom
|
| Posted: Thu Mar 03, 2016 11:34 am Post subject: |
|
|
You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg:
| Code: |
ap_scan=1
network={
ssid="testap1"
psk="XXXXXXXXX"
key_mgmt=WPA-PSK
}
|
|
|
| Back to top |
|
|
chiefbag
Guru
Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom
|
| Posted: Thu Mar 03, 2016 11:39 am Post subject: |
|
|
What's the contents of your wpa_supplicant config file?
| Code: | | cat /etc/conf.d/wpa_supplicant |
|
|
| Back to top |
|
|
abduct
Apprentice
Joined: 19 Mar 2015
Posts: 215
|
| Posted: Fri Mar 04, 2016 12:37 am Post subject: |
|
|
| UberLord wrote: | | abduct wrote: | | Quote: | Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good. |
That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible. |
What makes you think this is any more secure with wpa_passphrase if they gain access as you say?
They know the SSID and have a key - they can access the network without the psk.
See here: http://superuser.com/questions/679956/wpa-supplicant-passphrase-can-it-be-normal-password
|
I was thinking more about having the passphrase being known in cases where if a friend practices unsafe password procedures where they reuse passwords an attacker may engage them. Then I guess reversing the hash via bruteforce with adequate hardware would yield the same compromise.
| Quote: | | You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg: |
All the connection issues were resolved, as mentioned in the second post it turned out to be an invalid passphrase that there was no notification for. Only after launching wpa_cli did I see the invalid authentication errors. |
|
| Back to top |
|
|
|
Networking & Security
