# ASUS USB-N13 Wifi adapter not working.

## Featherfoot

I am trying to get my ASUS USB-N13 adapter working with my amd64 system. I seem to be getting close, but I am not there.

At this point it appears as if there is a driver, wlan0 is set up but does not start up again after a reboot. wpa_gui does not see the adapter, the network and no networks. I'm not sure what to do next and I would appreciate your help.

lsbub gives the following:

```

bopper /etc/conf.d # lsusb -s 4:2 -v

Bus 004 Device 002: ID 0b05:17ab ASUSTek Computer, Inc. USB-N13 802.11n Network Adapter (rev. B1) [Realtek RTL8192CU]

Device Descriptor:

  bLength                18

  bDescriptorType         1

  bcdUSB               2.00

  bDeviceClass            0 

  bDeviceSubClass         0 

  bDeviceProtocol         0 

  bMaxPacketSize0        64

  idVendor           0x0b05 ASUSTek Computer, Inc.

  idProduct          0x17ab USB-N13 802.11n Network Adapter (rev. B1) [Realtek RTL8192CU]

  bcdDevice            2.00

  iManufacturer           1 Realtek

  iProduct                2 802.11n WLAN Adapter

  iSerial                 3 00e04c000001

  bNumConfigurations      1

  Configuration Descriptor:

    bLength                 9

    bDescriptorType         2

    wTotalLength           46

    bNumInterfaces          1

    bConfigurationValue     1

    iConfiguration          0 

    bmAttributes         0x80

      (Bus Powered)

    MaxPower              500mA

    Interface Descriptor:

      bLength                 9

      bDescriptorType         4

      bInterfaceNumber        0

      bAlternateSetting       0

      bNumEndpoints           4

      bInterfaceClass       255 Vendor Specific Class

      bInterfaceSubClass    255 Vendor Specific Subclass

      bInterfaceProtocol    255 Vendor Specific Protocol

      iInterface              0 

      Endpoint Descriptor:

        bLength                 7

        bDescriptorType         5

        bEndpointAddress     0x81  EP 1 IN

        bmAttributes            2

          Transfer Type            Bulk

          Synch Type               None

          Usage Type               Data

        wMaxPacketSize     0x0200  1x 512 bytes

        bInterval               0

      Endpoint Descriptor:

        bLength                 7

        bDescriptorType         5

        bEndpointAddress     0x02  EP 2 OUT

        bmAttributes            2

          Transfer Type            Bulk

          Synch Type               None

          Usage Type               Data

        wMaxPacketSize     0x0200  1x 512 bytes

        bInterval               0

      Endpoint Descriptor:

        bLength                 7

        bDescriptorType         5

        bEndpointAddress     0x03  EP 3 OUT

        bmAttributes            2

          Transfer Type            Bulk

          Synch Type               None

          Usage Type               Data

        wMaxPacketSize     0x0200  1x 512 bytes

        bInterval               0

      Endpoint Descriptor:

        bLength                 7

        bDescriptorType         5

        bEndpointAddress     0x84  EP 4 IN

        bmAttributes            3

          Transfer Type            Interrupt

          Synch Type               None

          Usage Type               Data

        wMaxPacketSize     0x0040  1x 64 bytes

        bInterval               1

Device Qualifier (for other device speed):

  bLength                10

  bDescriptorType         6

  bcdUSB               2.00

  bDeviceClass            0 

  bDeviceSubClass         0 

  bDeviceProtocol         0 

  bMaxPacketSize0        64

  bNumConfigurations      1

can't get debug descriptor: Resource temporarily unavailable

Device Status:     0x0000

  (Bus Powered)

bopper /etc/conf.d # 

```

dmesg gives the following:

```

    8.025837] rtl8192cu: Chip version 0x11

...

[    8.485642] rtl8192cu: Board Type 0

[    8.486763] rtl_usb: rx_max_size 15360, rx_urb_num 8, in_ep 1

[    8.486801] rtl8192cu: Loading firmware rtlwifi/rtl8192cufw_TMSC.bin

[    8.486925] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'

[    8.487079] usbcore: registered new interface driver rtl8192cu

[    8.489057] usbcore: registered new interface driver rtl8xxxu

...

  10.240640] r8169 0000:04:07.0 eth0: link down

[   10.240646] r8169 0000:04:07.0 eth0: link down

...

   12.327153] r8169 0000:04:07.0 eth0: link up

[

```

ifconfig gives the following: ( I had to do an iwconfig wlan0 up arp)

```

opper /etc/conf.d # ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.0.34  netmask 255.255.255.0  broadcast 10.0.0.255

        inet6 2601:58b:4100:c227::af4e  prefixlen 128  scopeid 0x0<global>

        inet6 2601:58b:4100:c227:b58f:9e93:439d:6e2f  prefixlen 64  scopeid 0x0<global>

        inet6 fe80::df89:ac5b:452a:814a  prefixlen 64  scopeid 0x20<link>

        ether d8:5d:4c:f2:a8:5e  txqueuelen 1000  (Ethernet)

        RX packets 83654  bytes 97551359 (93.0 MiB)

        RX errors 0  dropped 5570035380  overruns 0  frame 0

        TX packets 44007  bytes 5475188 (5.2 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 6499  bytes 746057 (728.5 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 6499  bytes 746057 (728.5 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        ether 70:4d:7b:12:97:83  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

/etc/conf.d/net gives the following:

```

bopper /etc/conf.d # cat net

# set the dns_domain_lo variable to the selected domain name

dns_domain_lo="Cox"

config_eth0="dhcp"

#config_eth0=10.0.0.33 netmask 255.255.255.0 brd=10.0.0.255

#modules=

modules="wpa_supplicant"

config_wlan0="dhcp"

key_ESSID1="[1] s:Cox_House This_is_the_big_bopper_speaking. [1] enc open"

key_ESSID2="[1] s:Cox_House2 This_is_the_big_bopper_speaking. [1] enc open"

preffered_aps="'ESSID1' 'ESSID2'"

adhoc_essid_eth0="Cox_House2"

