iwconfig & iwpriv & WEP & WPA1/WPA2

#

#

# Original Version

# ----------------

# wpa_supplicant-0.2.3/wpa_supplicant.conf

#

#

# To Reload Changees

# ------------------

# killall -HUP wpa_supplicant

#

# To Generate the WPA network keys

# --------------------------------

# wpa_passphrase "essid-of-the-ap" "the secret passphrase"

#

# To Install the wpa daemon

# -------------------------

# wpa_supplicant -Bw [ -dd ] -c/etc/wpa_supplicant.conf -iath0

#

# Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'

# Reading configuration file '/etc/wpa_supplicant.conf'

# ctrl_interface='/var/run/wpa_supplicant'

# eapol_version=1

# Daemonize..

#

# Trying to associate with <MAC-Address-of-AccessPoint> /

#  (SSID='Testing-ESSID' freq=2437 MHz)

# WPA key negotiation completed with <MAC-Address-of-AccessPoint>

#

#

# 21-Jun-04 amo Copied from wpa_supplicant-0.2.3/wpa_supplicant.conf

#  ==

#  == comment out the example network blocks ==

#  ==

#

# Empty lines and lines starting with # are ignored

#

# NOTE! This file may contain password information and should probably be made

# readable only by root user on multiuser systems.

# global configuration (shared by all network blocks)

#

# Interface for separate control program. If this is specified, wpa_supplicant

# will create a UNIX domain socket for listening to requests from external

# programs (CLI/GUI, etc.) for status information and configuration. Access

# control for this control interface can be configured by creating the socket

# in a directory that is readable only for desired users.

ctrl_interface=/var/run/wpa_supplicant

# IEEE 802.1X/EAPOL version

# wpa_supplicant was implemented based on IEEE 802-1X-REV-d8 which defines

# EAPOL version 2. However, there are many APs that do not handle the new

# version number correctly (they seem to drop the frames completely). In order

# to make wpa_supplicant interoperate with these APs, the version number is set

# to 1 by default. This configuration value can be used to set it to the new

# version (2).

eapol_version=1

# network block

#

# Each network (usually AP's sharing the same SSID) is configured as a separate

# block in this configuration file. The network blocks are in preference order

# (the first match is used).

#

# network block fields:

#

# ssid: SSID (mandatory); either as an ASCII string with double quotation or

# as hex string; network name

#

# scan_ssid:

# 0 = do not scan this SSID with specific Probe Request frames (default)

# 1 = scan with SSID-specific Probe Request frames (this can be used to

#     find APs that do not accept broadcast SSID or use multiple SSIDs;

#     this will add latency to scanning, so enable this only when needed)

#

# bssid: BSSID (optional); if set, this network block is used only when

# associating with the AP using the configured BSSID

#

# proto: list of accepted protocols

# WPA = WPA/IEEE 802.11i/D3.0

# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)

# If not set, this defaults to: WPA RSN

#

# key_mgmt: list of accepted authenticated key management protocols

# WPA-PSK = WPA pre-shared key (this requires 'psk' field)

# WPA-EAP = WPA using EAP authentication (this can use an external

# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication

# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically

# generated WEP keys

# NONE = WPA is not used; plaintext or static WEP could be used

# If not set, this defaults to: WPA-PSK WPA-EAP

#

# pairwise: list of accepted pairwise (unicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]

# NONE = Use only Group Keys (deprecated, should not be included if APs support

# pairwise keys)

# If not set, this defaults to: CCMP TKIP

#

# group: list of accepted group (broadcast/multicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]

# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key

# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]

