Linux手动连接配置wifi
Linux手动连接配置wifi
背景
以前在桌面端或是嵌入式手动连接过wifi,但没有深入也没有详细研究,今天系统地记录下。
wpa_supplicant连接WIFI
wpa_supplicant介绍及背景
官网:https://w1.fi/wpa_supplicant/.
以下来自man手册,介绍了它的作用、产生背景及由来,保持原汁原味。
wpa_supplicant - Wi-Fi Protected Access client and IEEE 802.1X supplicant
wpa_supplicant is designed to be a “daemon” program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and an example text-based frontend, wpa_cli, is included with wpa_supplicant.
Wireless networks do not require physical access to the network equipment in the same way as wired networks. This makes it easier for unauthorized users to passively monitor a network and capture all transmitted frames. In addition, unauthorized use of the network is much easier. In many cases, this can happen even without user’s explicit knowledge since the wireless LAN adapter may have been configured to automatically join any available net‐work.
Link-layer encryption can be used to provide a layer of security for wireless networks. The original wireless LAN standard, IEEE 802.11, included a simple encryption mechanism, WEP. However, that proved to be flawed in many areas and network protected with WEP cannot be consider secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys can be used to improve the network security, but even that has inherited security issues due to the use of WEP for encryption. Wi-Fi Protected Access and IEEE 802.11i amendment to the wireless LAN standard introduce a much improvement mechanism for securing wireless networks. IEEE 802.11i enabled networks that are using CCMP (encryption mechanism based on strong cryptographic algorithm AES) can finally be called secure used for applications which require efficient protection against unauthorized access.
wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver.
工具组成
The wpa_supplicant system consists of the following components:
wpa_supplicant.conf
the configuration file describing all networks that the user wants the computer to connect to.
默认配置文件,里面有很多可修改的配置项,后面会有个小说明。wpa_supplicant
the program that directly interacts with the network interface.
用来连接和配置wifi的主要工具。wpa_cli
the client program that provides a high-level interface to the functionality of the daemon.
命令行交互前端,可以用来进行wifi的配置和连接,前提是wpa_supplicant已正常启动,这里不做过多介绍。wpa_passphrase
a utility needed to construct wpa_supplicant.conf files that include encrypted passwords.
用于生成连接wifi的配置文件wpa_supplicant.conf,这里不做过多介绍。
wpa_supplicant.conf配置文件
update_config=1 //是否允许wpa_supplicant更新(覆盖)配置
eapol_version=1 //IEEE 802.1X / EAPOL版本
ap_scan=1 //AP扫描/选择
passive_scan=0 //是否强制被动扫描进行网络连接
user_mpm=1 //MPM驻留
max_peer_links=99 //最大对等链路数(0-255;默认值:99)
mesh_max_inactivity=300 //检测STA不活动的超时(以秒为单位)(默认值:300秒)
cert_in_cb=1 //cert_in_cb - 是否在事件中包含对等证书转储
fast_reauth=1 //EAP快速重新认证
driver_param="field=value" //驱动程序接口参数
country=US //国家码
dot11RSNAConfigSATimeout=60 //PMKSA的最长寿命,以秒为单位; 默认43200
uuid=12345678-9abc-def0-1234-56789abcdef0 //设备的通用唯一标识符
auto_uuid=0 //自动UUID行为
device_name=Wireless Client //设备名称
manufacturer=Company //生产厂家
model_name=cmodel //型号名称
model_number=123 // 型号
serial_number=12345 //序列号
device_type=1-0050F204-1 //主要设备类型