#iwconfig_eth0="mode managed"

bopper /etc/conf.d # 

```

/etc/wpa_supplicant/wpa_supplicant.conf has the following:

[code:1:c4d76b309e]

bopper /etc/wpa_supplicant # cat wpa_supplicant.conf

#------> /usr/share/doc/wpa_supplicant-2.6-r3/wpa_supplicant.conf.bz2 <------

##### Example wpa_supplicant configuration file ###############################

#

# This file describes configuration file format and lists all available option.

# Please also take a look at simpler configuration examples in 'examples'

# subdirectory.

#

# Empty lines and lines starting with # are ignored

# NOTE! This file may contain password information and should probably be made

# readable only by root user on multiuser systems.

# Note: All file paths in this configuration file should use full (absolute,

# not relative to working directory) path in order to allow working directory

# to be changed. This can happen if wpa_supplicant is run in the background.                                               

# Whether to allow wpa_supplicant to update (overwrite) configuration                                                      

#                                                                                                                          

# This option can be used to allow wpa_supplicant to overwrite configuration                                               

# file whenever configuration is changed (e.g., new network block is added with                                            

# wpa_cli or wpa_gui, or a password is changed). This is required for                                                      

# wpa_cli/wpa_gui to be able to store the configuration changes permanently.                                               

# Please note that overwriting configuration file will remove the comments from                                            

# it.                                                                                                                      

#update_config=1                                                                                                           

update_config=1

# global configuration (shared by all network blocks)

#

# Parameters for the control interface. If this is specified, wpa_supplicant

# will open a control interface that is available for external programs to

# manage wpa_supplicant. The meaning of this string depends on which control

# interface mechanism is used. For all cases, the existence of this parameter

# in configuration is used to determine whether the control interface is

# enabled.

#

# For UNIX domain sockets (default on Linux and BSD): This is a directory that

# will be created for UNIX domain sockets for listening to requests from

# external programs (CLI/GUI, etc.) for status information and configuration.

# The socket file will be named based on the interface name, so multiple

# wpa_supplicant processes can be run at the same time if more than one

# interface is used.

# /var/run/wpa_supplicant is the recommended directory for sockets and by

# default, wpa_cli will use it when trying to connect with wpa_supplicant.

#

# Access control for the control interface can be configured by setting the

# directory to allow only members of a group to use sockets. This way, it is

# possible to run wpa_supplicant as root (since it needs to change network

# configuration and open raw sockets) and still allow GUI/CLI components to be

# run as non-root users. However, since the control interface can be used to

# change the network configuration, this access needs to be protected in many

# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you

# want to allow non-root users to use the control interface, add a new group

# and change this value to match with that group. Add users that should have

# control interface access to this group. If this variable is commented out or

# not included in the configuration file, group will not be changed from the

# value it got by default when the directory or socket was created.

#

# When configuring both the directory and group, use following format:

# DIR=/var/run/wpa_supplicant GROUP=wheel

DIR=/var/run/wpa_supplicant GROUP=wheel

# DIR=/var/run/wpa_supplicant GROUP=0

# (group can be either group name or gid)

#

# For UDP connections (default on Windows): The value will be ignored. This

# variable is just used to select that the control interface is to be created.

# The value can be set to, e.g., udp (ctrl_interface=udp)

#

# For Windows Named Pipe: This value can be used to set the security descriptor

# for controlling access to the control interface. Security descriptor can be

# set using Security Descriptor String Format (see http://msdn.microsoft.com/

# library/default.asp?url=/library/en-us/secauthz/security/

# security_descriptor_string_format.asp). The descriptor string needs to be

# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty

# DACL (which will reject all connections). See README-Windows.txt for more

# information about SDDL string format.

#

ctrl_interface=/var/run/wpa_supplicant

# IEEE 802.1X/EAPOL version

# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines

# EAPOL version 2. However, there are many APs that do not handle the new

# version number correctly (they seem to drop the frames completely). In order

# to make wpa_supplicant interoperate with these APs, the version number is set

# to 1 by default. This configuration value can be used to set it to the new

# version (2).

# Note: When using MACsec, eapol_version shall be set to 3, which is

# defined in IEEE Std 802.1X-2010.

eapol_version=1

# AP scanning/selection

# By default, wpa_supplicant requests driver to perform AP scanning and then

# uses the scan results to select a suitable AP. Another alternative is to

# allow the driver to take care of AP scanning and selection and use

# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association

# information from the driver.

# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to

#    the currently enabled networks are found, a new network (IBSS or AP mode

#    operation) may be initialized (if configured) (default)

# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association

#    parameters (e.g., WPA IE generation); this mode can also be used with

#    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with

#    APs (i.e., external program needs to control association). This mode must

#    also be used when using wired Ethernet drivers.

#    Note: macsec_qca driver is one type of Ethernet driver which implements

#    macsec feature.

# 2: like 0, but associate with APs using security policy and SSID (but not

#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to

#    enable operation with hidden SSIDs and optimized roaming; in this mode,

#    the network blocks in the configuration file are tried one by one until

#    the driver reports successful association; each network block should have

#    explicit security policy (i.e., only one option in the lists) for

#    key_mgmt, pairwise, group, proto variables

# Note: ap_scan=2 should not be used with the nl80211 driver interface (the

# current Linux interface). ap_scan=1 is optimized work working with nl80211.

# For finding networks using hidden SSID, scan_ssid=1 in the network block can

# be used with nl80211.

# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be

# created immediately regardless of scan results. ap_scan=1 mode will first try

# to scan for existing networks and only if no matches with the enabled

# networks are found, a new IBSS or AP mode network is created.

ap_scan=1

# Whether to force passive scan for network connection

#

# By default, scans will send out Probe Request frames on channels that allow

# active scanning. This advertise the local station to the world. Normally this

# is fine, but users may wish to do passive scanning where the radio should only

# listen quietly for Beacon frames and not send any Probe Request frames. Actual

# functionality may be driver dependent.

#

# This parameter can be used to force only passive scanning to be used

# for network connection cases. It should be noted that this will slow

# down scan operations and reduce likelihood of finding the AP. In

# addition, some use cases will override this due to functional

# requirements, e.g., for finding an AP that uses hidden SSID

# (scan_ssid=1) or P2P device discovery.

#

# 0:  Do normal scans (allow active scans) (default)

# 1:  Do passive scans.

#passive_scan=0

# MPM residency

# By default, wpa_supplicant implements the mesh peering manager (MPM) for an

# open mesh. However, if the driver can implement the MPM, you may set this to

# 0 to use the driver version. When AMPE is enabled, the wpa_supplicant MPM is

# always used.

# 0: MPM lives in the driver

# 1: wpa_supplicant provides an MPM which handles peering (default)

#user_mpm=1

# Maximum number of peer links (0-255; default: 99)

# Maximum number of mesh peering currently maintained by the STA.

#max_peer_links=99

# Timeout in seconds to detect STA inactivity (default: 300 seconds)

#

# This timeout value is used in mesh STA to clean up inactive stations.

#mesh_max_inactivity=300

# cert_in_cb - Whether to include a peer certificate dump in events

# This controls whether peer certificates for authentication server and

# its certificate chain are included in EAP peer certificate events. This is

# enabled by default.

#cert_in_cb=1

# EAP fast re-authentication

# By default, fast re-authentication is enabled for all EAP methods that

# support it. This variable can be used to disable fast re-authentication.

# Normally, there is no need to disable this.

fast_reauth=1

# OpenSSL Engine support

# These options can be used to load OpenSSL engines in special or legacy

# modes.

# The two engines that are supported currently are shown below:

# They are both from the opensc project (http://www.opensc.org/)

# By default the PKCS#11 engine is loaded if the client_cert or

# private_key option appear to be a PKCS#11 URI, and these options

# should not need to be used explicitly.

# make the opensc engine available

#opensc_engine_path=/usr/lib64/engine_opensc.so

# make the pkcs11 engine available

#pkcs11_engine_path=/usr/lib64/engine_pkcs11.so

# configure the path to the pkcs11 module required by the pkcs11 engine

#pkcs11_module_path=/usr/lib64/opensc-pkcs11.so

# OpenSSL cipher string

#

# This is an OpenSSL specific configuration option for configuring the default

# ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the default.

# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation

# on cipher suite configuration. This is applicable only if wpa_supplicant is

# built to use OpenSSL.

#openssl_ciphers=DEFAULT:!EXP:!LOW

# Dynamic EAP methods

# If EAP methods were built dynamically as shared object files, they need to be

# loaded here before being used in the network blocks. By default, EAP methods

# are included statically in the build, so these lines are not needed

#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so

#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so

# Driver interface parameters

# This field can be used to configure arbitrary driver interface parameters. The

# format is specific to the selected driver interface. This field is not used

# in most cases.

#driver_param="field=value"

# Country code

# The ISO/IEC alpha2 country code for the country in which this device is

# currently operating.

#country=US

# Maximum lifetime for PMKSA in seconds; default 43200

#dot11RSNAConfigPMKLifetime=43200

# Threshold for reauthentication (percentage of PMK lifetime); default 70

#dot11RSNAConfigPMKReauthThreshold=70

# Timeout for security association negotiation in seconds; default 60

#dot11RSNAConfigSATimeout=60

# Wi-Fi Protected Setup (WPS) parameters

# Universally Unique IDentifier (UUID; see RFC 4122) of the device

# If not configured, UUID will be generated based on the local MAC address.

#uuid=12345678-9abc-def0-1234-56789abcdef0

# Device Name

# User-friendly description of device; up to 32 octets encoded in UTF-8

#device_name=Wireless Client

# Manufacturer

# The manufacturer of the device (up to 64 ASCII characters)

#manufacturer=Company

# Model Name

# Model of the device (up to 32 ASCII characters)

#model_name=cmodel

# Model Number

# Additional device description (up to 32 ASCII characters)

#model_number=123

# Serial Number

# Serial number of the device (up to 32 characters)

#serial_number=12345

# Primary Device Type

# Used format: <categ>-<OUI>-<subcateg>

# categ = Category as an integer value

# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for

#       default WPS OUI

# subcateg = OUI-specific Sub Category as an integer value

# Examples:

#   1-0050F204-1 (Computer / PC)

#   1-0050F204-2 (Computer / Server)

#   5-0050F204-1 (Storage / NAS)

#   6-0050F204-1 (Network Infrastructure / AP)

#device_type=1-0050F204-1

# OS Version

# 4-octet operating system version number (hex string)

#os_version=01020300

# Config Methods

# List of the supported configuration methods

# Available methods: usba ethernet label display ext_nfc_token int_nfc_token

#       nfc_interface push_button keypad virtual_display physical_display

#       virtual_push_button physical_push_button

# For WSC 1.0:

#config_methods=label display push_button keypad

# For WSC 2.0:

#config_methods=label virtual_display virtual_push_button keypad

# Credential processing

#   0 = process received credentials internally (default)

#   1 = do not process received credentials; just pass them over ctrl_iface to

#       external program(s)

#   2 = process received credentials internally and pass them over ctrl_iface

#       to external program(s)

#wps_cred_processing=0

# Vendor attribute in WPS M1, e.g., Windows 7 Vertical Pairing

# The vendor attribute contents to be added in M1 (hex string)

#wps_vendor_ext_m1=000137100100020001

# NFC password token for WPS

# These parameters can be used to configure a fixed NFC password token for the

# station. This can be generated, e.g., with nfc_pw_token. When these

# parameters are used, the station is assumed to be deployed with a NFC tag

# that includes the matching NFC password token (e.g., written based on the

# NDEF record from nfc_pw_token).

#

#wps_nfc_dev_pw_id: Device Password ID (16..65535)

#wps_nfc_dh_pubkey: Hexdump of DH Public Key

#wps_nfc_dh_privkey: Hexdump of DH Private Key

#wps_nfc_dev_pw: Hexdump of Device Password

# Priority for the networks added through WPS

# This priority value will be set to each network profile that is added

# by executing the WPS protocol.

#wps_priority=0

# Maximum number of BSS entries to keep in memory

# Default: 200

# This can be used to limit memory use on the BSS entries (cached scan

# results). A larger value may be needed in environments that have huge number

# of APs when using ap_scan=1 mode.

#bss_max_count=200

# Automatic scan

# This is an optional set of parameters for automatic scanning

# within an interface in following format:

#autoscan=<autoscan module name>:<module parameters>

# autoscan is like bgscan but on disconnected or inactive state.

# For instance, on exponential module parameters would be <base>:<limit>

#autoscan=exponential:3:300

# Which means a delay between scans on a base exponential of 3,

# up to the limit of 300 seconds (3, 9, 27 ... 300)

# For periodic module, parameters would be <fixed interval>

#autoscan=periodic:30

# So a delay of 30 seconds will be applied between each scan.

# Note: If sched_scan_plans are configured and supported by the driver,

# autoscan is ignored.

# filter_ssids - SSID-based scan result filtering

# 0 = do not filter scan results (default)

# 1 = only include configured SSIDs in scan results/BSS table

#filter_ssids=0

# Password (and passphrase, etc.) backend for external storage

# format: <backend name>[:<optional backend parameters>]

#ext_password_backend=test:pw1=password|pw2=testing

# Disable P2P functionality

# p2p_disabled=1

# Timeout in seconds to detect STA inactivity (default: 300 seconds)

#

# This timeout value is used in P2P GO mode to clean up

# inactive stations.

#p2p_go_max_inactivity=300

# Passphrase length (8..63) for P2P GO

#

# This parameter controls the length of the random passphrase that is

# generated at the GO. Default: 8.

#p2p_passphrase_len=8

# Extra delay between concurrent P2P search iterations

#

# This value adds extra delay in milliseconds between concurrent search

# iterations to make p2p_find friendlier to concurrent operations by avoiding

# it from taking 100% of radio resources. The default value is 500 ms.

#p2p_search_delay=500

# Opportunistic Key Caching (also known as Proactive Key Caching) default

# This parameter can be used to set the default behavior for the

# proactive_key_caching parameter. By default, OKC is disabled unless enabled

# with the global okc=1 parameter or with the per-network

# proactive_key_caching=1 parameter. With okc=1, OKC is enabled by default, but

# can be disabled with per-network proactive_key_caching=0 parameter.

#okc=0

# Protected Management Frames default

# This parameter can be used to set the default behavior for the ieee80211w

# parameter for RSN networks. By default, PMF is disabled unless enabled with

# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.

# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the

# per-network ieee80211w parameter. This global default value does not apply

# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using

# RSN.

#pmf=0

