If you are trying to get a device working with ndiswrapper, please help ndiswrapper project wiki by contributing your findings. See HowToContribute

WPA HowTo

From NDISWrapper
Revision as of 15:02, 3 June 2009 by Brinley (Talk | contribs) (New page: How to use WPA with ndiswrapper Get 0.4.9 or newer version of wpa_supplicant from http://hostap.epitest.fi/wpa_supplicant. In wpa_supplicant directory, add .config file so it contains dri...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to use WPA with ndiswrapper

Get 0.4.9 or newer version of wpa_supplicant from http://hostap.epitest.fi/wpa_supplicant. In wpa_supplicant directory, add .config file so it contains driver support for wext and a control interface i.e., add the following line to .config file:

CONFIG_DRIVER_WEXT=y CONFIG_CTRL_IFACE=y

Now compile it with “make” and copy wpa_supplicant, wpa_passphrase and wpa_cli to some place that is in your PATH, e.g., /usr/local/bin.

Get 1.41 version or newer of ndiswrapper and install it.

Create wpa_supplicant configuration somewhere, say, /etc/wpa_supplicant.conf. A simple configuration such as

ctrl_interface=/var/run/wpa_supplicant 

network={
  ssid="myssid"
  psk="mysecret"
  key_mgmt=WPA-PSK
  proto=WPA
}

should suffice. Note that psk given above can be plain text ASCII pass phrase that is used on the AP or hex digits (without quotes) that can be generated with wpa_passphrase from the same ASCII pass phrase. For simplicity, go with ASCII pass phrase.

Above configuration causes wpa_supplicant to negotiate which encryption scheme to use. Certain AP’s might not work with this negotiation procedure. So it can help to limit the scheme to the most basic WPA one: TKIP. Add this line to your config to do so: pairwise=TKIP

Now start the interface and then wpa_supplicant. For example, as

ifconfig wlan0 up wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf -dd

Note: With ndiswrapper version 1.12 and older, use -Dndiswrapper instead of -Dwext.

Now configure the network interface; e.g., if you are using a DHCP you may need to run dhclient wlan0

The option -dd to wpa_supplicant gives lot of output so you can see if there is a problem. If everything works, you can drop -dd option. You may also want to leave wpa_supplicant running in the background with the option -Bw so you don’t need to start it everytime. Once wpa_supplicant authenticates, you can use DHCP to configure the network interface.

wpa_supplicant by default tries CCMP also known as AES and TKIP ciphers in that order. So if your AP supports both, you can use either ndiswrapper works with both, if the driver supports them.

You can also use wpa_supplicant to set WEP keys if you don’t want/need to use WPA. This way, you can specify bssid in each network block so you can set different WEP keys for different APs automatically.

ndiswrapper works with WPA-EAP; tested with freeradius and TLS, TTLS, PEAP, IEEE8021X.

Retrieved from "http://ndiswrapper.sourceforge.net/wiki/index.php?title=WPA_HowTo&oldid=58"