# setting up wpa_supplicant.conf

## dufeu

I found and have followed the instructions in the Gentoo Org Wiki regarding setting up wpa_supplicant.

Because the current ebuild does not set up:

```
/etc/wpa_supplicant/wpa_supplicant.conf
```

the instructions call for uncompressing the sample conf file and loading that:

```
bzcat /usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf.bz2 > /etc/wpa_supplicant/wpa_supplicant.conf
```

The wiki page is relatively current but perhaps is already dated. If you try to start wpa_supplicant with the sample configuration file:

```
/etc/init.d/wpa_supplicant start
```

you'll get the following messages.

```
 * Starting WPA Supplicant Daemon ...

Successfully initialized wpa_supplicant

Line 1000: unknown EAP method 'SIM'

You may need to add support for this EAP method during wpa_supplicant

build time configuration.

See README for more information.

Line 1000: failed to parse eap 'SIM'.

Line 1003: failed to parse network block.

Line 1046: unknown EAP method 'IKEV2'

You may need to add support for this EAP method during wpa_supplicant

build time configuration.

See README for more information.

Line 1046: failed to parse eap 'IKEV2'.

Line 1049: failed to parse network block.

Line 1055: unknown EAP method 'FAST'

You may need to add support for this EAP method during wpa_supplicant

build time configuration.

See README for more information.

Line 1055: failed to parse eap 'FAST'.

Line 1061: failed to parse network block.

Line 1066: unknown EAP method 'FAST'

You may need to add support for this EAP method during wpa_supplicant

build time configuration.

See README for more information.

Line 1066: failed to parse eap 'FAST'.

Line 1072: failed to parse network block.

Failed to read or parse configuration '/etc/wpa_supplicant/wpa_supplicant.conf'.

 * start-stop-daemon: failed to start `/usr/sbin/wpa_supplicant'

 * Failed to start wpa_supplicant                                                                                 [ !! ]

 * ERROR: wpa_supplicant failed to start
```

Now, I get that these messages are because I used only the default USE flags. However, if I add USE="eap-sim fasteap", it appears that "fasteap" conflicts with both "gnutls" and "ssl". i.e.:

```
# echo ">=net-wireless/wpa_supplicant-2.0 eap-sim fasteap" >> /etc/portage/package.use

# emerge -pv wpa_supplicant

 * Last emerge --sync was 74d 21h 53m 20s ago.

These are the packages that would be merged, in order:

Calculating dependencies \

!!! Problem resolving dependencies for net-wireless/wpa_supplicant

... done!

!!! The ebuild selected to satisfy "wpa_supplicant" has unmet requirements.

- net-wireless/wpa_supplicant-2.0::gentoo USE="dbus eap-sim fasteap gnutls (multilib) p2p qt4 readline ssl -ap (-ps3) (-selinux) -wimax -wps"

  The following REQUIRED_USE flag constraints are unsatisfied:

    fasteap? ( !gnutls !ssl )
```

I have some questions.Does someone have a good example wpa_supplicant.conf file they can post which works with the default USE flags for wpa_supplicant?

Could someone give some guidance regarding fasteap versus ssl versus gnutls? I understand for several packages that gnutls and ssl are mutually exclusive. The implication in this case is that fasteap provides it's own encryption module. Is this true?

Also, what USE flag might IKEV2 be associated with?

Some guidance on when eap-sim and/or fasteap should be used would be appreciated as well.

Thanks!  :Wink: 

----------

## DONAHUE

/etc/wpa_supplicant/wpa_supplicant.conf:

 *Quote:*   

> DIR=/var/run/wpa_supplicant GROUP=wheel
> 
> ap_scan=1
> 
> update_config=1

  then run wpa_gui to configure and save your network

wpa_gui requires USE="qt4" for the emerge of wpa_supplicant and a gui

neither dhcpcd nor wpa_supplicant should be in a run level.  put net.{your interface's name} in the default run level for automatic start at boot. use /etc/init.d/net.{your interface's name} start/stop/restart for manual control.

----------

## khayyam

 *dufeu wrote:*   

> 
> 
> ```
> bzcat /usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf.bz2 > /etc/wpa_supplicant/wpa_supplicant.conf
> ```
> ...

 

dufeu ... thats just a bad idea, and really should be corrected in the wiki. The example conf contains various network blocks for various authentication senarios most of which you'll either never need or won't have the support for with the default useflags.

 *dufeu wrote:*   

> Now, I get that these messages are because I used only the default USE flags. However, if I add USE="eap-sim fasteap", it appears that "fasteap" conflicts with both "gnutls" and "ssl".

 

Yes, you can't use both openssl and gnutls with wpa_supplicant, one or other should be selected, and you can't have fasteap with either openssl or gnutls ... they are all mutually exclusive. But the question really is what form of authentication is needed, because unless you need EAP-FAST (unlikely, unless your in some corportate/cisco environment) then there is no reason for enabling EAP-FAST.

 *dufeu wrote:*   

> Does someone have a good example wpa_supplicant.conf file they can post which works with the default USE flags for wpa_supplicant?

 

The conf DONAHUE posted is more than adequite, but here is a further example (and please note some of the definitions are unnecessary and are simply there to provide an example of what *might* be defined.)

```
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel

update_config=1

eapol_version=2

filter_ssids=1

ap_scan=1 # (default)

network={

    ssid="APAPAP"

    bssid=A1:74:BB:94:02:B1

    id_str="APAPAP"

    scan_freq=2422

    scan_ssid=0

    proto=RSN

    auth_alg=OPEN

    key_mgmt=WPA-PSK

    group=TKIP

    pairwise=CCMP

    psk=

    priority=90

    disabled=0

}
```

The above is actually a network stanza I have defined (with some name changes of course), but again most of this is uneeded.

 *dufeu wrote:*   

> Could someone give some guidance regarding fasteap versus ssl versus gnutls? I understand for several packages that gnutls and ssl are mutually exclusive. The implication in this case is that fasteap provides it's own encryption module. Is this true?

 

As your asking I can only assume you don't need EAP-FAST, if you did you would probably frame the question like this: "at work/university the cisco network requires me to authenticate with EAP-FAST for 802.11x ..." you see its really a vendor specific authentication. 

 *dufeu wrote:*   

> Also, what USE flag might IKEV2 be associated with?

 

IKEV2 is used in ipsec and uses 802.11x (as I remember) for authentication ... so it is handled by openswan/racoon or what-have-you, I am not that familiar with it but if wpa_supplicant, or xsupplicant, is used then this may be a config option thats not currently enabled. You should look at the wpa_supplicant sources. 

 *dufeu wrote:*   

> Some guidance on when eap-sim and/or fasteap should be used would be appreciated as well.

 

If your running gentoo on a GSM phone, or are in an corporate/cisco environment where EAP-FAST is used then you might need these ... otherwise forget about it :)

best ... khay

edit: I just thought, I should change my name to FAST-khayyam its sure to have people thinking ... mmmmm, much better than not-FAST :)

----------