# If not set, this defaults to: CCMP TKIP WEP104 WEP40

#

# psk: WPA preshared key; 256-bit pre-shared key

# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,

# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be

# generated using the passphrase and SSID). ASCII passphrase must be between

# 8 and 63 characters (inclusive).

# This field is not needed, if WPA-EAP is used.

# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys

# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant

# startup and reconfiguration time can be optimized by generating the PSK only

# only when the passphrase or SSID has actually changed.

#

# eapol_flags: IEEE 802.1X/EAPOL options (bit field)

# Dynamic WEP key require for non-WPA mode

# bit0 (1): require dynamically generated unicast WEP key

# bit1 (2): require dynamically generated broadcast WEP key

#  (3 = require both keys; default)

#

# Following fields are only used with internal EAP implementation.

# eap: space-separated list of accepted EAP methods

# MD5 = EAP-MD5 (unsecure and does not generate keying material ->

#   cannot be used with WPA)

#       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used

#  as a Phase 2 method with EAP-PEAP)

# TLS = EAP-TLS (client and server certificate)

# PEAP = EAP-PEAP (with tunnelled MSCHAPV2)

# TTLS = EAP-TTLS (with tunnelled EAP-MD5-Challenge)

# If not set, all compiled in methods are allowed.

#

# identity: Identity string for EAP

# anonymous_identity: Anonymous identity string for EAP (to be used as the

# unencrypted identity with EAP types that support different tunnelled

# identity, e.g., EAP-TTLS)

# password: Password string for EAP

# ca_cert: File path to CA certificate file. This file can have one or more

# trusted CA certificates. If ca_cert is not included, server certificate

# will not be verified. This is insecure and the CA file should always be

# configured.

# client_cert: File path to client certificate file

# private_key: File path to client private key file

# private_key_passwd: Password for private key file

# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters

# (string with field-value pairs, e.g., "peapver=0")

# phase2: Phase2 (inner authentication with TLS tunnel) parameters

# (string with field-value pairs, e.g., "auth=MSCHAPV2")

# Following certificate/private key fields are used in inner Phase2

# authentication when using EAP-TTLS or EAP-PEAP.

# ca_cert2: File path to CA certificate file. This file can have one or more

# trusted CA certificates. If ca_cert2 is not included, server

# certificate will not be verified. This is insecure and the CA file

# should always be configured.

# client_cert2: File path to client certificate file

# private_key2: File path to client private key file

# private_key2_passwd: Password for private key file

#

#

# 21-Jun-04 amo Define the WPA network

#

# Get the psk from the following:

#  wpa_passphrase "essid-of-the-ap" "the secret passphrase"

#

#

#

# Only WPA-PSK is used. Any valid cipher combination is accepted.

#

network={

ssid="Testing-ESSID"

#

# if proto is not defined, defaults to: WPA RSN

proto=WPA

#

# if key_mgmt is not defined, defaults to: WPA-PSK WPA-EAP

key_mgmt=WPA-PSK

#

# if pairwise is not defined, defaults to: CCMP TKIP

pairwise=CCMP TKIP

#

# if group is not defined, defaults to: CCMP TKIP WEP104 WEP40

group=CCMP TKIP WEP104 WEP40

#

# if eap is not defined, defaults to: MD5 MSCHAPV2 TLS PEAP TTLS

#

# psk: WPA preshared key - not needed if wpa-eap is used

#psk="my secret pass phrase"

psk=03101c71c6abf8827293f44d7c13883ec83214fab8ab4069eec737508a7c220a

}

#xx

#xx # Example blocks:

#xx

#xx # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers

#xx network={

#xx  ssid="simple"

#xx  psk="very secret passphrase"

#xx }

#xx

#xx # Same as previous, but request SSID-specific scanning (for APs that reject broadcast SSID)

#xx network={

#xx  ssid="second ssid"

#xx  scan_ssid=1

#xx  psk="very secret passphrase"

#xx }

#xx

#xx # Only WPA-PSK is used. Any valid cipher combination is accepted.

#xx network={

#xx  ssid="example"

#xx  proto=WPA

#xx  key_mgmt=WPA-PSK

#xx  pairwise=CCMP TKIP

#xx  group=CCMP TKIP WEP104 WEP40

#xx  psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb

#xx }

#xx

#xx # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104

#xx # or WEP40 as the group cipher will not be accepted.