# Enabled SAE finite cyclic groups in preference order

# By default (if this parameter is not set), the mandatory group 19 (ECC group

# defined over a 256-bit prime order field) is preferred, but other groups are

# also enabled. If this parameter is set, the groups will be tried in the

# indicated order. The group values are listed in the IANA registry:

# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9

#sae_groups=21 20 19 26 25

# Default value for DTIM period (if not overridden in network block)

#dtim_period=2

# Default value for Beacon interval (if not overridden in network block)

#beacon_int=100

# Additional vendor specific elements for Beacon and Probe Response frames

# This parameter can be used to add additional vendor specific element(s) into

# the end of the Beacon and Probe Response frames. The format for these

# element(s) is a hexdump of the raw information elements (id+len+payload for

# one or more elements). This is used in AP and P2P GO modes.

#ap_vendor_elements=dd0411223301

# Ignore scan results older than request

#

# The driver may have a cache of scan results that makes it return

# information that is older than our scan trigger. This parameter can

# be used to configure such old information to be ignored instead of

# allowing it to update the internal BSS table.

#ignore_old_scan_res=0

# scan_cur_freq: Whether to scan only the current frequency

# 0:  Scan all available frequencies. (Default)

# 1:  Scan current operating frequency if another VIF on the same radio

#     is already associated.

# MAC address policy default

# 0 = use permanent MAC address

# 1 = use random MAC address for each ESS connection

# 2 = like 1, but maintain OUI (with local admin bit set)

#

# By default, permanent MAC address is used unless policy is changed by

# the per-network mac_addr parameter. Global mac_addr=1 can be used to

# change this default behavior.

#mac_addr=0

# Lifetime of random MAC address in seconds (default: 60)

#rand_addr_lifetime=60

# MAC address policy for pre-association operations (scanning, ANQP)

# 0 = use permanent MAC address

# 1 = use random MAC address

# 2 = like 1, but maintain OUI (with local admin bit set)

#preassoc_mac_addr=0

# Interworking (IEEE 802.11u)

# Enable Interworking

# interworking=1

# Homogenous ESS identifier

# If this is set, scans will be used to request response only from BSSes

# belonging to the specified Homogeneous ESS. This is used only if interworking

# is enabled.

# hessid=00:11:22:33:44:55

# Automatic network selection behavior

# 0 = do not automatically go through Interworking network selection

#     (i.e., require explicit interworking_select command for this; default)

# 1 = perform Interworking network selection if one or more

#     credentials have been configured and scan did not find a

#     matching network block

#auto_interworking=0

# GAS Address3 field behavior

# 0 = P2P specification (Address3 = AP BSSID); default

# 1 = IEEE 802.11 standard compliant (Address3 = Wildcard BSSID when

#     sent to not-associated AP; if associated, AP BSSID)

#gas_address3=0

# Publish fine timing measurement (FTM) responder functionality in

# the Extended Capabilities element bit 70.

# Controls whether FTM responder functionality will be published by AP/STA.

# Note that actual FTM responder operation is managed outside wpa_supplicant.

# 0 = Do not publish; default

# 1 = Publish

#ftm_responder=0

# Publish fine timing measurement (FTM) initiator functionality in

# the Extended Capabilities element bit 71.

# Controls whether FTM initiator functionality will be published by AP/STA.

# Note that actual FTM initiator operation is managed outside wpa_supplicant.

# 0 = Do not publish; default

# 1 = Publish

#ftm_initiator=0

# credential block

#

# Each credential used for automatic network selection is configured as a set

# of parameters that are compared to the information advertised by the APs when

# interworking_select and interworking_connect commands are used.

#

# credential fields:

#

# temporary: Whether this credential is temporary and not to be saved

#

# priority: Priority group

#       By default, all networks and credentials get the same priority group

#       (0). This field can be used to give higher priority for credentials

#       (and similarly in struct wpa_ssid for network blocks) to change the

#       Interworking automatic networking selection behavior. The matching

#       network (based on either an enabled network block or a credential)

#       with the highest priority value will be selected.

#

# pcsc: Use PC/SC and SIM/USIM card

#

# realm: Home Realm for Interworking

#

# username: Username for Interworking network selection

#

# password: Password for Interworking network selection

#

# ca_cert: CA certificate for Interworking network selection

#

# client_cert: File path to client certificate file (PEM/DER)

#       This field is used with Interworking networking selection for a case

#       where client certificate/private key is used for authentication

#       (EAP-TLS). Full path to the file should be used since working

#       directory may change when wpa_supplicant is run in the background.

#

#       Certificates from PKCS#11 tokens can be referenced by a PKCS#11 URI.

#

#       For example: private_key="pkcs11:manufacturer=piv_II;id=%01"

#

#       Alternatively, a named configuration blob can be used by setting

#       this to blob://blob_name.

#

# private_key: File path to client private key file (PEM/DER/PFX)

#       When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be

#       commented out. Both the private key and certificate will be read

#       from the PKCS#12 file in this case. Full path to the file should be

#       used since working directory may change when wpa_supplicant is run

#       in the background.

#

#       Keys in PKCS#11 tokens can be referenced by a PKCS#11 URI.

#       For example: private_key="pkcs11:manufacturer=piv_II;id=%01"

#

#       Windows certificate store can be used by leaving client_cert out and

#       configuring private_key in one of the following formats:

#

#       cert://substring_to_match

#

#       hash://certificate_thumbprint_in_hex

#

#       For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"

#

#       Note that when running wpa_supplicant as an application, the user

#       certificate store (My user account) is used, whereas computer store

#       (Computer account) is used when running wpasvc as a service.

#

#       Alternatively, a named configuration blob can be used by setting

#       this to blob://blob_name.

#

# private_key_passwd: Password for private key file

#

# imsi: IMSI in <MCC> | <MNC> | '-' | <MSIN> format

#

# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN>

#       format

#

# domain: Home service provider FQDN(s)

#       This is used to compare against the Domain Name List to figure out

#       whether the AP is operated by the Home SP. Multiple domain entries can

#       be used to configure alternative FQDNs that will be considered home

#       networks.

#

# roaming_consortium: Roaming Consortium OI

#       If roaming_consortium_len is non-zero, this field contains the

#       Roaming Consortium OI that can be used to determine which access

#       points support authentication with this credential. This is an

#       alternative to the use of the realm parameter. When using Roaming

#       Consortium to match the network, the EAP parameters need to be

#       pre-configured with the credential since the NAI Realm information

#       may not be available or fetched.

#

# eap: Pre-configured EAP method

#       This optional field can be used to specify which EAP method will be

#       used with this credential. If not set, the EAP method is selected

#       automatically based on ANQP information (e.g., NAI Realm).

#

# phase1: Pre-configure Phase 1 (outer authentication) parameters

#       This optional field is used with like the 'eap' parameter.

#

# phase2: Pre-configure Phase 2 (inner authentication) parameters

#       This optional field is used with like the 'eap' parameter.

#

# excluded_ssid: Excluded SSID

#       This optional field can be used to excluded specific SSID(s) from

#       matching with the network. Multiple entries can be used to specify more

#       than one SSID.

#

# roaming_partner: Roaming partner information

#       This optional field can be used to configure preferences between roaming

#       partners. The field is a string in following format:

#       <FQDN>,<0/1 exact match>,<priority>,<* or country code>

#       (non-exact match means any subdomain matches the entry; priority is in

#       0..255 range with 0 being the highest priority)

#

# update_identifier: PPS MO ID

#       (Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)

#

# provisioning_sp: FQDN of the SP that provisioned the credential

#       This optional field can be used to keep track of the SP that provisioned

#       the credential to find the PPS MO (./Wi-Fi/<provisioning_sp>).

