WPA-PSK with WPA2 and SUSE Linux

SUSE Linux 10.0 Beta3 has native support for Wireless network interfaces using open authentication mode, shared-keys (like WEP), pre-shared keys (PSK) and extensible authentication (EAP).

Each network interface is configured using a plain-text file located in /etc/sysconfig/network. The configuration file usually matchs the following patterns:

  1. ifcfg-wlan-bus–
  2. ifcfg-wlan-

The first naming convention is used when SUSE Linux is unable to guess the device’s hardware MAC address, which is very common for Wireless network cards not natively supported by the Linux kernel. For example, the SMC 2835W V3 CardBus NIC only works, at the moment, using ndiswrapper, and it’s usually impossible to guess the card’s MAC address until ndiswrapper is properly configured. Also, this naming convention ties the Wireless card to an specific CardBus slot, since every slot has a different bus address.

The second naming convention is usually used for cards whose MAC address is guessable without assistance from third-party drivers or software. That is the case of my NetGear WG511U which uses an Atheros chip.

It seems SUSE 10.0 Beta3 only supports WPA (TKIP) pre-shared keys and I have bee unable to find a way to tell Yast2 to use WPA2 (AES-CCMP) authentcatio isntead. I have had to do some tweaking to SUSE’s ifup-wireless script in order to make it understand WPA-PSK with WPA2 (AES-CCMP):

--- ifup-wireless.old 2005-08-28 00:03:05.000000000 +0200
+++ ifup-wireless 2005-08-28 00:02:51.000000000 +0200
@@ -498,6 +498,16 @@
echo " psk="$L""
fi
;;
+ *psk2|*PSK2)
+ echo " key_mgmt=WPA-PSK"
+ L=$WIRELESS_WPA_PSK$SUFFIX
+ if [ ${#L} = 64 ]; then
+ echo " psk=$L"
+ else
+ echo " psk="$L""
+ fi
+ echo " proto=WPA2"
+ ;;
eap|EAP|wpa-eap|WPA-EAP)
# writing a config that tries to match everything
# FIXME: may be not optimal

This patch adds support for WPA2 authentication to /etc/sysconfig/network/scripts/ifup-wireless. In the network interface configuration file, WIRELESS_AUTH_MODE=’psk2′ must be specified in order to use WPA2 authentication protocol (instead of WIRELESS_AUTH_MODE=’psk’ which is the default value assigned by Yast2 when creating the configuration file).

A sample network configuration file:

# File /etc/sysconfig/network/ifcfg-wlan-00:11:22:33:44:55
BOOTPROTO='static'
BROADCAST=''
IPADDR='a.b.c.d
MTU=''
NAME='Accton Intersil ISL3890 [Prism GT/Prism Duette]'
NETMASK='w.x.y.z"
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='hotplug'
UNIQUE='rBUF.3mb35rd_sgB'
USERCONTROL='yes'
WIRELESS_AP=''
WIRELESS_AP_SCANMODE='2'
WIRELESS_AUTH_MODE='psk2'
WIRELESS_BITRATE='auto'
WIRELESS_CA_CERT=''
WIRELESS_CHANNEL=''
WIRELESS_CLIENT_CERT=''
WIRELESS_DEFAULT_KEY='0'
WIRELESS_ESSID=''
WIRELESS_FREQUENCY=''
WIRELESS_KEY=''
WIRELESS_KEY_0=''
WIRELESS_KEY_1=''
WIRELESS_KEY_2=''
WIRELESS_KEY_3=''
WIRELESS_KEY_LENGTH='128'
WIRELESS_MODE='Managed'
WIRELESS_NICK=''
WIRELESS_NWID=''
WIRELESS_POWER='yes'
WIRELESS_WPA_IDENTITY=''
WIRELESS_WPA_PASSWORD=''
WIRELESS_WPA_PSK=''
_nm_name='bus-pci-0000:02:00.0'

Note the two highlighted lines:

  1. WIRELESS_AP_SCANMODE=’2′ is used to tell wpa_supplicant not to look for ESSID beacon frames used to advertise Wireless networks, and is usually used when the ESSID, for the Wireless network the interface is about to join, is hidden. Being the ESSID of the Wireless network kept hidden and this option not specified, will render wpa_supplicant unable to join the Wireless network while waiting in an infinite loop for the ESSID being broadcasted in the air.

    ifup-wireless will parse the network interface configuration file and will create a file called /var/run/wpa_supplicant- (where iface is the Linux interface name, like ath0 or wlan1) that will be feeded to wpa_supplicant itself.

  2. WIRELESS_AUTH_MODE=’psk2′ is used with the patched ifup-wireless script in otder to specifiy that WPA-PSK for WPA2 should be used (AES-CCMP) instead of plain WPA (TKIP).

    This will only work after applying the patch at the top to /etc/sysconfig/network/scrips/ifup-wireless.

Advertisements

5 thoughts on “WPA-PSK with WPA2 and SUSE Linux

  1. Hi!
    Looks like you are the most expert person I found after 2 damn days of research 😛
    I got your same settings (ssid hidden, mainly), but wpa1… I canàt get the 2 things to work together… could you give me any hint? (even by email would be good if you can’t bother doing it here 🙂 Thanks a lot in advance!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s