Using wpa_gui

It turns out that wpa_gui not only allows you to select existing networks, but also to scan for and add new networks to your configuration file. In addition, you can run it as yourself, without needing to sudo it. In order to do so, you need to add two lines to /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface_group=netdev
update_config=1

ctrl_interface_group selects a UNIX group that will be given permission to read/write the control socket. I chose netdev because it seems like it’s supposed to be networking-related, and my login user was already in it on my Ubuntu machine.

update_config allows wpa_supplicant to write back to its conf file if instructed to configure new networks by a UI (wpa_cli or wpa_gui). Note that this will squash any comments you have in the file.

wpa_action — a mostly-baked roaming solution

The setup I described in the previous post causes wpa_supplicant to manage associating with access points, while Debian’s ifupdown request DHCP independently. There’s no communication between the layer, so if you switch networks, or associate sometime after we bring up the interface, nothing tells dhclient to request a new lease. It turns out we can turn this picture inside-out, and make wpa_supplicant responsible for bringing up and down a virtual interface, whenever it associates or loses association.

To make this work, we’re going to need to edit /etc/network/interface again. Our wpa_supplicant.conf can stay unchanged; Debian’s wrapper scripts do all the magic. Replace your ath0 block and add a virtual default interface as follows:

iface ath0 inet manual
  wpa-driver wext
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

The way this is going to work is that, whenever wpa_supplicant associates to a network, it will bring up the virtual default interface, causing ifupdown to spawn dhclient and request DHCP. When it loses association, it brings it down, killing the DHCP daemon.

Furthermore, we can associate different virtual interfaces with different networks. Suppose that I usually want DHCP, but at home (essid nelhage) I don’t run a DHCP server, and just want my laptop to always grab 10.0.1.100. I can add an interface to wpa_supplicant.conf:

network={
    ssid="nelhage"
    id_str="nelhage"
    key_mgmt=NONE
}

And then I add a new virtual interface to interfaces, corresponding to the id_str:

iface nelhage inet static
        address 10.0.1.100
        netmask 255.255.255.0
        network 10.0.1.0
        gateway 10.0.1.1

Now, if wpa_supplicant associates to the nelhage network, it will bring up the nelhage interface, binding ath0 to the static configuration there listed.

For documentation, check out the third section of /usr/share/doc/wpasupplicant/README.modes.gz on your Debian or Ubuntu machine.

In conclusion…

This setup actually seems pretty close to the correct design for a roaming wifi architecture, to me. Unfortunately, my experience is that it hasn’t worked well for me; For some reason, when I put it in roaming mode, it fails to associate with networks that it otherwise works fine with. I suspect that this is related to madwifi suckage as much as wpa_supplicant suck, though, so I’d encourage everyone else who’s been fighting with wifi to try it out and report back if it works for them.

Some Background

You probably all know just how much wireless on Linux can be a pain to get working right. Getting drivers and so forth working is usually fine these days, especially if you’re using Ubuntu, but managing connecting to multiple networks and dealing with WPA and WEP is a serious pain in the ass. Debian’s solution the ifupdown infrastructure lets you specify a single network or any, and doesn’t have an answer for encryption, as far as I can tell. Ubuntu (and Fedora)’s NetworkManager works great when it works, but it wants to own your entire networking stack, isn’t very transparent or debuggable when networking isn’t working, and the only interface is a dock applet, which is problematic for my minimalist XMonad-based desktop.

Enter wpa_supplicant

Despite its name, wpa_supplicant isn’t just about WPA. It’s actually a general management system for your wireless in disguise. You give it a config file of networks you want to connect to if they’re available, optionally with priorities, and settings about the kind of encryption and a password or key if needed. You then tell it “go”, and it will go scan for networks and connect to the appropriate ones as needed. If you need to override it, there’s a command line client (wpa_cli) to connect to the running ndaemon and tell it connect to a specific network or AP (I think — I haven’t actually had occasion to use it much at all)

My configuration

I have an Atheros wifi card, so my wifi device is ath0. Adjust this as appropriate (it’ll probably be eth1 with most other drivers)

First, install the necessary packages:

$ sudo apt-get install wpasupplicant

Then set up your configuration:

• /etc/network/interfaces — We’re still going to use ifupdown to manage getting DHCP, but just not for wireless. So add a stanza to interfaces that looks something like:

  auto ath0
  iface ath0 inet dhcp
  wpa-driver wext
  wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
  

• /etc/wpa_supplicant/wpa_supplicant.conf — This is the file where you’re going to specify what networks you want to connect to. /usr/share/doc/wpasupplicant/examples/ can explain the full range of options better than I can, but there are some examples below. For now, you can just put a

  ctrl_interface=/var/run/wpa_supplicant
  

at the start of the file.

Now, configure your networks in wpa_supplicant.conf. Some examples:

• MIT’s network — open, no encryption

  network={
      ssid="MIT"
      key_mgmt=NONE
  }
  

• WEP, hex key

  network={
      ssid="langtonlabs"
      key_mgmt=NONE
      wep_key0=deadbeef
  }
  

• WPA1, password

  network={
      ssid="wireless-is-a-lie"
      psk="passw0rd"
  }
  

Now if you bring up the interface with ifup ath0, wpa_supplicant will start scanning for networks and associate as needed. The crappy thing about this solution is that there’s no communication between wpa_supplicant and dhclient, so you won’t automatically try to get a new lease if you switch networks. I solve this with a ifup --force ath0 when I move my laptop between access points. I don’t do this too often without suspending, though, so it’s not a huge deal. Browsing documentation points me at something called wpa_action that’s supposed to fix this… If I figure it out I’ll post again.

This works quite well for me, better than any other solution I’ve found for moving my laptop between multiple access points, and handles WEP, WPA, and WPA2 just fine. Hopefully it’ll be helpful for someone else.