os_version=01020300 //操作系统版本
config_methods=label virtual_display virtual_push_button keypad //配置方法
wps_cred_processing=0 //凭证处理
wps_vendor_ext_m1=000137100100020001 //WPS M1中的供应商属性,例如,Windows 7垂直配对
wps_nfc_dev_pw: Hexdump of Device Password //WPS的NFC密码令牌
wps_priority=0 //通过WPS添加网络的优先级
bss_max_count=200 //要保留在内存中的最大BSS条目数
filter_ssids=0 //filter_ssids - 基于SSID的扫描结果过滤
p2p_disabled=1 //禁用P2P功能
p2p_go_max_inactivity=300 //检测STA不活动的超时(以秒为单位)(默认值:300秒)
p2p_passphrase_len=8 //P2P GO的密码长度
p2p_search_delay=500 //并发P2P搜索迭代之间的额外延迟
okc=0 //机会密钥缓存(也称为主动密钥缓存)默认
pmf=0 //受保护的管理框架
sae_groups=21 20 19 26 25 //按优先顺序启用SAE有限循环组
dtim_period=2 //DTIM周期的默认值(如果未在网络块中覆盖)
beacon_int=100 //Beacon间隔的默认值(如果未在网络块中覆盖)
ap_vendor_elements=dd0411223301 //Beacon和Probe Response帧的其他供应商特定元素
ignore_old_scan_res=0 //忽略比请求更早的扫描结果
mac_addr=0 //MAC地址策略
rand_addr_lifetime=60 //随机MAC地址的生命周期,以秒为单位(默认值:60)
preassoc_mac_addr=0 //预关联操作的MAC地址策略(扫描,ANQP)
gas_rand_mac_addr=0 //GAS操作的MAC地址策略
gas_rand_addr_lifetime=60 //GAS随机MAC地址的生命周期(以秒为单位)
interworking=1 //启用互通
go_interworking=1 //启用互通的P2P GO广告
go_access_network_type=0 //P2P GO互通:接入网络类型
go_internet=1 //P2P GO互通:网络是否提供到Internet的连接
go_venue_group=7 go_venue_type=1 //p2p-go互通:群组场馆信息(可选)
hessid=00:11:22:33:44:55 //同源ESS标识符
auto_interworking=0 //自动网络选择行为
gas_address3=0 //GAS Address3字段行为
ftm_responder=0 // 在扩展功能元素位70中发布精确定时测量(FTM)响应器功能。
ftm_initiator=0 //在扩展功能元素位71中发布精确定时测量(FTM)启动器功能。
mbo_cell_capa=3 //MBO蜂窝数据功能
non_pref_chan=81:5:10:2 81:1:0:2 81:9:0:2 //多频段操作(MBO)非首选频道
oce=1 //优化的连接体验(OCE)
mem_only_psk=0 //mem_only_psk:是否仅在内存中保留PSK /密码使用流程
前提:
Before wpa_supplicant can do its work, the network interface must be available. That means that the physical device must be present and enabled, and the driver for the device must be loaded. The daemon will exit immediately if the device is not already available.
网络接口必须是可用的,即物理无线网卡已接上且已使能,而且驱动已正常加载。如果设备不可用,wpa_supplicant守护进程将直接退出。
下面是使用wpa_supplicant连接一个AP(使用WPA)的内部流程:
- wpa_supplicant requests the kernel driver to scan neighboring BSSes
- wpa_supplicant selects a BSS based on its configuration
- wpa_supplicant requests the kernel driver to associate with the chosen BSS
- If WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP authentication with the authentication server (proxied by the Authenticator in the AP)
- If WPA-EAP: master key is received from the IEEE 802.1X Supplicant
- If WPA-PSK: wpa_supplicant uses PSK as the master session key
- wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake with the Authenticator (AP)
- wpa_supplicant configures encryption keys for unicast and broadcast
- normal data packets can be transmitted and received
简单启用wpa_supplicant:
#-B 后台运行守护进程
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -B一个极简的配置文件:
network={
ssid="XI"
psk="12345678"
priority=2
}配置网络IP
使用wpa连接wifi后,还需要配置网路IP,才能正常使用网络,可配置静态IP也可动态获取。
一般Linux发行版会使用相关的工具来统一管理网络,比如 Netplan、NetworkManager等。
这里只讨论一步步手动的方式。
静态IP
静态IP主要使用 ifconfig、route等相关命令来配置
#配置IP
ifconfig wlan0 192.168.1.110 netmask 255.255.255.0
#配置默认网关
route add default gw 192.168.1.1动态获取IP(DHCP - Dynamic Host Configuration Protocol)
微信
支付宝
欢迎关注公众号:
