![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtA note to readers
There are a many ways to configure wireless networking on Debian. Far too many. What is described here is the simplest option which uses the programs and configurations which ship in an unaltered Raspbian distribution. This lets people bring up wireless networking to their home access point with a minimum of fuss. More advanced configurations may be more easily done with other tools, such as NetworkManager. Now back to your originally programmed channel…
The RaspberryPi does not come with wireless onboard. But it's simple enough to buy a small USB wireless dongle. Element14 sell them for A$9.31. It's unlikely you'll see them in shops for such a low price so it is well work ordering a WiFi dongle with your RPi.
Raspbian already comes with the necessary software installed. Let's say our home wireless network has a SSID of example and a pre-shared key (aka password) of TGAB…Klsh. Edit /etc/wpa_supplicant/wpa_supplicant.conf. You will see some existing lines:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1
Now add some lines describing your wireless network:
network={
ssid="example"
psk="TGABpPpabLkgX0aE2XOKIjsXTVSy2yEF0mtUgFjapmMXwNNQ3yYJmtA9pGYKlsh"
scan_ssid=1
}The parameter scan_ssid=1 allows the WiFi dongle to connect with a wireless access point which does not do SSID broadcasts.
Now plug the dongle in. Check dmesg that udev installed the dongle's device driver:
$ dmesg [ 3.873335] usb 1-1.4: new high-speed USB device number 5 using dwc_otg [ 4.005018] usb 1-1.4: New USB device found, idVendor=0bda, idProduct=8176 [ 4.030075] usb 1-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4.050034] usb 1-1.4: Product: 802.11n WLAN Adapter [ 4.060398] usb 1-1.4: Manufacturer: Realtek [ 4.069904] usb 1-1.4: SerialNumber: 000000000001 [ 8.586604] usbcore: registered new interface driver rtl8192cu
A new interface will have appeared:
$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 KiB) TX bytes:0 (0.0 KiB)IPv4's DHCP should run and your interface should be populated with addresses:
$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
inet addr:192.0.2.1 Bcast:192.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 KiB) TX bytes:0 (0.0 KiB)If you use multiple wireless networks, then add additional network={…} stanzas to wpa_supplicant.conf. wpa_supplicant will choose the correct stanza based on the SSIDs present on the wireless network.
IPv6
If you are using IPv6 (by deleting /etc/modprobe.d/ipv6.conf) then IPv6's zeroconf and SLAAC will run and you will also get a IPv6 link-local address and maybe a global address if your network has IPv6 connectivity off the subnet.
$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
inet addr:192.0.2.1 Bcast:192.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::211:22ff:fe33:4455/64 Scope:Link
inet6 addr: 2001:db8:abcd:1234:211:22ff:fe33:4455/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 KiB) TX bytes:0 (0.0 KiB)Commonly occurring issues
If the interface is not populated with addresses then try to restart the interface. You will need to do this if you plugged the dongle in prior to editing wpa_supplicant.conf.
$ sudo ifdown wlan0 $ sudo ifup wlan0
If you still have trouble then look at the messages in /var/log/daemon.log, especially those from wpa_supplicant
. Also check dmesg, ensuring that the device driver isn't printing messages indicating misbehaviour.
Also check that the default route points to where you expect; that is, the default route line says default via … dev wlan0.
$ ip route show default via 192.168.255.254 dev wlan0 192.168.255.0/24 dev wlan0 proto kernel scope link src 192.168.255.1 $ ip -6 route show 2001:db8:abcd:1234::/64 dev wlan0 proto kernel metric 256 expires 10000sec fe80::/64 dev wlan0 proto kernel metric 256 default via fe80::1 dev wlan0 proto ra metric 1024 expires 1000sec
If you have edited /etc/network/interfaces then you may need to restore these lines to that file:
allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
Security
As this example shows, the pre-shared key should be long — up to 63 characters — and very random. The entire strength of WPA2 relies on the length and randomness of the key. If your current key is neither of these then you might want to generate a new key and configure it into the access point.
An easy way to generate a key is:
$ sudo apt-get install pwgen $ pwgen -s 63 1 TGABpPpabLkgX0aE2XOKIjsXTVSy2yEF0mtUgFjapmMXwNNQ3yYJmtA9pGYKlsh
This works even better if you use the RaspberryPi's hardware random number generator.
There is only one secure wireless protocol which you can use at home: Wireless Protected Access version two with pre-shared key, this is known as “WPA2-PSK” or as “WPA2 Personal”. The only secure encryption is CCMP -- this uses the Advanced Encryption Standard and is sometimes named “AES” in the access point configurations. The only secure authentication algorithm for use with WPA2-PSK is OPEN: this doesn't mean “open access point for use by all, so no authentication” but the reverse: “Open Systems Authentication”.
You can configure wpa_supplicant.conf to insist on these secure options as the only technology it will use with your home network.
network={
ssid="example"
psk="TGABpPpabLkgX0aE2XOKIjsXTVSy2yEF0mtUgFjapmMXwNNQ3yYJmtA9pGYKlsh"
scan_ssid=1
# Prevent backsliding into insecure protocols
key_mgmt=WPA-PSK
auth_alg=OPEN
proto=WPA2
group=CCMP
pairwise=CCMP
}