#xx network={

#xx  ssid="example"

#xx  proto=RSN

#xx  key_mgmt=WPA-EAP

#xx  pairwise=CCMP TKIP

#xx  group=CCMP TKIP

#xx  eap=TLS

#xx  identity="user@example.com"

#xx  password="foobar"

#xx  ca_cert="/etc/cert/ca.pem"

#xx  client_cert="/etc/cert/user.pem"

#xx  private_key="/etc/cert/user.prv"

#xx  private_key_passwd="password"

#xx }

#xx

#xx # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the

#xx # unencrypted use. Real identity is sent only within an encrypted TLS tunnel.

#xx network={

#xx  ssid="example"

#xx  key_mgmt=WPA-EAP

#xx  eap=TTLS

#xx  identity="user@example.com"

#xx  anonymous_identity="anonymous@example.com"

#xx  password="foobar"

#xx  ca_cert="/etc/cert/ca.pem"

#xx }

#xx

#xx # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted

#xx # use. Real identity is sent only within an encrypted TLS tunnel.

#xx network={

#xx  ssid="example"

#xx  key_mgmt=WPA-EAP

#xx  eap=TTLS

#xx  identity="user@example.com"

#xx  anonymous_identity="anonymous@example.com"

#xx  password="foobar"

#xx  ca_cert="/etc/cert/ca.pem"

#xx  phase2="auth=MSCHAPV2"

#xx }

#xx

#xx # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner

#xx # authentication.

#xx network={

#xx  ssid="example"

#xx  key_mgmt=WPA-EAP

#xx  eap=TTLS

#xx  # Phase1 / outer authentication

#xx  anonymous_identity="anonymous@example.com"

#xx  ca_cert="/etc/cert/ca.pem"

#xx  # Phase 2 / inner authentication

#xx  phase2="autheap2=TLS"

#xx  ca_cert2="/etc/cert/ca2.pem"

#xx  client_cert2="/etc/cer/user.pem"

#xx  private_key2="/etc/cer/user.prv"

#xx  private_key2_passwd="password"

#xx }

#xx

#xx # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and

#xx # group cipher.

#xx network={

#xx  ssid="example"

#xx  bssid=00:11:22:33:44:55

#xx  proto=WPA RSN

#xx  key_mgmt=WPA-PSK WPA-EAP

#xx  pairwise=CCMP

#xx  group=CCMP

#xx  psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb

#xx }

#xx

#xx # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP

#xx # and all valid ciphers.

#xx network={

#xx  ssid=00010203

#xx  psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f

#xx }

#xx

#xx

#xx # EAP-SIM with a GSM SIM or USIM

#xx network={

#xx  ssid="eap-sim-test"

#xx  key_mgmt=WPA-EAP

#xx  eap=SIM

#xx  pin="1234"

#xx  pcsc=""

#xx }

#xx

#xx

#xx # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using

#xx # EAP-TLS for authentication and key generation; require both unicast and

#xx # broadcast WEP keys.

#xx network={

#xx  ssid="1x-test"

#xx  key_mgmt=IEEE8021X

#xx  eap=TLS

#xx  identity="user@example.com"

#xx  ca_cert="/etc/cert/ca.pem"

#xx  client_cert="/etc/cert/user.pem"

#xx  private_key="/etc/cert/user.prv"

#xx  private_key_passwd="password"

#xx  eapol_flags=3

#xx }

#xx

#xx

#xx # Plaintext connection (no WPA, no IEEE 802.1X)

#xx network={

#xx  ssid="plaintext-test"

#xx  key_mgmt=NONE

#xx }

#xx

#xx

#xx # Shared WEP key connection (no WPA, no IEEE 802.1X)

#xx network={

#xx  ssid="static-wep-test"

#xx  key_mgmt=NONE

#xx  wep_key0="abcde"

#xx  wep_key1=0102030405

#xx  wep_key2="1234567890123"

#xx  wep_tx_keyidx=0

#xx }

#

# End of file