• About Us
• Network Information
• Getting Connected
• Virtual Private Network (VPN)
• Wireless Networking
  • Configuration Directions
  • Certificate Files
  • Guest Wireless Access
• Policies
• CCC Home

Linux

WPA Wireless Installation

Please note that due to the widely varying nature of Linux distributions, we cannot fully support wireless under Linux. The directions offered here are provided on an AS-IS basis. These instructions are based purely on use of the underlying tools, and ignore any potential capabilities of or problems with distributions specific management programs.

In particular, recent versions of the NetworkManager utility have been reported to be capable of configuring wireless appropriatelly. If your distribution includes this support, we reccomend you attempt using that before falling back to these directions. The NetworkManager directions are available here.

Requirements:

• Linux distribution
• WPA compliant wireless card (Wi/Fi Certified)
• Linux driver that supports WPA on your wireless card
• wpa_supplicant Many Linux distributions ship with this utility already, so check before downloading seperately

NOTE - Your wireless card needs to be registered through WPI Network Registration (http://netreg.wpi.edu/) prior to working on the WPI Wireless Network.

Setup of WPI Wireless Network

1. Install wpa_supplicant. There is a list of supported cards and driver combinations on the wpa_supplicant page.
2. Download the Wireless User and Network Operations CA files from the secure download page. Copy them to a convenient location for storing certificates, such as /etc/pki/tls/certs. You will also need the Wireless User Certificate Password there to put into the configuration file below.
3. Configure /etc/wpa_supplicant.conf as follows, filling in the proper paths to the downloaded certificate files and entering the Wireless User Certificate Password from above. Substitute the years during which the certificate is valid for the 'XX-XX' portion of the identity value, i.e. "07-08".
   

   network={
   	ssid="WPI-Wireless"
   	key_mgmt=WPA-EAP
   	pairwise=CCMP
   	group=CCMP TKIP 
   	eap=TLS
   	identity="Wireless User XX-XX"
   	ca_cert="/etc/pki/tls/certs/netops-ca.pem"
   	client_cert="/etc/pki/tls/certs/Wireless-User.pem"
   	private_key="/etc/pki/tls/certs/Wireless-User.pem"
   	private_key_passwd="the Wireless User Certificate Password from the download page"
   }
                   

4. Protect the security of the wireless network by making the configuration and Wireless User certificate files only readable by root:
   

   chown root:root /etc/wpa_supplicant.conf /etc/pki/tls/certs/Wireless-User.pem
   chmod 600 /etc/wpa_supplicant.conf /etc/pki/tls/certs/Wireless-User.pem
                   

5. Start wpa_supplicant with the configuration file and wireless network interface name. You may also need to pass the driver type, e.g.:
   

   wpa_supplicant -c /etc/wpa_supplicant.conf -i ath0 -D madwifi
   		

   The output from wpa_supplicant should look something like this:

   l2_packet_receive - recv: Network is down
   Trying to associate with 00:0b:0e:0f:87:41 (SSID='WPI-Wireless' freq=5180 MHz)
   Associated with 00:0b:0e:0f:87:41
   WPA: Key negotiation completed with 00:0b:0e:0f:87:41
   		

6. Start your DHCP client on the wireless network interface, e.g.:
   

   /sbin/dhclient ath0
   		

Your computer should now be connected to the WPI-Wireless network.

Maintained by webmaster@wpi.edu
Last modified: Jul 29, 2009, 12:21 EDT

CCC Network Operations - Worcester Polytechnic Institute
100 Institute Road, Worcester, MA 01609-2280
Phone: +1-508-831-6666 - Fax: +1-508-831-6669 - netops@wpi.edu