WIKI

Login

FrontPage
RecentChanges
FindPage
HelpContents

Titles

Text

Wiki/

Login

Info

Attachments

WiFi
HowToUse
How
to use a WiFi interface
This page describes how to configure a WiFi interface on a Debian system, for use on a network.
Translations: English - French - Italiano - -

Contents
1.

1.

How to use a WiFi interface

NetworkManager

1.

GNOME

2.

KDE

2.

Wicd

3.

connman

4.

Command Line

1.

5.

WPS

wpa_supplicant

1.

WPA-PSK and WPA2-PSK

2.

WPA-EAP

6.

Switching Connections

7.

Security consideration

8.

See Also

Once your wireless device has an interface available (verifiable with iwconfig), it is required to be configured to
access a network. If you do not have a wireless interface present, please refer to WiFi for information on providing a
driver for your device.
Wireless network interface configuration can be performed using a connection manager (such asNetworkManager)
or through Debian's /etc/network/interfaces file with a special purpose utility (such aswpa_supplicant). Examples of
NetworkManager and wpa_supplicant configuration are described below.
The WEP algorithm is insecure and deprecated by WPA. Use of WEP is not recommended and is not
covered within this document.

NetworkManager
NetworkManager is configured through graphical interfaces, which are available for GNOME and KDE. Your wireless
interface should not be referenced within Debian's /etc/network/interfaces file.
NetworkManager is also a front-end for wpa_supplicant.

GNOME
1.
2.

Ensure your user account is a member of the netdev group.

Install the network-manager-gnome package:

3.

$ su

4.

# apt-get update

# apt-get install network-manager-gnome

5.
6.

Log out of GNOME, then log back in to your system.

A new applet (computer icon) will appear in the notification area / system tray. Left-click this icon to
present the nm-applet pop-up menu.
7.
Neighboring wireless networks with a broadcasted SSID should be listed:

Click on the desired network's name.

If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be
prompted to enter it. After providing, click the "Connect" button.

The wireless network connection will be activated.

If the desired network is not listed (e.g. SSID not broadcast/hidden):

Click "Connect to Other Wireless Network...".

Enter the network's SSID at "Network Name".

If encryption is used, select the method from the "Wireless Security" drop-down list (usually "WPA
Personal" or "WPA2 Personal").

Enter the passphrase/pre-shared key at "Password".

Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

KDE
1.
2.

Ensure your user account is a member of the netdev group.

Install the plasma-widget-networkmanagement package:

3.

$ su

4.

# aptitude update

# aptitude install plasma-widget-networkmanagement

5.

6.
7.

Add the Network Management plasma widget to your system tray.

Click on the Plasma "foot"
Click "Add Widget"
Search for "Network"
Drag the "Network Management" item to your system tray.
A new applet (wallplug/socket icon) will appear in the system tray. Click this icon.
Neighboring wireless networks with a broadcasted SSID should be listed:
Click on the desired network's name.
If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be
prompted to enter it. After providing, click the "Connect" button.

The wireless network connection will be activated.

If the desired network is not listed (e.g. SSID not broadcast/hidden):

Click "Connect to Other Wireless Network...".

Enter the network's name in "Name (ESSID)".

Tick "Use Encryption" if in use on the network.

Select the encryption method used (usually "WPA Personal").

Enter the passphrase/pre-shared key at "Password".

Select "WPA 1" or "WPA 2" for the protocol version, as used by the network.

Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

Wicd
You must remove network-manager to get wicd to work. Check to see if network-manager is installed and
see if, after you installed the driver, your wireless is already working in the notification area of your desktop
manager. You may already be good to go.
wicd (Wireless Interface Connection Daemon) is a lightweight alternative to NetworkManager. It is environmentindependent, making it suitable for all desktop environments, including GNOME, Xfce, LXDE, and Fluxbox. Like
NetworkManager, wicd is configured via a graphical interface. Your wireless interface should not be referenced
within Debian's /etc/network/interfaces file.
1.
Update the list of available packages and install the wicd package:

2.

$ su

3.

# aptitude update

# aptitude install wicd

4.

Amend /etc/network/interfaces to contain only the following:

5.

# This file describes the network interfaces available on your system

6.

# and how to activate them. For more information, see interfaces(5).

7.

8.

# The loopback network interface

9.

auto lo

iface lo inet loopback

Note: as of wheezy it is fine to have your wireless interface in /etc/network/interfaces, but not required. You can set
the wireless interface (e.g. wlan0) in the wicd client's preferences.
10.
If not already performed, add your regular user account to the netdev group and reload DBus:

11. # adduser yourusername netdev

# /etc/init.d/dbus reload

12.

Start the wicd daemon:

# /etc/init.d/wicd start

13.

Start the wicd GUI with your regular user account:

14. # exit

$ wicd-client -n

See also wicd frequently asked questions.

connman
I have connection drops (772996) with Wicd and connman do great job instead:

$ sudo apt-get install connman

connmanctl

connmanctl>

connmanctl> scan wifi

Scan completed for wifi

connmanctl> services

$SSID

wifi_f8d111090ed6_6d617269636f6e5f64655f6d6965726461_managed_psk

...