#

# Minimum backhaul threshold (PPS/<X+>/Policy/MinBackhauldThreshold/*)

#       These fields can be used to specify minimum download/upload backhaul

#       bandwidth that is preferred for the credential. This constraint is

#       ignored if the AP does not advertise WAN Metrics information or if the

#       limit would prevent any connection. Values are in kilobits per second.

# min_dl_bandwidth_home

# min_ul_bandwidth_home

# min_dl_bandwidth_roaming

# min_ul_bandwidth_roaming

#

# max_bss_load: Maximum BSS Load Channel Utilization (1..255)

#       (PPS/<X+>/Policy/MaximumBSSLoadValue)

#       This value is used as the maximum channel utilization for network

#       selection purposes for home networks. If the AP does not advertise

#       BSS Load or if the limit would prevent any connection, this constraint

#       will be ignored.

#

# req_conn_capab: Required connection capability

#       (PPS/<X+>/Policy/RequiredProtoPortTuple)

#       This value is used to configure set of required protocol/port pairs that

#       a roaming network shall support (include explicitly in Connection

#       Capability ANQP element). This constraint is ignored if the AP does not

#       advertise Connection Capability or if this constraint would prevent any

#       network connection. This policy is not used in home networks.

#       Format: <protocol>[:<comma-separated list of ports]

#       Multiple entries can be used to list multiple requirements.

#       For example, number of common TCP protocols:

#       req_conn_capab=6,22,80,443

#       For example, IPSec/IKE:

#       req_conn_capab=17:500

#       req_conn_capab=50

#

# ocsp: Whether to use/require OCSP to check server certificate

#       0 = do not use OCSP stapling (TLS certificate status extension)

#       1 = try to use OCSP stapling, but not require response

#       2 = require valid OCSP stapling response

#       3 = require valid OCSP stapling response for all not-trusted

#           certificates in the server certificate chain

#

# sim_num: Identifier for which SIM to use in multi-SIM devices

#

# for example:

#

#cred={

#       realm="example.com"

#       username="user@example.com"

#       password="password"

#       ca_cert="/etc/wpa_supplicant/ca.pem"

#       domain="example.com"

#}

#

#cred={

#       imsi="310026-000000000"

#       milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82"

#}

#

#cred={

#       realm="example.com"

#       username="user"

#       password="password"

#       ca_cert="/etc/wpa_supplicant/ca.pem"

#       domain="example.com"

#       roaming_consortium=223344

#       eap=TTLS

#       phase2="auth=MSCHAPV2"

#}

# Hotspot 2.0

# hs20=1

# Scheduled scan plans

#

# A space delimited list of scan plans. Each scan plan specifies the scan

# interval and number of iterations, delimited by a colon. The last scan plan

# will run infinitely and thus must specify only the interval and not the number

# of iterations.

#

# The driver advertises the maximum number of scan plans supported. If more scan

# plans than supported are configured, only the first ones are set (up to the

# maximum supported). The last scan plan that specifies only the interval is

# always set as the last plan.

#

# If the scan interval or the number of iterations for a scan plan exceeds the

# maximum supported, it will be set to the maximum supported value.

#

# Format:

# sched_scan_plans=<interval:iterations> <interval:iterations> ... <interval>

#

# Example:

# sched_scan_plans=10:100 20:200 30

# Multi Band Operation (MBO) non-preferred channels

# A space delimited list of non-preferred channels where each channel is a colon

# delimited list of values.

# Format:

# non_pref_chan=<oper_class>:<chan>:<preference>:<reason>

# Example:

# non_pref_chan="81:5:10:2 81:1:0:2 81:9:0:2"

# MBO Cellular Data Capabilities

# 1 = Cellular data connection available

# 2 = Cellular data connection not available

# 3 = Not cellular capable (default)

#mbo_cell_capa=3

# network block

#

# Each network (usually AP's sharing the same SSID) is configured as a separate

# block in this configuration file. The network blocks are in preference order

# (the first match is used).

#

# network block fields:

#

# disabled:

#       0 = this network can be used (default)

#       1 = this network block is disabled (can be enabled through ctrl_iface,

#           e.g., with wpa_cli or wpa_gui)

#

# id_str: Network identifier string for external scripts. This value is passed

#       to external action script through wpa_cli as WPA_ID_STR environment

#       variable to make it easier to do network specific configuration.

#

# ssid: SSID (mandatory); network name in one of the optional formats:

#       - an ASCII string with double quotation

#       - a hex string (two characters per octet of SSID)

#       - a printf-escaped ASCII string P"<escaped string>"

#

# scan_ssid:

#       0 = do not scan this SSID with specific Probe Request frames (default)

#       1 = scan with SSID-specific Probe Request frames (this can be used to

#           find APs that do not accept broadcast SSID or use multiple SSIDs;

#           this will add latency to scanning, so enable this only when needed)

#

# bssid: BSSID (optional); if set, this network block is used only when

#       associating with the AP using the configured BSSID

#

# priority: priority group (integer)

# By default, all networks will get same priority group (0). If some of the

# networks are more desirable, this field can be used to change the order in

# which wpa_supplicant goes through the networks when selecting a BSS. The

# priority groups will be iterated in decreasing priority (i.e., the larger the

# priority value, the sooner the network is matched against the scan results).

# Within each priority group, networks will be selected based on security

# policy, signal strength, etc.

# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not

# using this priority to select the order for scanning. Instead, they try the

# networks in the order that used in the configuration file.

#

# mode: IEEE 802.11 operation mode

# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)

# 1 = IBSS (ad-hoc, peer-to-peer)

# 2 = AP (access point)

# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and

# WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key

# TKIP/CCMP) is available for backwards compatibility, but its use is

# deprecated. WPA-None requires following network block options:

# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not

# both), and psk must also be set.

#

# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g.,

# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial

# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode.

# In addition, this value is only used by the station that creates the IBSS. If

# an IBSS network with the configured SSID is already present, the frequency of

# the network will be used instead of this configured value.

#

# pbss: Whether to use PBSS. Relevant to IEEE 802.11ad networks only.

# 0 = do not use PBSS

# 1 = use PBSS

# 2 = don't care (not allowed in AP mode)

# Used together with mode configuration. When mode is AP, it means to start a

# PCP instead of a regular AP. When mode is infrastructure it means connect

# to a PCP instead of AP. In this mode you can also specify 2 (don't care)

# which means connect to either PCP or AP.

# P2P_GO and P2P_GROUP_FORMATION modes must use PBSS in IEEE 802.11ad network.

# For more details, see IEEE Std 802.11ad-2012.

#

# scan_freq: List of frequencies to scan

# Space-separated list of frequencies in MHz to scan when searching for this

# BSS. If the subset of channels used by the network is known, this option can

# be used to optimize scanning to not occur on channels that the network does

# not use. Example: scan_freq=2412 2437 2462

#

# freq_list: Array of allowed frequencies

# Space-separated list of frequencies in MHz to allow for selecting the BSS. If

# set, scan results that do not match any of the specified frequencies are not

# considered when selecting a BSS.

#

# This can also be set on the outside of the network block. In this case,

# it limits the frequencies that will be scanned.

#

# bgscan: Background scanning

# wpa_supplicant behavior for background scanning can be specified by

# configuring a bgscan module. These modules are responsible for requesting

# background scans for the purpose of roaming within an ESS (i.e., within a

# single network block with all the APs using the same SSID). The bgscan

# parameter uses following format: "<bgscan module name>:<module parameters>"

# Following bgscan modules are available:

# simple - Periodic background scans based on signal strength

# bgscan="simple:<short bgscan interval in seconds>:<signal strength threshold>:

# <long interval>"

# bgscan="simple:30:-45:300"

# learn - Learn channels used by the network and try to avoid bgscans on other

# channels (experimental)

# bgscan="learn:<short bgscan interval in seconds>:<signal strength threshold>:

# <long interval>[:<database file name>]"

# bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan"

# Explicitly disable bgscan by setting

# bgscan=""

#

# This option can also be set outside of all network blocks for the bgscan

# parameter to apply for all the networks that have no specific bgscan

# parameter.

#

# proto: list of accepted protocols

# WPA = WPA/IEEE 802.11i/D3.0

# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)

