本文介绍如何使用wpa_supplicant工具配置无线网络连接,包括命令行操作步骤及配置文件示例。涵盖不同加密方式的配置方法。
目前可以使用wireless-tools或wpa_supplicant工具来配置无线网络。请记住重要的一点是,对无线网络的配置是全局性的,而非针对具体的接口。
wpa_supplicant是一个较好的选择,但缺点是它不支持所有的驱动。请浏览wpa_supplicant网站获得它所支持的驱动列表。另外,wpa_supplicant目前只能连接到那些你已经配置好ESSID的无线网络。wireless-tools支持几乎所有的无线网卡和驱动,但它不能连接到那些只支持WPA的AP。
经过编译后的wpa_supplicant源程序可以看到两个主要的可执行工具:wpa_supplicant和wpa_cli。wpa_supplicant是核心程序,它和wpa_cli的关系就是服务和客户端的关系:后台运行wpa_supplicant,使用wpa_cli来搜索、设置、和连接网络。
如何用wpa_supplicant使能一个wifi连接?
Step by step:
1、运行wpa_supplicant程序;
执行:/system/bin/wpa_supplicant -d -Dwext -iwlan0 -c/da
其中:
-d :增加调试信息
-Dwext :wext,驱动名称
-iwlan0 :wlan0,网络接口名称
/system/bin/wpa_supplicant :wpa_supplicant可执行程序path
/da
2、运行命令行工具wpa_cli ;
执行 :wpa_cli -iwlan0
此时会进入交互模式。其中交互模式的命令如下表:
| Full command | Short command | Description |
| status | stat | displays the current connection status |
| disconnect | disc | prevents wpa_supplicant from connecting to any access point |
| quit | q | exits wpa_cli |
| terminate | term | kills wpa_supplicant |
| reconfigure | recon | reloads wpa_supplicant with the configuration file supplied (-c parameter) |
| scan | scan | scans for available access points (on |
| scan_result | scan_r | displays the results of the last scan |
| list_networks | list_n | displays a list of configured networks and their status (active or not, enabled or disabled) |
| select_network | select_n | select a network among those defined to initiate a connection (ie select_network 0) |
| enable_network | enable_n | makes a configured network available for selection (ie enable_network 0) |
| disable_network | disable_n | makes a configured network unavailable for selection (ie disable_network 0) |
| remove_network | remove_n | removes a network and its configuration from the list (ie remove_network 0) |
| add_network | add_n | adds a new network to the list. Its id will be created automatically |
| set_network | set_n | shows a very short list of available options to configure a network when supplied with no parameters. See next section for a list of extremely useful parameters to be used with set_network and get_network. |
| get_network | get_n | displays the required parameter for the specified network. See next section for a list of parameters |
| save_config | save_c | saves the configuration |
设置网络的基本格式:set_network <network id> <key> <parameter> [<parameter>]
显示网络信息的基本格式:get_network <network id> <key>
some common command:
>scan = to scan the neighboring AP
>scan_results = show the scan results
>status = check out the current connection information
>terminate = terminate wpa_supplicant
>quit = exit wpa_cli
>add_network = it will return a network id to you
>set_network <network id> <variable> <value> = set network variables (shows
list of variables when run without arguments), success will return OK, or will return Fail
>select_network <network id> = select a network (disable others)
>disable_network <network id> = disable a network
>enable_network <network id> = enable a network
相应的参数如下表:
| Key | Description | Parameters |
| ssid | Access point name | string |
| id_str | String identifying the network | string |
| priority | Connection priority over other APs | number (0 being the default low priority) |
| bssid | Mac address of the access point | mac address |
| scan_ssid | Enable/disbale ssid scan | 0, 1, 2 |
| key_mgmt | Type of key management | WPA-PSK, WPA_EAP, None |
| pairwise | Pairwise ciphers for WPA | CCMP, TKIP |
| group=TKIP | Group ciphers for WPA | CCMP, TKIP, WEP104, WEP40 |
| psk | Pre-Shared Key (clear or encrypted) | string |
| wep_key0 | WEP key (up to 4: wep_key[0123]) | string |
| eap | Extensible Authentication Protocol | MD5, MSCHAPV2, OTP, GTC, TLS, PEAP, TTLS |
| identity | EAP identity string | string |
| password | EAP password | string |
| ca_cert | Pathname to CA certificate file | /full/path/to/certificate |
| client_cert | Pathname to client certificate | /full/path/to/certificate (PEM/DER) |
| private_key | Pathname to a client private key file | /full/path/to/private_key (PEM/DER/PFX) |
eg.1、连接无加密的AP
>add_network (It will display a network id for you, assume it returns 0)
>set_network 0 ssid "666"
>set_network 0 key_mgmt NONE
>enable_network 0
>select_network 0
eg.2、连接WEP加密AP
>add_network (assume return 1)
>set_network 1 ssid "666"
>set_network 1 key_mgmt NONE
>set_network 1 wep_key0 "your ap password"
>enable_network 1
>select_network 1
eg.3、连接WPA-PSK/WPA2-PSK加密的AP
>add_network (assume return 2)
>set_network 2 ssid "666"
>set_network 2 psk "your pre-shared key"
>enable_network 2
>select_network 2
到此,wifi模块就能连接上AP了。
3、以上是通过命令行工具wpa_cli来实现wifi网络的连接。当然,也可以通过wpa_supplicant的配置文件来实现连接。
再回顾下运行wpa_supplicant时执行的命令:
/system/bin/wpa_supplicant -d -Dwext -iwlan0 -c/da
我们在执行时加上了-c/da
eg.