...

connmanctl> agent on

Agent registered

connmanctl> connect wifi_f8d111090ed6_6d617269636f6e5f64655f6d6965726461_managed_psk

Agent RequestInput wifi_f8d111090ed6_6d617269636f6e5f64655f6d6965726461_managed_psk

Passphrase = [ Type=psk, Requirement=mandatory, Alternates=[ WPS ] ]

WPS = [ Type=wpspin, Requirement=alternate ]

Passphrase? $PASS

Connected wifi_f8d111090ed6_6d617269636f6e5f64655f6d6965726461_managed_psk

connmanctl> quit

After the configuration, connman remembers your SSID selections and reuse them automatically. Don't worry
about long HEXes - in client mode TAB auto-completion works both for commands and data.

Command Line
Find your wireless interface and bring it up:

# ip a

# iwconfig

# ip link set wlan0 up

Scan for available networks and get network details:

$ su

# iwlist scan

Now edit /etc/network/interfaces. The required configuration is much dependent on your particular setup. See the
following example to get an idea of how it works:

# my wifi device

auto wlan0

iface wlan0 inet dhcp

wireless-essid [ESSID]

wireless-mode [MODE]

For further information on available configuration options,

see man interfaces, man wireless and/usr/share/doc/wireless-tools/README.Debian.
You can now bring your interface up and down with the usual ifup and ifdown commands. If you addedauto wlan0 as
in the example above, the interface should be brought up automatically during boot up.

WPS
WPS-PBC
Find your WiFi network where WPS is enabled.

# iwlist scan

wlan0

Scan completed :

Cell 01 - Address: 11:22:33:44:55:66

Channel:11

Frequency:2.462 GHz (Channel 11)

Quality=64/70

Signal level=-46 dBm

...

Use wpa_cli to connect to the MAC adress provided by the scan.

# wpa_cli wps_pbc 11:22:33:44:55:66

Then press the WPS button on your access point to start the PBC mode.

Once connected, start dhclient to obtain a dynamic IP adress.

dhclient wlan0

wpa_supplicant
wpa_supplicant is a WPA client and IEEE 802.1X supplicant.
The wpasupplicant package provides wpa-* ifupdown options for /etc/network/interfaces. If these options are
specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when
brought down.

GNOME and KDE users shouldn't configure wpa_supplicant manually. Use NetworkManager
asexplained above.
Before continuing, install the wpasupplicant package:

$ su

# aptitude update

# aptitude install wpasupplicant

WPA-PSK and WPA2-PSK

Also known as "WPA Personal" and "WPA2 Personal" respectively.
1.

Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure (alternatively
use a separate config file such as /etc/network/interfaces.d/wlan0 on newer Debian versions):

# chmod 0600 /etc/network/interfaces

2.

Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following
example:

$ wpa_passphrase myssid my_very_secret_passphrase

If you don't put the passphrase on the command line, it will be prompted for. The above command gives the output:

network={

ssid="myssid"

#psk="my_very_secret_passphrase"

psk=ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b

you'll need to copy from "psk=" to the end of the line, to put in your /etc/network/interfaces file.
3.
Open /etc/network/interfaces in a text editor :

# sensible-editor /etc/network/interfaces

4.

Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH. For example :

5.

auto wlan0

6.

iface wlan0 inet dhcp

7.

wpa-ssid myssid

wpa-psk ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b

The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
8.
Save the file and exit the editor.
9.
Bring your interface up. This will start wpa_supplicant as a background process.

# ifup wlan0

Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if
connecting to a network not broadcasting its SSID.
For general /etc/network/interfaces information, see the interfaces(5) man page.

WPA-EAP
For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the clientside certificate. An example WPA2-EAP configuration file can be found
at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.
Once available, reference your configuration file in /etc/network/interfaces. For example:

auto wlan0

iface wlan0 inet dhcp

wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant
configuration file example is at/usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections
To switch between multiple distinct configurations:

GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)

Console users can

use logical interfaces, as

iface wlan_home inet dhcp

wpa-ssid mynetworkname

wpa-psk mysecretpassphrase

# ifup wlan0=wlan_home

use ifscheme, see the example configuration at alwayssunny.com.

You can use guessnet(8) to switch profiles automatically by your location.

Security consideration
1.

Every member of a network can listen to other members' traffic (whether it's an unencrypted public hotspot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (HTTPS, IMAPS...) or VPN to preserve your
privacy.
2.
WEP is so insecure that it is basically equivalent to not using any encryption at all.
3.
WPA1 is deprecated. Use WPA2 instead.
4.
Make sure you use a strong pass-phrase.
Network security, see: http://www.aircrack-ng.org/doku.php?id=tutorial.

See Also

WiFi/AdHoc - Establishing a WiFi network without an access point.

iwconfig(8)
NetworkConfiguration
NetworkManager
WiFi
WPA

CategoryNetwork | CategoryWireless

WiFi/HowToUse (last edited 2016-01-19 20:57:24 by

MoinMoin Powered

Python Powered

Valid HTML 4.01

Debian Wiki team, bugs and config available.

Hosting provided by Dembach Goo Informatik GmbH & Co KG

?AlexanderBleissem)