Baffled by wpa_supplicant config

Message

wrs4 · Post by **wrs4** » Fri Aug 07, 2015 8:18 pm

Really lame subject, I know.

This is my first attempt at using wireless on Linux, albeit not my first Gentoo Rodeo

I have a Sager NP8265-S, with an ath9k-based adaptor:

corran ~ # lspci |grep -i ath
06:00.0 Network controller: Qualcomm Atheros AR9462 Wireless Network Adapter (rev 01)

On the other side of the wireless connection, I have an ancient piece of junk Linksys WAP54G. Supposedly it can do WPA Pre-Shared Key, WPA RADIUS, RADIUS, and WEP (it suddenly occurs to me that psk in the supplicant config might be for pre-shared key).

I have a quick and dirty shell script that I can run to get it on the network:

Code: Select all

iw wlp6s0 set power_save on
ifconfig wlp6s0 up
iw dev wlp6s0 connect -w mywap54g key 0:<redacted>
ifconfig wlp6s0 172.17.1.103 broadcast 172.17.1.255 netmask 255.255.255.0
route add default gw 172.17.1.1

It works every time, assuming I don't have net.wlp6s0 in an OpenRC runlevel.

I have the following in my /etc/conf.d/net:

Code: Select all

modules_wlp6s0="wpa_supplicant"
config_wlp6s0="dhcp"

and in my /etc/wpa_supplicant/wpa_supplicant.conf:

Code: Select all


ctrl_interface=/var/run/wpa_supplicant
update_config=1

# reading passphrase from stdin
network={
        ssid="mywap54g"
        #psk="<redacted key from the wap54g>"
        psk=<redacted key generated by wpa_passphrase>
}

When I start net.wlp6s0 as a service on boot, then run /etc/init.d/net.wlp6s0 status, I get messages that the link isn't active.

Questions:

are my /etc/conf.d/net and /etc/wpa_supplicant/wpa_supplicant.conf configurations sane?
am I sane?
despite my having been through the Gentoo Wifi wiki page and the Gentoo full networking guide, not to mention a couple dozen links off of Google, what am I still missing?
how would I enable the power saving option?

charles17 · Post by **charles17** » Sat Aug 08, 2015 5:06 am

Did you check # ifconfig -a? Also, a look into your dmesg output might be helpful # dmesg | grep -i '06:00.0\|wlp6s0\|network interface'

BTW: As you didn't mention it, there is a wpa_supplicant wiki page.

khayyam · Post by **khayyam** » Sat Aug 08, 2015 8:27 am

wrs4 wrote:On the other side of the wireless connection, I have an ancient piece of junk Linksys WAP54G. Supposedly it can do WPA Pre-Shared Key, WPA RADIUS, RADIUS, and WEP (it suddenly occurs to me that psk in the supplicant config might be for pre-shared key).

wrs4 ... dependent on what version of the WAP54G you have you may be able to install OpenWRT or DD-WRT ... this would provide a much better firmware than the one installed by linksys. Doing so would make it less of an "ancient piece of junk".

wrs4 wrote:I have a quick and dirty shell script that I can run to get it on the network:
Code: Select all
iw wlp6s0 set power_save on
ifconfig wlp6s0 up
iw dev wlp6s0 connect -w mywap54g key 0:<redacted>
ifconfig wlp6s0 172.17.1.103 broadcast 172.17.1.255 netmask 255.255.255.0
route add default gw 172.17.1.1

Which means that you're either connecting using WEP or encryption is disabled (see the section "establishing a basic connection" in the iw documentation). iw doesn't support WPA/RSN, the only method of establishing such a connection is with wpa_supplicant.

wrs4 wrote:When I start net.wlp6s0 as a service on boot, then run /etc/init.d/net.wlp6s0 status, I get messages that the link isn't active.