# If not set, this defaults to: WPA RSN

#

# key_mgmt: list of accepted authenticated key management protocols

# WPA-PSK = WPA pre-shared key (this requires 'psk' field)

# WPA-EAP = WPA using EAP authentication

# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically

#       generated WEP keys

# NONE = WPA is not used; plaintext or static WEP could be used

# WPA-NONE = WPA-None for IBSS (deprecated; use proto=RSN key_mgmt=WPA-PSK

#       instead)

# FT-PSK = Fast BSS Transition (IEEE 802.11r) with pre-shared key

# FT-EAP = Fast BSS Transition (IEEE 802.11r) with EAP authentication

# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms

# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms

# SAE = Simultaneous authentication of equals; pre-shared key/password -based

#       authentication with stronger security than WPA-PSK especially when using

#       not that strong password

# FT-SAE = SAE with FT

# WPA-EAP-SUITE-B = Suite B 128-bit level

# WPA-EAP-SUITE-B-192 = Suite B 192-bit level

# OSEN = Hotspot 2.0 Rel 2 online signup connection

# If not set, this defaults to: WPA-PSK WPA-EAP

#

# ieee80211w: whether management frame protection is enabled

# 0 = disabled (default unless changed with the global pmf parameter)

# 1 = optional

# 2 = required

# The most common configuration options for this based on the PMF (protected

# management frames) certification program are:

# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256

# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256

# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used)

#

# auth_alg: list of allowed IEEE 802.11 authentication algorithms

# OPEN = Open System authentication (required for WPA/WPA2)

# SHARED = Shared Key authentication (requires static WEP keys)

# LEAP = LEAP/Network EAP (only used with LEAP)

# If not set, automatic selection is used (Open System with LEAP enabled if

# LEAP is allowed as one of the EAP methods).

#

# pairwise: list of accepted pairwise (unicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]

# NONE = Use only Group Keys (deprecated, should not be included if APs support

#       pairwise keys)

# If not set, this defaults to: CCMP TKIP

#

# group: list of accepted group (broadcast/multicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]

# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key

# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]

# If not set, this defaults to: CCMP TKIP WEP104 WEP40

#

# psk: WPA preshared key; 256-bit pre-shared key

# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,

# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be

# generated using the passphrase and SSID). ASCII passphrase must be between

# 8 and 63 characters (inclusive). ext:<name of external PSK field> format can

# be used to indicate that the PSK/passphrase is stored in external storage.

# This field is not needed, if WPA-EAP is used.

# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys

# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant

# startup and reconfiguration time can be optimized by generating the PSK only

# only when the passphrase or SSID has actually changed.

#

# mem_only_psk: Whether to keep PSK/passphrase only in memory

# 0 = allow psk/passphrase to be stored to the configuration file

# 1 = do not store psk/passphrase to the configuration file

#mem_only_psk=0

#

# eapol_flags: IEEE 802.1X/EAPOL options (bit field)

# Dynamic WEP key required for non-WPA mode

# bit0 (1): require dynamically generated unicast WEP key

# bit1 (2): require dynamically generated broadcast WEP key

#       (3 = require both keys; default)

# Note: When using wired authentication (including macsec_qca driver),

# eapol_flags must be set to 0 for the authentication to be completed

# successfully.

#

# macsec_policy: IEEE 802.1X/MACsec options

# This determines how sessions are secured with MACsec. It is currently

# applicable only when using the macsec_qca driver interface.

# 0: MACsec not in use (default)

# 1: MACsec enabled - Should secure, accept key server's advice to

#    determine whether to use a secure session or not.

#

# mixed_cell: This option can be used to configure whether so called mixed

# cells, i.e., networks that use both plaintext and encryption in the same

# SSID, are allowed when selecting a BSS from scan results.

# 0 = disabled (default)

# 1 = enabled

#

# proactive_key_caching:

# Enable/disable opportunistic PMKSA caching for WPA2.

# 0 = disabled (default unless changed with the global okc parameter)

# 1 = enabled

#

# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or

# hex without quotation, e.g., 0102030405)

# wep_tx_keyidx: Default WEP key index (TX) (0..3)

#

# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is

# allowed. This is only used with RSN/WPA2.

# 0 = disabled (default)

# 1 = enabled

#peerkey=1

#

# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to

# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.

#

# group_rekey: Group rekeying time in seconds. This value, if non-zero, is used

# as the dot11RSNAConfigGroupRekeyTime parameter when operating in

# Authenticator role in IBSS.

#

# Following fields are only used with internal EAP implementation.

# eap: space-separated list of accepted EAP methods

#       MD5 = EAP-MD5 (insecure and does not generate keying material ->

#                       cannot be used with WPA; to be used as a Phase 2 method

#                       with EAP-PEAP or EAP-TTLS)

#       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used

#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)

#       OTP = EAP-OTP (cannot be used separately with WPA; to be used

#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)

#       GTC = EAP-GTC (cannot be used separately with WPA; to be used

#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)

#       TLS = EAP-TLS (client and server certificate)

#       PEAP = EAP-PEAP (with tunnelled EAP authentication)

#       TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2

#                        authentication)

#       If not set, all compiled in methods are allowed.

#

# identity: Identity string for EAP

#       This field is also used to configure user NAI for

#       EAP-PSK/PAX/SAKE/GPSK.

# anonymous_identity: Anonymous identity string for EAP (to be used as the

#       unencrypted identity with EAP types that support different tunnelled

#       identity, e.g., EAP-TTLS). This field can also be used with

#       EAP-SIM/AKA/AKA' to store the pseudonym identity.

# password: Password string for EAP. This field can include either the

#       plaintext password (using ASCII or hex string) or a NtPasswordHash

#       (16-byte MD4 hash of password) in hash:<32 hex digits> format.

#       NtPasswordHash can only be used when the password is for MSCHAPv2 or

#       MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).

#       EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit

#       PSK) is also configured using this field. For EAP-GPSK, this is a

#       variable length PSK. ext:<name of external password field> format can

#       be used to indicate that the password is stored in external storage.

# ca_cert: File path to CA certificate file (PEM/DER). This file can have one

#       or more trusted CA certificates. If ca_cert and ca_path are not

#       included, server certificate will not be verified. This is insecure and

#       a trusted CA certificate should always be configured when using

#       EAP-TLS/TTLS/PEAP. Full path should be used since working directory may

#       change when wpa_supplicant is run in the background.

#

#       Alternatively, this can be used to only perform matching of the server

#       certificate (SHA-256 hash of the DER encoded X.509 certificate). In

#       this case, the possible CA certificates in the server certificate chain

#       are ignored and only the server certificate is verified. This is

#       configured with the following format:

#       hash:://server/sha256/cert_hash_in_hex

#       For example: "hash://server/sha256/

#       5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

#

#       On Windows, trusted CA certificates can be loaded from the system

#       certificate store by setting this to cert_store://<name>, e.g.,

#       ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".

