Getting WPA working under Network Manager and RT73 [solved]
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
Some nice to have feature in the future would be:
1. The ability to get a list of scan address in the area and then selected it and let it generate a profile (automatically use open, WEP, or WPA). Right now, that feature doesn't work all that well.
2. Allow you to build a priority list, so that if a particular ssid appear, we'll attach to that first. Suppose you come home to your house and turn on your computer, and you are surrounded by your neighbor's signal, you should be able to connect to yours first.
1. The ability to get a list of scan address in the area and then selected it and let it generate a profile (automatically use open, WEP, or WPA). Right now, that feature doesn't work all that well.
2. Allow you to build a priority list, so that if a particular ssid appear, we'll attach to that first. Suppose you come home to your house and turn on your computer, and you are surrounded by your neighbor's signal, you should be able to connect to yours first.
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
Dougal, I just noticed that you modified the net-setup.sh script. That's good, but it links to wag-profiles.sh, which is the script that Paul and I have been working on. Could you give this script the gtkdialog3 treatment as well?
And the net-setup.sh script also links to ndiswrapperGUI.sh ... but this uses Xdialog. Can this be changed easily?
And the net-setup.sh script also links to ndiswrapperGUI.sh ... but this uses Xdialog. Can this be changed easily?
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
PaulBx1 asked about WPA2 on the Developer Forum. wpa_supplicant has always supported WPA2, but the Wizard does not (currently) accommodate this mode. In fact wpa_supplicant supports many variations of WPA encryption, but rarsa originally wrote the Wizard to set up only the most common and basic form of WPA encryption: WPA-PSK/TKIP.
To set up any of the other forms of WPA encryption it's necessary to put the correct information into the configuration file, /etc/wpa_supplicant.conf
The latest dotpet version of wpa_supplicant, available here -
http://www.murga-linux.com/puppy/viewto ... 186#121186
includes /etc/wpa_supplicant.conf-examples which will show you many different configurations.
I don't have experience with any of these other configurations, but from reading the documentation I think the only thing in the current /etc/wpa_supplicant.conf which needs to be changed for WPA2 is -
proto=RSN
Though, depending on the settings of the particular wifi router, there are 2 other settings which might need to be changed -
pairwise=CCMP
group=CCMP
To set up any of the other forms of WPA encryption it's necessary to put the correct information into the configuration file, /etc/wpa_supplicant.conf
The latest dotpet version of wpa_supplicant, available here -
http://www.murga-linux.com/puppy/viewto ... 186#121186
includes /etc/wpa_supplicant.conf-examples which will show you many different configurations.
I don't have experience with any of these other configurations, but from reading the documentation I think the only thing in the current /etc/wpa_supplicant.conf which needs to be changed for WPA2 is -
proto=RSN
Though, depending on the settings of the particular wifi router, there are 2 other settings which might need to be changed -
pairwise=CCMP
group=CCMP
tempestuous, I was looking at this example file:
http://tinyurl.com/2qe9w7
I agree with the three selections you have found. However it is interesting that if proto is simply not set, it defaults to "WPA RSN"; if pairwise is not set it defaults to "CCMP TKIP"; if group is not set it defaults to "CCMP TKIP WEP104 WEP40". From what little I know, I don't think we should take these defaults. Instead, in the wizard we should do the following in the current WPA code:
1) Change all references on buttons and such from "WPA" to "WPA/WPA2"
2) Set proto to "RSN WPA"
3) Set pairwise to "CCMP TKIP"
4) Set group to "CCMP TKIP"
The idea here is to use the ability to chose the best possible parameter in each case (the first match from left to right is the one selected), when WPA/WPA2 is selected.
Hmmm, now that I think of it, maybe this won't work. When setting APs for example, you may only be able to enter one thing, not two or more. Depends on the software... And there is the added difficulty in documenting what is going on with these settings. So instead we should have a whole new option (other than WEP and WPA): WPA2. It should have proto=RSN, pairwise=CCMP and group=CCMP just as you said.
I was going to try fiddling with a copy of the wizard to do this, but the code there is greek to me.
http://tinyurl.com/2qe9w7
I agree with the three selections you have found. However it is interesting that if proto is simply not set, it defaults to "WPA RSN"; if pairwise is not set it defaults to "CCMP TKIP"; if group is not set it defaults to "CCMP TKIP WEP104 WEP40". From what little I know, I don't think we should take these defaults. Instead, in the wizard we should do the following in the current WPA code:
1) Change all references on buttons and such from "WPA" to "WPA/WPA2"
2) Set proto to "RSN WPA"
3) Set pairwise to "CCMP TKIP"
4) Set group to "CCMP TKIP"
The idea here is to use the ability to chose the best possible parameter in each case (the first match from left to right is the one selected), when WPA/WPA2 is selected.
Hmmm, now that I think of it, maybe this won't work. When setting APs for example, you may only be able to enter one thing, not two or more. Depends on the software... And there is the added difficulty in documenting what is going on with these settings. So instead we should have a whole new option (other than WEP and WPA): WPA2. It should have proto=RSN, pairwise=CCMP and group=CCMP just as you said.
I was going to try fiddling with a copy of the wizard to do this, but the code there is greek to me.
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
PaulBx1, your suggestions are good. According to the documentation multiple parameters can be specified, but I would reverse the parameters you suggested, because we need to ensure that the most basic setup is the default, so -
proto=WPA RSN
pairwise=TKIP CCMP
group=TKIP CCMP
Dougal is currently revising the Network Wizard, but we can't just add configuration changes until such changes have been tested.
