# DHCPCD-UI wireless issues

## abduct

I have DHCPCD-UI installed with +gtk3 and so far it is working fine for hardwired connections with ETH0, which I can connect and modify through the preferences just fine.

Although for wireless I can't seem to connect to any given access points even though they are listed. I think DHCPCD-UI may not be filling out my wpa_supplicant.conf properly causing it to not connect. I've tried running DHCPCD-GTK as root and as my user (my user is added to wheel and dhcpd is properly configured for wheel) and it just doesn't seem to want to go.

This is the wpa_supplicant config DHCPCD-UI is generating.

```
~ $ cat /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

update_config=1

network={

        ssid="testap1"

        psk="XXXXXXXXX"

        key_mgmt=WPA-PSK

}

network={

        ssid="testap2"

        psk="XXXXXXXXXX"

        key_mgmt=WPA-PSK

}
```

From iwlist wlan0 scan testap1 is listed as channel 1, quality 70/70 TKIP CCMP PSK, and testap2 is channel 11, quality 25/70 TKIP CCMP PSK.

When running DHCPCD-GTK from the command line, it keeps looping searching for APs with the message of "Message: wlan0: Received scan results".

I am not sure what else to check since it absolutely refuses to connect to the AP.

Thanks for any help.

--------------------------------------

Edit:: After reading the wpa_supplicant wiki page it seems the config is done correctly, so I am at a loss. Also is it possible to get DHCPCD-UI to use wpa_passphrase to obfuscate the PSK so it is not in plaintext?

----------

## abduct

Fixed the issue,  when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).

The only real quesiton left is:

Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext. Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI?

Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored.

Also does DHCPCD-UI come with a CLI tool to aid in connection and setup? I thought I read there was a curses interface (http://roy.marples.name/projects/dhcpcd-ui/index) but I can't seem to find it.

----------

## charles17

When you found answers to all your questions, please help improving that wiki article https://wiki.gentoo.org/wiki/Dhcpcd-ui.

I am using dhcpcd-ui with qt4 and it's working fine here.

----------

## UberLord

 *abduct wrote:*   

> Fixed the issue,  when running wpa_cli while DHCPCD-GTK was running I could clearly see there was a inccorect passphrase being sent during the 4 way handshake. For what ever reason even though I retyped the passphrase multiple times it started to work (likely was the flex in the chicklet keyboard on my laptop hitting multiple keys or something I have no idea).
> 
> 

 

Maybe I can hook into a status wpa_supplicant sends when authentication is invalid.

File a ticket for this please at http://roy.marples.name/projects/dhcpcd-ui/

 *Quote:*   

> 
> 
> The only real quesiton left is:
> 
> Is there a way to get DHCPCD-UI to use WPA_PASSPHRASE to hide the PSK keys in the config? By default it writes them in plaintext.

 

Why is this a bad thing? Set file permissions so that only root can read the file.

dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.

 *Quote:*   

> Also is there a tool to maintain wpa_supplicant.conf to allow me to prune entries or "forget" them within DHCPCD-UI?

 

No-one asked for the feature.

File a ticket and time permitting I will implement it.

 *Quote:*   

> Since the passwords are automatically written to wpa_supplicant.conf, why does DHCPCD-UI keep on asking me for the password? Seems kind of silly to not only write the password in plaintext, but also not even use it after it was stored.

 

Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate.

 *Quote:*   

> Also does DHCPCD-UI come with a CLI tool to aid in connection and setup? I thought I read there was a curses interface (http://roy.marples.name/projects/dhcpcd-ui/index) but I can't seem to find it.

 

The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface.

----------

## abduct

 *Quote:*   

> Why is this a bad thing? Set file permissions so that only root can read the file.
> 
> dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good.

 

That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.

 *Quote:*   

> Just press the enter key or OK button to enter a blank password - dhcpcd-ui will then make this the preferred network and ask wpa_supplicant to re-associate.

 

I should of just tried to enter a blank password to begin with, this works perfectly fine, thanks.

 *Quote:*   

> The trunk build does, but no release does. Also, it's very early days for it and I don't have the time right now to progress it - it's a read only interface.

 

Is there an ebuild available for the trunk build or do I have to install it manually? Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc?

----------

## charles17

 *abduct wrote:*   

> 
> 
> Is there an ebuild available for the trunk build or do I have to install it manually?

 

See the 9999 ebuild on https://github.com/tokiclover/bar-overlay/tree/master/net-misc/dhcpcd-ui and  https://wiki.gentoo.org/wiki/Dhcpcd-ui#Building_from_source

----------

## UberLord

 *abduct wrote:*   

>  *Quote:*   Why is this a bad thing? Set file permissions so that only root can read the file.
> 
> dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good. 
> 
> That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible.

 

What makes you think this is any more secure with wpa_passphrase if they gain access as you say?

They know the SSID and have a key - they can access the network without the psk.

See here: http://superuser.com/questions/679956/wpa-supplicant-passphrase-can-it-be-normal-password

 *Quote:*   

> Also when you say read only interface, does this mean it only displays data or will it allow me to manage my wireless connections, IE input passphrases, change access points, etc?

 

It only displays data - there is currently no AP management or IP config.

----------

## chiefbag

You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg:

```

ap_scan=1 

network={ 

        ssid="testap1" 

        psk="XXXXXXXXX" 

        key_mgmt=WPA-PSK 

} 

```

----------

## chiefbag

What's the contents of your wpa_supplicant config file?

```
cat /etc/conf.d/wpa_supplicant
```

----------

## abduct

 *UberLord wrote:*   

>  *abduct wrote:*    *Quote:*   Why is this a bad thing? Set file permissions so that only root can read the file.
> 
> dhcpcd-ui configures wpa_supplicant via the control interface, so provided the user context in which wpa_supplicant runs (normally root) can edit the file all is good. 
> 
> That is correct and is currently the way I have permissions setup, I was worried more about physical access where someone may boot a live disk to mount my drive and look at the file. Chances are this isn't very high, but I thought I'd ask anyways to see if it was possible. 
> ...

 

I was thinking more about having the passphrase being known in cases where if a friend practices unsafe password procedures where they reuse passwords an attacker may engage them. Then I guess reversing the hash via bruteforce with adequate hardware would yield the same compromise.

 *Quote:*   

> You could try adding the ap_scan parameter for wirelesss config, it should be set to 0 for a wired config eg: 

 

All the connection issues were resolved, as mentioned in the second post it turned out to be an invalid passphrase that there was no notification for. Only after launching wpa_cli did I see the invalid authentication errors.

----------