#       Note that when running wpa_supplicant as an application, the user

#       certificate store (My user account) is used, whereas computer store

#       (Computer account) is used when running wpasvc as a service.

# ca_path: Directory path for CA certificate files (PEM). This path may

#       contain multiple CA certificates in OpenSSL format. Common use for this

#       is to point to system trusted CA list which is often installed into

#       directory like /etc/ssl/certs. If configured, these certificates are

#       added to the list of trusted CAs. ca_cert may also be included in that

#       case, but it is not required.

# client_cert: File path to client certificate file (PEM/DER)

#       Full path should be used since working directory may change when

#       wpa_supplicant is run in the background.

#       Alternatively, a named configuration blob can be used by setting this

#       to blob://<blob name>.

# private_key: File path to client private key file (PEM/DER/PFX)

#       When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be

#       commented out. Both the private key and certificate will be read from

#       the PKCS#12 file in this case. Full path should be used since working

#       directory may change when wpa_supplicant is run in the background.

#       Windows certificate store can be used by leaving client_cert out and

#       configuring private_key in one of the following formats:

#       cert://substring_to_match

#       hash://certificate_thumbprint_in_hex

#       for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"

#       Note that when running wpa_supplicant as an application, the user

#       certificate store (My user account) is used, whereas computer store

#       (Computer account) is used when running wpasvc as a service.

#       Alternatively, a named configuration blob can be used by setting this

#       to blob://<blob name>.

# private_key_passwd: Password for private key file (if left out, this will be

#       asked through control interface)

# dh_file: File path to DH/DSA parameters file (in PEM format)

#       This is an optional configuration file for setting parameters for an

#       ephemeral DH key exchange. In most cases, the default RSA

#       authentication does not use this configuration. However, it is possible

#       setup RSA to use ephemeral DH key exchange. In addition, ciphers with

#       DSA keys always use ephemeral DH keys. This can be used to achieve

#       forward secrecy. If the file is in DSA parameters format, it will be

#       automatically converted into DH params.

# subject_match: Substring to be matched against the subject of the

#       authentication server certificate. If this string is set, the server

#       certificate is only accepted if it contains this string in the subject.

#       The subject string is in following format:

#       /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com

#       Note: Since this is a substring match, this cannot be used securely to

#       do a suffix match against a possible domain name in the CN entry. For

#       such a use case, domain_suffix_match or domain_match should be used

#       instead.

# altsubject_match: Semicolon separated string of entries to be matched against

#       the alternative subject name of the authentication server certificate.

#       If this string is set, the server certificate is only accepted if it

#       contains one of the entries in an alternative subject name extension.

#       altSubjectName string is in following format: TYPE:VALUE

#       Example: EMAIL:server@example.com

#       Example: DNS:server.example.com;DNS:server2.example.com

#       Following types are supported: EMAIL, DNS, URI

# domain_suffix_match: Constraint for server domain name. If set, this FQDN is

#       used as a suffix match requirement for the AAA server certificate in

#       SubjectAltName dNSName element(s). If a matching dNSName is found, this

#       constraint is met. If no dNSName values are present, this constraint is

#       matched against SubjectName CN using same suffix match comparison.

#

#       Suffix match here means that the host/domain name is compared one label

#       at a time starting from the top-level domain and all the labels in

#       domain_suffix_match shall be included in the certificate. The

#       certificate may include additional sub-level labels in addition to the

#       required labels.

#

#       For example, domain_suffix_match=example.com would match

#       test.example.com but would not match test-example.com.

# domain_match: Constraint for server domain name

#       If set, this FQDN is used as a full match requirement for the

#       server certificate in SubjectAltName dNSName element(s). If a

#       matching dNSName is found, this constraint is met. If no dNSName

#       values are present, this constraint is matched against SubjectName CN

#       using same full match comparison. This behavior is similar to

#       domain_suffix_match, but has the requirement of a full match, i.e.,

#       no subdomains or wildcard matches are allowed. Case-insensitive

#       comparison is used, so "Example.com" matches "example.com", but would

#       not match "test.Example.com".

# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters

#       (string with field-value pairs, e.g., "peapver=0" or

#       "peapver=1 peaplabel=1")

#       'peapver' can be used to force which PEAP version (0 or 1) is used.

#       'peaplabel=1' can be used to force new label, "client PEAP encryption",

#       to be used during key derivation when PEAPv1 or newer. Most existing

#       PEAPv1 implementation seem to be using the old label, "client EAP

#       encryption", and wpa_supplicant is now using that as the default value.

#       Some servers, e.g., Radiator, may require peaplabel=1 configuration to

#       interoperate with PEAPv1; see eap_testing.txt for more details.

#       'peap_outer_success=0' can be used to terminate PEAP authentication on

#       tunneled EAP-Success. This is required with some RADIUS servers that

#       implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,

#       Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)

#       include_tls_length=1 can be used to force wpa_supplicant to include

#       TLS Message Length field in all TLS messages even if they are not

#       fragmented.

#       sim_min_num_chal=3 can be used to configure EAP-SIM to require three

#       challenges (by default, it accepts 2 or 3)

#       result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use

#       protected result indication.

#       'crypto_binding' option can be used to control PEAPv0 cryptobinding

#       behavior:

#        * 0 = do not use cryptobinding (default)

#        * 1 = use cryptobinding if server supports it

#        * 2 = require cryptobinding

#       EAP-WSC (WPS) uses following options: pin=<Device Password> or

#       pbc=1.

#

#       For wired IEEE 802.1X authentication, "allow_canned_success=1" can be

#       used to configure a mode that allows EAP-Success (and EAP-Failure)

#       without going through authentication step. Some switches use such

#       sequence when forcing the port to be authorized/unauthorized or as a

#       fallback option if the authentication server is unreachable. By default,

#       wpa_supplicant discards such frames to protect against potential attacks

#       by rogue devices, but this option can be used to disable that protection

#       for cases where the server/authenticator does not need to be

#       authenticated.

# phase2: Phase2 (inner authentication with TLS tunnel) parameters

#       (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or

#       "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS). "mschapv2_retry=0" can be

#       used to disable MSCHAPv2 password retry in authentication failure cases.

#

# TLS-based methods can use the following parameters to control TLS behavior

# (these are normally in the phase1 parameter, but can be used also in the

# phase2 parameter when EAP-TLS is used within the inner tunnel):

# tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the

#       TLS library, these may be disabled by default to enforce stronger

#       security)

# tls_disable_time_checks=1 - ignore certificate validity time (this requests

#       the TLS library to accept certificates even if they are not currently

#       valid, i.e.,

----------

## NeddySeagoon

Featherfoot,

Your /etc/wpa_supplicant/wpa_supplicant.conf is cropped. Its too big for a post, so put it onto a pastebin.

Also your entire dmesg would be useful. Make sure it starts at the beginning of the bootup. Reboot if you need to.

Read 