# 请不要修改下面这一行内容,否则将不能正常工作
ctrl_interface=/var/run/wpa_supplicant
# 确保只有root用户能读取WPA的配置
ctrl_interface_group=0
# 使用wpa_supplicant来扫描和选择AP
ap_scan=1
# 简单的情形:WPA-PSk密码验证方式,PSK是ASCII密码短语,所有合法的加密方式都允许连接
network={
ssid="simple"
psk="very secret passphrase"
# 优先级越高,就能越早匹配到。
priority=5
}
# 与前面的设置相同,但要求对特定的SSID进行扫描(针对那些拒绝广播SSID的AP 也就我们常说的隐藏ap)
network={
ssid="second ssid"
scan_ssid=1
psk="very secret passphrase"
priority=2
}
# 仅使用WPA-PSK方式。允许使用任何合法的加密方式的组合
network={
ssid="example"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
priority=2
}
# 明文连接方式(不使用WPA和IEEE802.1X)
network={
ssid="plaintext-test"
key_mgmt=NONE
}
# 共享WEP密钥连接方式(不使用WPA和IEEE802.1X)
network={
ssid="static-wep-test"
key_mgmt=NONE
# 引号包含的密钥是ASCII密钥
wep_key0="abcde"
# 没有引号包含的密钥是十六进制密钥
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
}
# 共享WEP密钥连接方式(无WPA和IEEE802.1X),使用共享密钥IEEE802.11验证方式
network={
ssid="static-wep-test2"
key_mgmt=NONE
wep_key0="abcde"
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
auth_alg=SHARED
}
# 在IBSS/ad-hoc网络中使用WPA-None/TKIP
network={
ssid="test adhoc"
mode=1
proto=WPA
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP
psk="secret passphrase"
}
network=后面的内容
ssid :接入点名称,这个没什么好说的
scan_ssid=1 :这个很容易错过,如果你的无线接入点是隐藏的,那么这个就是必须的,亲身经历,折腾了好久才搞定,记之备忘。
psk=xx :是加密后的密码,用wpa_passphrase自动生成的
proto=RSN WPA2就选这个,抄一下官方配置文件例子里面的:
- # proto: list of accepted protocols ---支持的协议列表
- # WPA = WPA/IEEE 802.11i/D3.0
- # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) ---也能使用WPA2,它只是RSN的一个别名而已
- # If not set, this defaults to: WPA RSN ---如果不设置,默认就是WPA RSN,即全部支持
key_mgmt= 认证密钥管理协议,还是抄:
- # key_mgmt: list of accepted authenticated key management protocols ---支持的协议列表
- # WPA-PSK = WPA pre-shared key (this requires 'psk' field) ---一般都是这个,这就包括了WPA、WPA2开始的那些方式
- # WPA-EAP = WPA using EAP authentication ---这个就是WEP开头的,猜的,求验证
- # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
- # generated WEP keys
- # NONE = WPA is not used; plaintext or static WEP could be used ---这个是开放的,没密码,联通、电信之类的就这个
- # WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
- # WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
- # If not set, this defaults to: WPA-PSK WPA-EAP ---如果未设置,默认支持WAP、WEP开头那些
pairwise= 这个就是加密方式,继续抄
- # pairwise: list of accepted pairwise (unicast) ciphers for WPA ---WPA可用的加密方式列表
- # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] ---看到没,这个就是AES,换了马甲而已
- # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] ---TKIP 这个倒是没变
- # NONE = Use only Group Keys (deprecated, should not be included if APs support
- # pairwise keys) ---这个估计很少用
- # If not set, this defaults to: CCMP TKIP ---不设置的话是CCMP TKIP,看似正确,其实有些路由器无法自动识别,只能二选一,很坑爹。
好了,其他的不多说了,有兴趣看英文原文吧:
扫一扫
730
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
