Configuring WPA2 using wpa_supplicant on the Raspberry Pi

To use WPA2 pre-shared key on the Raspberry Pi, you will first need to add a network configuration to “/etc/wpa_supplicant/wpa_supplicant.conf”. Note the lack of space in “network={“.

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="Your SSID Here"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="YourPresharedKeyHere"
}

After you have modified wpa_supplicant.conf, you will need to change the “wlan0” section of “/etc/network/interfaces”. For a static IP, it will look like this:

# allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet static
    address 10.1.2.20
    netmask 255.255.255.0
    network 10.1.2.0
    gateway 10.1.2.1

For DHCP, it will look like this:

# allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

After that, you will need to bring up the “wlan0” interface using “ifup”:

# sudo ifup wlan0

You may have to bring the interface down and then back up:

# sudo ifdown wlan0
# sudo ifup wlan0

You may see messages like this:

# sudo ifup wlan0
ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument

While the messages are annoying, the adapter will still connect and transmit and receive data.

You can check your wireless connection using iwconfig:

# iwconfig
lo        no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bg  ESSID:"Your SSID Here"  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency:2.442 GHz  Access Point: NN:NN:NN:NN:NN:NN   
          Bit Rate:54 Mb/s   Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=100/100  Signal level=95/100  Noise level=0/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

eth0      no wireless extensions.

If there are errors in your “/etc/wpa_supplicant/wpa_supplicant.conf” file or you have some other problem, you can start wpa_supplicant manually using the following command:

# sudo /sbin/wpa_supplicant -P /var/run/wpa_supplicant.wlan0.pid -i wlan0 \
-D nl80211,wext -c /etc/wpa_supplicant/wpa_supplicant.conf

The backslash above is used to break the long line into two lines.

Advertisements

12 thoughts on “Configuring WPA2 using wpa_supplicant on the Raspberry Pi

    1. davidmarsh (@davidmarsh)

      Here’s mine if it helps:

      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The wired network interface
      auto eth0
      iface eth0 inet dhcp

      # The wireless network interface
      auto wlan0
      iface wlan0 inet manual
      wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
      iface default inet dhcp

      Reply
  1. Michael

    Thanks for the great post, I got my wifi working! Out of interest, in the interfaces file, why do you set the wlan0 to manual when using DHCP? And what does the “iface default” do, because you set that to DHCP instead of the wireless interface. Thanks again!

    Reply
    1. kerneldriver Post author

      I think the answer to your first question is that “auto” didn’t work.

      I think the answer to your second question is that you can’t use iface with the same interface more than once.

      Read

      # man interfaces

      Then try some experiments. After some trial and error, you should reach the same conclusions I did. If you get a different result, please leave a reply.

      Reply
      1. Michael

        Thanks for the info. I’ve had a look at the interfaces manpage and I can’t see any reference to the ‘default’ interface. After much googling I can’t find any description of what that interface is / does! Can you shed any light on it? Thanks.

      2. kerneldriver Post author

        My guess is that in this case, “default” means the last interface that was specified in an “iface” line.

        But that is a guess. Probably the only way to know for certain is to read the source for upstart.

      3. Richard

        When using wpa-roam, “default” simply refers to how the WiFi should be configured for a particular network defined in your wpa_supplicant config. The network properties can include an ID field (e.g. id_str=”homewifi”). So in the interfaces file you would have “iface homewifi inet dhcp”. If this ID field isn’t present, “default” is used.

      4. C. Holtermann

        in wpa_supplicant.conf different scenarios can be named. Each network setup can contain a line id_str=”network1″. In /etc/network/interfaces you can then refer to that id and make the connection to one network static and to the other dynamic for example. In this case it could be iface network1 inet dhcp
        iface network2 inet static

  2. dlopr

    The “iface default” line is required in a roaming scenario. It is what wpa_action will use to reconfigure your device in a roaming event (i.e. when your wifi card gets connected to a different AP). See “wpa_action” manpage.

    “wpa_action” is called by a daemonized “wpa_cli” that is started when the device is brought up with ifup because of the “wpa-roam” stanza you defined in /etc/network/interfaces. This daemon receives connection events (i.e. CONNECTED/DISCONNECTED) from wpa_supplicant and calls “wpa_action” accordingly. Then “wpa_action” configures the device based on the “id_str” of the network that your card got connected to or “default” if no “id_str” was defined. See “wpa_supplicant”, “wpa_cli”, “wpa_action” manpages and /etc/network/if-pre-up.d/wpasupplicant for more details.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s