Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
DHCPCD-UI wireless issues
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
abduct
Apprentice
Apprentice


Joined: 19 Mar 2015
Posts: 203

PostPosted: Tue Mar 01, 2016 11:57 pm    Post subject: DHCPCD-UI wireless issues Reply with quote

I have DHCPCD-UI installed with +gtk3 and so far it is working fine for hardwired connections with ETH0, which I can connect and modify through the preferences just fine.

Although for wireless I can't seem to connect to any given access points even though they are listed. I think DHCPCD-UI may not be filling out my wpa_supplicant.conf properly causing it to not connect. I've tried running DHCPCD-GTK as root and as my user (my user is added to wheel and dhcpd is properly configured for wheel) and it just doesn't seem to want to go.

This is the wpa_supplicant config DHCPCD-UI is generating.

Code:
~ $ cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
update_config=1

network={
        ssid="testap1"
        psk="XXXXXXXXX"
        key_mgmt=WPA-PSK
}

network={
        ssid="testap2"
        psk="XXXXXXXXXX"
        key_mgmt=WPA-PSK
}


From iwlist wlan0 scan testap1 is listed as channel 1, quality 70/70 TKIP CCMP PSK, and testap2 is channel 11, quality 25/70 TKIP CCMP PSK.

When running DHCPCD-GTK from the command line, it keeps looping searching for APs with the message of "Message: wlan0: Received scan results".

I am not sure what else to check since it absolutely refuses to connect to the AP.

Thanks for any help.

--------------------------------------

Edit:: After reading the wpa_supplicant wiki page it seems the config is done correctly, so I am at a loss. Also is it possible to get DHCPCD-UI to use wpa_passphrase to obfuscate the PSK so it is not in plaintext?
Back to top
View user's profile Send private message
abduct
Apprentice
Apprentice


Joined: 19 Mar 2015
Posts: 203

PostPosted: Wed Mar 02, 2016 1:25 am    Post subject: Reply with quote

Fixed the issue, when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).

The only real quesiton left is:

Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext. Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI?

Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored.

Also does DHCPCD-UI come with a CLI tool to aid in connection and setup? I thought I read there was a curses interface (http://roy.marples.name/projects/dhcpcd-ui/index) but I can't seem to find it.
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2583

PostPosted: Wed Mar 02, 2016 8:20 am    Post subject: Reply with quote

When you found answers to all your questions, please help improving that wiki article https://wiki.gentoo.org/wiki/Dhcpcd-ui.
I am using dhcpcd-ui with qt4 and it's working fine here.
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6737
Location: Blighty

PostPosted: Wed Mar 02, 2016 10:23 pm    Post subject: Reply with quote

abduct wrote:
Fixed the issue, when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).


Maybe I can hook into a status wpa_supplicant sends when authentication is invalid.
File a ticket for this please at http://roy.marples.name/projects/dhcpcd-ui/

Quote:

The only real quesiton left is:

Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext.


Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.

Quote:
Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI?


No-one asked for the feature.
File a ticket and time permitting I will implement it.

Quote:
Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored.


Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate.

Quote:
Also does DHCPCD-UI come with a CLI tool to aid in connection and setup? I thought I read there was a curses interface (http://roy.marples.name/projects/dhcpcd-ui/index) but I can't seem to find it.


The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
abduct
Apprentice
Apprentice


Joined: 19 Mar 2015
Posts: 203

PostPosted: Thu Mar 03, 2016 12:59 am    Post subject: Reply with quote

Quote:
Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.


That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.

Quote:
Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate.


I should of just tried to enter a blank password to begin with, this works perfectly fine, thanks.

Quote:
The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface.


Is there an ebuild available for the trunk build or do I have to install it manually? Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc?
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2583

PostPosted: Thu Mar 03, 2016 7:00 am    Post subject: Reply with quote

abduct wrote:


Is there an ebuild available for the trunk build or do I have to install it manually?

See the 9999 ebuild on https://github.com/tokiclover/bar-overlay/tree/master/net-misc/dhcpcd-ui and https://wiki.gentoo.org/wiki/Dhcpcd-ui#Building_from_source
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6737
Location: Blighty

PostPosted: Thu Mar 03, 2016 10:32 am    Post subject: Reply with quote

abduct wrote:
Quote:
Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.


That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.


What makes you think this is any more secure with wpa_passphrase if they gain access as you say?
They know the SSID and have a key - they can access the network without the psk.
See here: http://superuser.com/questions/679956/wpa-supplicant-passphrase-can-it-be-normal-password

Quote:
Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc?


It only displays data - there is currently no AP management or IP config.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Thu Mar 03, 2016 11:34 am    Post subject: Reply with quote

You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg:

Code:

ap_scan=1

network={
        ssid="testap1"
        psk="XXXXXXXXX"
        key_mgmt=WPA-PSK
}
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Thu Mar 03, 2016 11:39 am    Post subject: Reply with quote

What's the contents of your wpa_supplicant config file?
Code:
cat /etc/conf.d/wpa_supplicant
Back to top
View user's profile Send private message
abduct
Apprentice
Apprentice


Joined: 19 Mar 2015
Posts: 203

PostPosted: Fri Mar 04, 2016 12:37 am    Post subject: Reply with quote

UberLord wrote:
abduct wrote:
Quote:
Why is this a bad thing? Set file permissions so that only root can read the file.
dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.


That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.


What makes you think this is any more secure with wpa_passphrase if they gain access as you say?
They know the SSID and have a key - they can access the network without the psk.
See here: http://superuser.com/questions/679956/wpa-supplicant-passphrase-can-it-be-normal-password


I was thinking more about having the passphrase being known in cases where if a friend practices unsafe password procedures where they reuse passwords an attacker may engage them. Then I guess reversing the hash via bruteforce with adequate hardware would yield the same compromise.

Quote:
You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg:


All the connection issues were resolved, as mentioned in the second post it turned out to be an invalid passphrase that there was no notification for. Only after launching wpa_cli did I see the invalid authentication errors.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum