Thursday, June 30, 2016

How to Connect to Wireless Networks in NetBSD

This How-To was written with NetBSD 7.0 in mind and will only talk about the most common home and small office WiFi setups.

NetBSD use wpa_supplicant(8) to manage wireless network connections and dhcpcd(8) to get an IP from the access point. After the initial setup you can manage your wifi with ease using wpa_cli(8) or net/wpa_gui.

Connecting to WiFi in NetBSD

There's a number of things we have to setup before we can connect to a WiFi network. While this might seem like a lot of steps, it's mostly just housekeeping and initial setup.


Configuring the rc.d system to use dhcpcd and mount /usr before the network is up.

In NetBSD the rc.d System is in charge of starting all the different helping programs (daemons) and configures them during boot. It also has to make sure they start in the right order and that their requirements are meet.

As of NetBSD 7.0 the default configuration for the wpa_supplicant rc.d-script is to use the older dhclient(8), we will need to change a line in /etc/rc.d/wpa_supplicant to make it use dhcpcd instead.

At the start of the file, at line 8, it says:
This needs to be c
hange to:
Not changing this will cause weird IPs to be set or none at all.

By default /usr isn't mounted before the network is configured in NetBSD. Since wpa_supplicant is in /usr/sbin, we need to add /usr to the list of filesystem that need to be mounted, before the rc.d-scripts are executed.

Note: If you have /usr on the same filesystem as /, you can ignore this next step.
The list of these filesystems are described by $critical_filesystems_local in /etc/defaults/rc.conf, which you shouldn't edit! Instead we add the following line to /etc/rc.conf:

critical_filesystems_local=”OPTIONAL:/var OPTIONAL:/usr”

Put this line directly under this comment in /etc/rc.conf:

# Add local overrides below.

(The OPTIONAL: part is telling rc.d to not panic if there’s no entry for /var and /usr in fstab(5), it's optional but doesn't harm anything).

Setting up the daemons in rc.conf

In order to start the required daemons we need to enter a few lines into /etc/rc.conf:

wpa_supplicant_flags="-c/etc/wpa_supplicant.conf -B -iathn0"

The wpa_supplicant_flags tell wpa_supplicant where the configuration file is, to start as a background process and use the interface athn0. While the dhcpcd_flag just to make dhcpcd into a background process directly, instead of after when an IP is acquired.

Writing an initial wpa_supplicant.conf file.

Before wpa_supplicant can run, it needs to know how programs talk to it and which users are allowed to do so. While we are at it, we can also add a network block for a known WiFi network straight away.

Here's a basic /etc/wpa_supplicant.conf:


    ssid="Home WiFi"

This configuration will tell wpa_supplicant to create an interface in /var/run/wpa_supplicant, allow users from the group wheel to talk to it and let wpa_cli and wpa_gui update and save the configuration file.

The example block will work for WPA/WPA2 networks, there are a lot more extensive options described in wpa_supplicant.conf(5). So you're in no way excluded from anything that's not WPA, even despite the name.

Among the entry for "Home WiFi", you can add as many network={} blocks as you'd like. Just remember to use "quotes" around the text.

Note: For WPA/WPA2-PSK connections the pre-shared key can be pre-computed by wpa_passphrase to get a 64 hexadecimal string of the 256-bit SHA1 ssid-salted hash. This way you don't have to store a plain text ASCII password in the configuration file.

Writing ifconfig.if files for the network interfaces

Next we need to create a ifconfig.if(5) file in /etc for each interface. So that he network interfaces are configured automatically at boot (or when /etc/rc.d/network is started).

They only need to contain two lines, one to tell ifconfig to enable the interface, and another to make dhcpcd set the IP. In my cause I need /etc/ifconfig.athn0 and /etc/ifconfig.alc0 with the following two lines in each:

Don't forget to create one for your wired card! Those two lines are all you need in-order for dhcpcd to wake up when you plug in a cable or when a known Access Point is within reach.

Managing connections with wpa_cli

Included with wpa_supplicant is a very powerful command line utility for configuring wpa_supplicant, namely wpa_cli(8). Earlier we told wpa_supplicant that users in the group wheel are allowed to configure it, so those users don't have to use wpa_cli as super-users (this also applies to the fancy net/wpa_gui utility).

$ wpa_cli

From here you can check what's going on by typing in status, you can initiate a scan for access points with scan (this might drop your connection temporary) and see the result of the last scan with scan_results.

After each command wpa_cli will give you an OK or FAIL notification.

Using wpa_cli we can easily setup a connection to a new WiFi network. Let's say we ran scan and found "Other WiFi" among the listed network SSIDs, and for argument sake let's also say they left a Post-It note on the bulletin board with the WiFi password.

> add_network
(in this example it is the second network we add, so it's 1)
> set_network 1 ssid "Other WiFi"
> set_network 1 psk "Secure1235"
> enable_network 1

That's all you need to do and you should now be connected to the new network, assuming it's using WPA/WPA2 authentication. The modes are listed in the scan results and you can consult wpa_supplicant.conf(5) for which parameters that have be set.

If it would have been an Open Network without a password, you would instead of psk tell wpa_supplicant to use no key management protocol at all.

> set_network 1 key_mgmt NONE

If you want to, you can save this to your config with save_config. Notice that saving the configuration from wpa_cli or wpa_gui will remove any comments you left in /etc/wpa_supplicant.conf.

I hope this helped you get WiFi setup, working and allow you to have fun playing with NetBSD!

No comments:

Post a Comment