No, 'status' won't tell you if the link is active or not, only if the service is started, stopped, etc ... 'wpa_cli status' will however provide the status of the connection.

wrs4 wrote:are my /etc/conf.d/net and /etc/wpa_supplicant/wpa_supplicant.conf configurations sane?

There is nothing wrong with them, though I would add the following:

/etc/conf.d/net

Code: Select all

wpa_supplicant_wlan0="-Dnl80211 -qq"

If you wanted to see what your AP is broadcasting it supports (and so the kind of connection/authentication available) you can do the following:

Code: Select all

# awk '{RS="Cell"}/mywap54g/' <(iw dev wlan0 scan)

You'll probably see WEP enabled, and I seem to remember the linksys firmware has WPS enabled (which should be disabled if you don't want someone bruteforcing the PIN ... another reason to install OpenWRT/DD-WRT).

wrs4 wrote:am I sane? :D

That's yet to be decided ;)

wrs4 wrote:despite my having been through the Gentoo Wifi wiki page and the Gentoo full networking guide, not to mention a couple dozen links off of Google, what am I still missing?

Well, at minimum I would disable WEP and WPS on the AP (if possible), wpa_supplicant doesn't need too much configured, it will attempt to use the most secure authentication available.

wrs4 wrote:how would I enable the power saving option?

It should be sufficent to set the following in the kernel ... CONFIG_CFG80211_DEFAULT_PS=y

Note that some cards have issues with powersave and will drop connections if its enabled (causing DISASSOC, REASSOC ... endlessly), ath9k should be fine, but it's worth looking out for ...

Code: Select all

# iw event -f

best ... khay

wrs4 · Post by **wrs4** » Sun Aug 09, 2015 2:55 am

Answers in order (bear in mind that this is with the link enabled via my little shell script; I can't copy+paste output otherwise

):

ifconfig -a:

Code: Select all

corran ~ # ifconfig -a
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 9  bytes 612 (612.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 612 (612.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

sit0: flags=128<NOARP>  mtu 1480
        sit  txqueuelen 0  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.1.103  netmask 255.255.255.0  broadcast 172.17.1.255
        inet6 fe80::8a4c:d856:bc44:9ff7  prefixlen 64  scopeid 0x20<link>
        ether 80:56:f2:ad:91:83  txqueuelen 1000  (Ethernet)
        RX packets 19244  bytes 3446803 (3.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 289  bytes 55494 (54.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

output of dmesg | grep -i '06:00.0\|wlp6s0\|network interface':

Code: Select all

[    0.188610] pci 0000:06:00.0: [168c:0034] type 00 class 0x028000
[    0.188633] pci 0000:06:00.0: reg 0x10: [mem 0xf7800000-0xf787ffff 64bit]
[    0.188683] pci 0000:06:00.0: reg 0x30: [mem 0xf7880000-0xf788ffff pref]
[    0.188750] pci 0000:06:00.0: supports D1 D2
[    0.188751] pci 0000:06:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[    0.188771] pci 0000:06:00.0: System wakeup disabled by ACPI
[    5.089727] ath9k 0000:06:00.0 wlp6s0: renamed from wlan0
[    5.099101] systemd-udevd[2896]: renamed network interface wlan0 to wlp6s0
[    8.425458] IPv6: ADDRCONF(NETDEV_UP): wlp6s0: link is not ready
[   32.563183] wlp6s0: authenticate with 00:0c:41:d7:ef:9f
[   32.576444] wlp6s0: send auth to 00:0c:41:d7:ef:9f (try 1/3)
[   32.578467] wlp6s0: authenticated
[   32.578487] ath9k 0000:06:00.0 wlp6s0: disabling HT/VHT due to WEP/TKIP use
[   32.578489] ath9k 0000:06:00.0 wlp6s0: disabling HT as WMM/QoS is not supported by the AP
[   32.578490] ath9k 0000:06:00.0 wlp6s0: disabling VHT as WMM/QoS is not supported by the AP
[   32.579156] wlp6s0: associate with 00:0c:41:d7:ef:9f (try 1/3)
[   32.581533] wlp6s0: RX AssocResp from 00:0c:41:d7:ef:9f (capab=0x411 status=0 aid=5)
[   32.581612] wlp6s0: associated
[   32.581619] IPv6: ADDRCONF(NETDEV_CHANGE): wlp6s0: link becomes ready

I believe I am connecting via WEP. I know that my q&d shell script that works is not using encrypted mode.

I should probably update my WAP54G firmware:

Firmware: v1.09, Oct 10, 2003

I did have

Code: Select all

wpa_supplicant_wlp6s00="-Dnl80211"

or some variant thereof, but I'll give it another shot.

From awk '{RS="Cell"}/mywap54g/' <(iw dev wlp6s0 scan)

Code: Select all

        TSF: 4231613831790 usec (48d, 23:26:53)
        freq: 2427
        beacon interval: 100 TUs
        capability: ESS Privacy ShortSlotTime (0x0411)
        signal: -58.00 dBm
        last seen: 140 ms ago
        Information elements from Probe Response frame:
        SSID: mywap54g
        Supported rates: 1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0
        DS Parameter set: channel 4
        ERP: <no flags>
        ERP D4.0: <no flags>
        Extended supported rates: 6.0 9.0 12.0 48.0

I don't see a way (short of ddwrt or openwrt) to disable WEP or WPS on this AP. I suppose I could try upgrading the firmware (maybe they still have an update for it all these years later?). I also have a second one of these that has been packed away for something like 8 years (I had the pair in bridged mode once upon a time). If it comes to it, I could track it down and try putting ddwrt or openwrt on one...I just hate to change what was working with my old Windows 7 configuration.

With respect to power saving, CONFIG_CFG80211_DEFAULT_PS is set to "y". Per some document I found somewhere in my wanderings, I updated /etc/modprobe.d/ath9k.conf to have:

Code: Select all

options ath9k ps_enable=1

and my script line of:

Code: Select all

iw wlp6s0 set power_save on

runs without any errors. Prior to my enabling the /etc/modprobe.d/ath9k.conf option (above), that iw command failed, so I think that part works. My question is how to get the functional equivalent of my iw set power_save command via the usual RC and wpa_supplicant mechanisms.

Do you want me to re-enable the RC runlevel and post back the various troubleshooting results?

Roman_Gruber · Post by **Roman_Gruber** » Sun Aug 09, 2015 2:28 pm

as the other guy already said you should use some custom firmware as tomatoe or what they are called these days... my open router was the page afaik ... http://myopenrouter.com/ http://www.polarcloud.com/tomato you need to check waht you have and check out which firmware can be used ... the links are just examples from the past as i bothered to read about that topic years ago

wrs4 · Post by **wrs4** » Mon Aug 10, 2015 1:35 pm

tw04l124 wrote:as the other guy already said you should use some custom firmware as tomatoe or what they are called these days... my open router was the page afaik ... http://myopenrouter.com/ http://www.polarcloud.com/tomato you need to check waht you have and check out which firmware can be used ... the links are just examples from the past as i bothered to read about that topic years ago

I don't think using a firmware for my AP is going to work. The polarcloud Tomato link you referenced is for WRT54Gs (router+AP), where I have just the WAP54G (only AP). Moreover, since I have a version 1.09 WAP54G, it's not going to be supported (to old).

Besides all that.... the existing WAP54G with its default firmware works with my quick and dirty shell script, presumably under WEP, so I don't see why it should be necessary to upgrade the firmware on the AP.

Roman_Gruber · Post by **Roman_Gruber** » Mon Aug 10, 2015 4:23 pm

that was just an example you need to check for custom firmware. most routers have an alternative firmware ...

the provided ones have very often "security holes" ... It also depends on your surroundings, when you can trust your neighbours and bypassers go ahead.