Can you modify your /etc/wpa_supplicant.conf with these settings and test with a WPA2 router?
proto=WPA RSN
pairwise=TKIP CCMP
group=TKIP CCMP
Dougal is currently revising the Network Wizard, but we can't just add configuration changes until such changes have been tested.
Can you modify your /etc/wpa_supplicant.conf with these settings and test with a WPA2 router?
Ah, I get your point: let the router setting control what is used, and older routers will know WPA but maybe get confused with WPA2 being tried on them. So we can have the wizard tell the user something like, "Set your AP or router to use either WPA2 (preferred) or WPA protocol, with CCMP (preferred) or TKIP encryption. Only TKIP is supported in WPA protocol." Or something to that effect.
I do have a WPA2 router; I will try it today. All 3 legal combinations (WPA2/CCMP, WPA2/TKIP, WPA/TKIP).
One other recommendation; apparently WPA2 is an alias for RSN in wpa-supplicant.conf. Let's use WPA2 as it is clearer. I will try that too.
Can I do this with standard Puppy 2.16.1 wpa_supplicant?
I do have a WPA2 router; I will try it today. All 3 legal combinations (WPA2/CCMP, WPA2/TKIP, WPA/TKIP).
One other recommendation; apparently WPA2 is an alias for RSN in wpa-supplicant.conf. Let's use WPA2 as it is clearer. I will try that too.
Can I do this with standard Puppy 2.16.1 wpa_supplicant?
OK, with standard Puppy 2.16.1 I modified /etc/wpa_supplicant.conf to have this:
The linksys router I changed to WPA2 using what they call "AES" (my choices being limited to "AES" or "TKIP+AES"). Works fine! 
I'm again thinking CCMP should be first in the list, because if someone with a linksys router selects "TKIP+AES" he is going to end up with the inferior TKIP encryption (if TKIP is placed first in the list). Other routers also probably give this same choice. Note: since the default for pairwise is "CCMP TKIP", it's likely all routers will be able to handle it properly even if they are WPA only.
I did try putting WPA2 before WPA and CCMP before TKIP, leaving the router as it was, and that worked fine too.
I think the wizard should tell the user this: "Set your AP or router to use either WPA2 (preferred) or WPA protocol, with CCMP (preferred) or TKIP cyphers. Note, only TKIP is supported in WPA protocol. Some routers refer to CCMP as AES."
Code: Select all
proto=WPA WPA2
key_mgmt=WPA-PSK
pairwise=TKIP CCMP
group=TKIP CCMPI'm again thinking CCMP should be first in the list, because if someone with a linksys router selects "TKIP+AES" he is going to end up with the inferior TKIP encryption (if TKIP is placed first in the list). Other routers also probably give this same choice. Note: since the default for pairwise is "CCMP TKIP", it's likely all routers will be able to handle it properly even if they are WPA only.
I did try putting WPA2 before WPA and CCMP before TKIP, leaving the router as it was, and that worked fine too.
I think the wizard should tell the user this: "Set your AP or router to use either WPA2 (preferred) or WPA protocol, with CCMP (preferred) or TKIP cyphers. Note, only TKIP is supported in WPA protocol. Some routers refer to CCMP as AES."
Woops, never mind! 
I set the router to WPA using TKIP. Guess what, when set up for WPA2 it can handle a list of protocols and cyphers, but set up for WPA it gets really dumb! It couldn't connect whether I put WPA2 and CCMP first, or WPA and TKIP first. It only connects when I only have WPA and TKIP in the list, period.
So that's telling me, we can forget the list. We need to have separate buttons, one for setting up WPA and the other for setting up WPA2.
I set the router to WPA using TKIP. Guess what, when set up for WPA2 it can handle a list of protocols and cyphers, but set up for WPA it gets really dumb! It couldn't connect whether I put WPA2 and CCMP first, or WPA and TKIP first. It only connects when I only have WPA and TKIP in the list, period.
So that's telling me, we can forget the list. We need to have separate buttons, one for setting up WPA and the other for setting up WPA2.
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
PaulBx1, thanks for testing. Your results are interesting, and very useful.
Dougal is keeping an eye on this information, while still working on a much-improved Network Wizard.
To configure a wireless router, users should read the manual! But I guess this basic information could go into the HTML help file.
Dougal is keeping an eye on this information, while still working on a much-improved Network Wizard.
Please no! We're trying to keep the text in the Wizard to a minimum. The Network Wizard should deal with CLIENT network configuration, not SERVER issues.PaulBx1 wrote:I think the wizard should tell the user this: "Set your AP or router to use either WPA2 (preferred) or WPA protocol, with CCMP (preferred) or TKIP cyphers. Note, only TKIP is supported in WPA protocol. Some routers refer to CCMP as AES."
To configure a wireless router, users should read the manual! But I guess this basic information could go into the HTML help file.
Yes, the Wizard should lay out all encryption choices in the same block: None / WEP / WPA / WPA2PaulBx1 wrote:We need to have separate buttons, one for setting up WPA and the other for setting up WPA2.
Thanks, I didn't know that.PaulBx1 wrote:Only TKIP is supported in WPA protocol.
Well this only makes a difference to people who manually modify the wpa_supplicant.conf file. For the average user who only uses the Wizard, they will only see the "WPA2" button, and not the contents of wpa_supplicant.conf.PaulBx1 wrote:apparently WPA2 is an alias for RSN in wpa-supplicant.conf. Let's use WPA2 as it is clearer.