====== Advanced WPA configuration on the default Xandros (without needing ndiswrapper) ====== This page is intended to help users using the default Xandros distribution, connect to secure wireless networks that utilize a protocols that are not supported by the drivers and wpa_supplicant that is included in the default Xandros distribution. These include WPA-EAP (Enterprise), and others. WPA-PSK has been found to work with the default drivers, but this implementation has been found to also work after following these instructions. **The driver upgrade in these instructions seem to work well for the EeePC 701. There are known changes to these instructions that need to be followed for other versions (1000). Hopefully, these differences will be made to this wiki page soon.** **For the eeepc 901, just Follow two steps of this tutorial: Create a wpa_supplicant.conf_MINE for your secure network. and Create a New Network Configuration ** Much of what is here, is taken from this forum thread: [[http://forum.eeeuser.com/viewtopic.php?id=1844]] All commands are executed in an xterm command line. Open an xterm in "Easy Mode" with Ctrl-Alt-T. ===== Download the wpa_supplicant from a Debian repository ===== First, it's a good idea to save the wpa_supplicant binaries that were included in the default installation. tar jcf /home/user/old_wpa_supplicant.tar.bz /usr/sbin/wpa_supplicant /usr/sbin/wpa_cli Then remove them. sudo rm -v /usr/sbin/wpa_supplicant /usr/sbin/wpa_cli Now download and install the Debian wpasupplicant. This may be accomplished by using apt-get (if you have previously set up your repo's from:[[http://wiki.eeeuser.com/addingxandrosrepos]]): sudo apt-get install wpasupplicant Or, downloading the package and installing it by hand: * Package location [[http://packages.debian.org/etch/i386/wpasupplicant/download]] * Install the new package, by executing this command: sudo dpkg -i /wpasupplicant_0.5.5-2_i386.deb ===== Install new madwifi drivers ===== Thanks to **TundraMan**, the madwifi drivers have been compiled for the default installed kernel. * Download the drivers here: [[http://code.google.com/p/eeepc701ath/]]. Remember the location. For this documentation, it's ''/home/user/ath.tar.bz2'' * Open a terminal (xterm). In "Easy Mode", it's Ctrl-Alt-T. * Save the older drivers, remove them, and install the new ones. Execute these commands, in the xterm: cd /lib/modules/2.6.21.4-eeepc sudo tar jcf /home/user/old_atheros.tar.bz2 atheros/* cd atheros sudo rm * sudo tar jxf /home/user/ath.tar.bz2 sudo depmod * Make some soft links to insure some compatibility: sudo ln -s /sbin/wpa_supplicant /usr/sbin/wpa_supplicant sudo ln -s /sbin/wpa_cli /usr/sbin/wpa_cli * Modify the default Xandros linux wpa configuration generation script to use madwifi by default.: sudo nano /etc/wpa_supplicant/functions.sh Search (ctrl+w in nano) for "wext" until you come to the line (should be line 188) that looks like this: (should be the 2nd search result) WPA_SUP_DRIVER="wext" Change it to: WPA_SUP_DRIVER="madwifi" Now Ctrl+O to overwrite (save changes) and hit enter, Then Ctrl+X to exit * Reboot your Eee PC. At this point, if you had a working WIFI configuration and connection, you should be able to still use it. If you modified the /etc/wpa_supplicant/functions.sh file you should be able to connect to basic WPA networks using the Network configuration tool. ===== Create a wpa_supplicant.conf_MINE for your secure network. ===== There's a plethora of sample configuration that are available. Your network administrator may be able to help with the exact details. A sample wpa_supplicant.conf is found within the wpasupplicant package that was installed in this directory: /usr/share/doc/wpasupplicant/examples/ To create and edit the file: touch /home/user/wpa_supplicant.conf nano /home/user/wpa_supplicant.conf Here's one that worked for me, for my work's network that uses a certificate that I downloaded from their server: ctrl_interface=/var/tmp/wpa_supplicant ctrl_interface_group=0 eapol_version=1 #Sets AP sellection to be handled by wpa_supplicant or the driver. # 0=driver 1=wpa_supplicant ap_scan=1 #Begin Network Block #-------------------------------- network={ ssid="some_secure_network" scan_ssid=1 proto=WPA key_mgmt=WPA-EAP pairwise=TKIP eap=PEAP ca_cert="/etc/certs/CAcert.cer" identity="myusername" password="mypasswrd" } Save (Ctrl+O) it in your home directory (/home/user) as wpa_supplicant.conf. Then copy this file to the /etc directory: sudo cp wpa_supplicant.conf /etc/wpa_supplicant.conf_MINE ===== Create a New Network Configuration ===== The instructions below should allow you to keep Network Configurations that you have found to work, that do not require a special setup (i.e. those that do not need EAP). Create a new wireless connection type: * In the "Network Connections" GUI, click on "Create..." button. * Choose "Local Area Network - Wireless" * Choose "Atheros Communications, Inc - AR50..." (might be only option). * Choose your address type (typically "Dynamic IP Address (DHCP)") * Input Network name (SSID). Mode and transfer rate information may be fine at "auto". See your network admin for more info. * Under "Wireless Channel Settings", "Any" may be fine, but your network admin may have more info. * Check the box for "Enable encryption" For "Encryption Type", select WPA. Under "Key", enter any number of ASCII characters until you see the "WPA256 type in ASCII format". This key need not be your actual key, as this will be ignored using this procedure. * Name your connection. "work", "conference", "home", are commonly used names. Of course, you can be more creative. * Choose whether or not you want to "Connect automatically at system startup". Do NOT check the box for "Start this connection when finished". Click on the "Finish" button. Your new connection type should now be shown in the GUI. Now.. modify the file /etc/network/interfaces (as root, or with sudo). sudo nano /etc/network/interfaces * Find your new network connection. Each connection starts with a line like: iface lan6 inet manual Your connection may have a different lan#. You should be able to identify it with the SSID from the wireless-essid line. * Just before the line: up ifconfig $IFACE up Insert these lines: **For early eeepc (700-701 etc..)** up cp /etc/wpa_supplicant.conf_MINE /etc/wpa_supplicant.conf.ath0 up wpa_cli -p /var/tmp/wpa_supplicant reconfigure **For the eeepc 901** up cp /etc/wpa_supplicant.conf_MINE /etc/wpa_supplicant.conf.ra0 up wpa_cli -p /var/tmp/wpa_supplicant reconfigure The first line overwrites the wpa_supplicant.conf.ath0 that is automatically generated by the xandros scripts, with your own (wpa_supplicant.conf_MINE). The second line tells the supplicant to reload the configuration (since it used the automatically generated one, when it started). * Save the file. For reference, here's a sample ''/etc/network/interfaces'' that works for WEP (lan2) and WPA-EAP (lan6) : auto lo iface lo inet loopback iface eth0 inet dhcp iface lan2 inet manual down dhclient3 -r -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE down ifconfig $IFACE down up ifconfig $IFACE up up dhclient3 -cf /etc/dhcp3/dhclient.$LOGICAL.conf -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE wireless-channel 6 wireless-essid work_wep wireless-key s:SOMESECUREKEY wireless-keymode open wireless-mode auto wireless-rate auto xncs-wireless-encryption wep iface lan6 inet manual down dhclient3 -r -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE down ifconfig $IFACE down up cp /etc/wpa_supplicant.conf_MINE /etc/wpa_supplicant.conf.ath0 up wpa_cli -p /var/tmp/wpa_supplicant reconfigure up ifconfig $IFACE up up dhclient3 -cf /etc/dhcp3/dhclient.$LOGICAL.conf -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE wireless-essid work_wpa wireless-key s:SOMEFAKEKEY wireless-keymode open wireless-mode auto wireless-rate auto xncs-wireless-encryption wpa Now... cross your fingers, and attempt to connect to this network configuration. Because of the complexity of the authentication process, the connection may take a minute or more to establish. ===== Fix network monitor icon on taskbar ===== After installing Madwifi driver, networkmonitor doesn't report the correct status of wireless interface. It seems disconnected even though you're connected. A simple way to fix it is, like suggested in [[http://forum.eeeuser.com/viewtopic.php?id=1844&p=3]], to change /usr/bin/startsimple.sh script. Open an xterm in "Easy Mode" with Ctrl-Alt-T and modify startsimple.sh sudo nano /usr/bin/startsimple.sh Search the line networkmonitor ath0 eth0 & and replace it with networkmonitor wifi0 eth0 & From next boot you should see the "two monitors" icon when connected. ===== Automating the Process ===== If you are working with a large number of systems you can automate this process through the use of a bash script and a few pre-configured files. - Create or copy the [[wpa_default_xandros#Required_Files|files]] to a flash drive - Begin with a base image (use F9 restore process if necessary). You must also edit the wpa_supplicant.conf_MINE file included with the script and enter the resource account username and password on the lines for identity= and password= - Make sure the time/date are correct or the security certificate will not work. It can be corrected by double-clicking on the time at the bottom and adjusting them appropriately. - Insert the Flash Drive containing the configuration script and supporting files. - The system will pop-up a window asking how to handle the Flash Drive. Click OK or press Enter to Open in File Manager. {{:eeeremovabledevice.png?500|}} - Double-click the only folder in the directory (varies depending on the Flash Drive). {{:filemanagerpopup.png?500|}} - Go to the Tools Menu and select Open Console Window – Alternatively press Ctrl + T. {{:eeepcopenconsole.png?500|}} - Once at the terminal, type: sudo sh config.sh The script will run, update the appropriate files for the configuration and then reboot the machine. After reboot it may take several minutes for the network to connect. ==== Required Files ==== * **ath.tar.bz2** (from [[wpa_default_xandros#Install_new_madwifi_drivers|Installing new madwifi drivers]])\\ * **securitycertificate.cer** (only for IEEE8021X configurations)\\ * **startsimple.sh** (from [[wpa_default_xandros#Fix_network_monitor_icon_on_taskbar|Fix network monitor icon on taksbar]])\\ * **wpasupplicant_0.5.5-2_i386.deb** (from [[http://packages.debian.org/etch/i386/wpasupplicant/download]])\\ // The rest of the files are user generated or can be copied from here. Please note that the ordering assumes you are starting from a fresh restore and uses lan2 as the profile to store these settings. If there are any other networks added before this script is run, it will most likely fail.// **default_route_order** lan2 lan1 **dhclient.lan2.conf** timeout 30; retry 2; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name, netbios-name-servers, netbios-scope; **interface-order** *.lan2 *.lan1 lo.inet* lo.dnsmasq lo.pdnsd lo* tun* tap* ppp* eth* ath* wlan* * **interfaces** auto lo iface lo inet loopback iface eth0 inet dhcp iface lan2 inet manual down dhclient3 -r -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE down ifconfig $IFACE down up cp /etc/wpa_supplicant.conf_MINE /etc/wpa_supplicant.conf.ath0 up wpa_cli -p /var/tmp/wpa_supplicant reconfigure up ifconfig $IFACE up up dhclient3 -cf /etc/dhcp3/dhclient.$LOGICAL.conf -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE wireless-essid My-SSID wireless-key s:abababab wireless-keymode open wireless-mode auto wireless-rate auto xncs-wireless-encryption wpa **lan2** [info] version = 2 name = My-SSID type = lan subtype = wlan [servicedata] autostart = onboot dependson = fallback = share_connection = temporary = interface_name = device_id = network::0x0200000x0000168c0x0000001c0x00001a3b0x00001026 **wpa_supplicant.conf_MINE** (many samples on the internet, this one works for my organization using Cisco WAPs, IEEE8021X and MSCHAPV2 ctrl_interface=/var/tmp/wpa_supplicant ctrl_interface_group=0 eapol_version=1 #Sets AP sellection to be handled by wpa_supplicant or the driver. # 0=driver 1=wpa_supplicant ap_scan=1 fast_reauth=1 #Begin Network Block #-------------------------------- network={ ssid="My-SSID" scan_ssid=1 key_mgmt=WPA-EAP IEEE8021X #proto=WPA2 #pairwise=CCMP #group=CCMP eap=PEAP ca_cert="/etc/wpa_supplicant/certificate.cer" identity="domain\username" password="password" #phase1="peaplabel=0" phase2="auth-MSCHAPV2" priority=6 } **config.sh** (a bash script that copies and installs all of the required files) # Check the script is being run by root if [ "$(id -u)" != "0" ]; then exec su -c "${0} ${CMDLN_ARGS}" # Call this script as root fi # First we check and make sure the files we need are here, if not, we report and die. for i in ath.tar.bz2 wpa_supplicant.conf_MINE certificate.cer interfaces startsimple.sh lan2 interface-order default_route_order dhclient.lan2.conf do if [ ! -e $i ]; then echo "$i is missing." MISSING="True" fi done if [ -n "$MISSING" ]; then # -n tests to see if the argument is non empty echo "One or more needed files are missing. Cancelling script" exit 1 fi echo "Removing existing supplicant and client..." rm -v /usr/sbin/wpa_supplicant /usr/sbin/wpa_cli echo "Installing new supplicant and client..." dpkg -i wpasupplicant_0.5.5-2_i386.deb echo "Removing Atheros Drivers..." rm -f /lib/modules/2.6.21.4-eeepc/atheros/* echo "Installing MadWiFi Drivers..." tar jxf ath.tar.bz2 --directory=/lib/modules/2.6.21.4-eeepc/atheros/ depmod echo "Linking to common access points for supplicant and client..." sudo ln -s /sbin/wpa_supplicant /usr/sbin/wpa_supplicant sudo ln -s /sbin/wpa_cli /usr/sbin/wpa_cli echo "Copying updated wpa_supplicant.conf file..." cp -f wpa_supplicant.conf_MINE /etc/wpa_supplicant.conf_MINE echo "Copying Wireless Certificate..." cp -f certificate.cer /etc/wpa_supplicant/certificate.cer echo "Copying updated interfaces file..." cp -f interfaces /etc/network/interfaces echo "Updating startsimple.sh to monitor correct wifi device..." cp -f startsimple.sh /usr/bin/startsimple.sh echo "Updating Xandros profiles to start wifi device..." cp -f lan2 /etc/opt/xandros/xandrosncs/services/lan2 cp -f interface-order /etc/resolvconf/interface-order cp -f default_route_order /etc/opt/xandros/xandrosncs/default_route_order cp -f dhclient.lan2.conf /etc/dhcp3/dhclient.lan2.conf echo "Script completed. Please check output for any messages of failed copies." echo "The system will now be rebooted to confirm the new configuration." /sbin/fastreboot.sh exit 0 ==== Troubleshooting ==== If the wireless won't connect and hangs at pending for a long time, try this: - Double-click the Wireless Network Adapter (Tray icon with a wrench over WiFi signal icon) - Select the connection you are having trouble with and click **Connect** - Change **Encryption** type to **WPA** - Enter a key of: 12345678 - Click OK This should resolve the hang and work from then on.