```
man wpa_supplicant.conf
```

it provides some get you going examples.

----------

## Featherfoot

wpa_supplicant.conf seemed way too long. Sorry.

/etc/wpa_suppliant/wpa_supplicant.conf listing: https://pastebin.com/0uutA5Dy

dmesg output: https://pastebin.com/YPu3jbAf

I was able to use a trivial wpa_supplicant.conf file from the examples and wpa_gui now seems to be working! ifconfig now shows the following:

```

bopper /etc/wpa_supplicant # ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.0.34  netmask 255.255.255.0  broadcast 10.0.0.255

        inet6 2601:58b:4100:c227::af4e  prefixlen 128  scopeid 0x0<global>

        inet6 2601:58b:4100:c227:b58f:9e93:439d:6e2f  prefixlen 64  scopeid 0x0<global>

        inet6 fe80::df89:ac5b:452a:814a  prefixlen 64  scopeid 0x20<link>

        ether d8:5d:4c:f2:a8:5e  txqueuelen 1000  (Ethernet)

        RX packets 23413  bytes 22611800 (21.5 MiB)

        RX errors 0  dropped 2  overruns 0  frame 0

        TX packets 16795  bytes 2474264 (2.3 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 1456  bytes 118648 (115.8 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 1456  bytes 118648 (115.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet6 fe80::724d:7bff:fe12:9783  prefixlen 64  scopeid 0x20<link>

        inet6 2601:58b:4100:c227:724d:7bff:fe12:9783  prefixlen 64  scopeid 0x0<global>

        ether 70:4d:7b:12:97:83  txqueuelen 1000  (Ethernet)

        RX packets 395  bytes 123636 (120.7 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 115  bytes 43168 (42.1 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bopper /etc/wpa_supplicant #  

```

When I tried to actually use the wlan0, which I did by doing "ifconfig eth0 down", my network quit working. I think the problem is that there is no inet address for wlan0, only an inet6.Last edited by Featherfoot on Thu Mar 08, 2018 11:10 pm; edited 1 time in total

----------

## NeddySeagoon

Featherfoot,

Your dmesg shows the device 

```
[    2.690097] usb 4-1: new high-speed USB device number 2 using xhci_hcd

[    2.873357] usb 4-1: New USB device found, idVendor=0b05, idProduct=17ab

[    2.873507] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3

[    2.873657] usb 4-1: Product: 802.11n WLAN Adapter

[    2.873790] usb 4-1: Manufacturer: Realtek

[    2.873919] usb 4-1: SerialNumber: 00e04c000001

...

[    8.906320] rtl8192cu: Board Type 0

[    8.907440] rtl_usb: rx_max_size 15360, rx_urb_num 8, in_ep 1

[    8.907484] rtl8192cu: Loading firmware rtlwifi/rtl8192cufw_TMSC.bin

[    8.907608] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'

[    8.907796] usbcore: registered new interface driver rtl8192cu

[    8.909774] usbcore: registered new interface driver rtl8xxxu
```

However, wlan0 is not being started. 

The regulatory domain is not being set and the association/authentication dance is missing.

From 

```

           ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

          #

          # home network; allow all valid ciphers

          network={

               ssid="home"

               scan_ssid=1

               key_mgmt=WPA-PSK

               psk="very secret passphrase"

          }

```

 Is probably enough to gen started.  You are missing the  key_mgmt= entry. 

Most of your wpa_supplicant.conf is comments.

What sort of encryption are you using ... but its not tried yet, so thats not the immediate problem?

How do you start wlan0 ?

----------

## Featherfoot

I think we have gotten out of sync. I'm sorry.

My new wpa_supplicant.conf from the manpage.

```

# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

#

# home network; allow all valid ciphers

network={

ssid="Cox_House"

scan_ssid=1

key_mgmt=WPA-PSK

psk="This_is_the_big_bopper_speaking."

}

network={

ssid="Cox_House2"

scan_ssid=1

key_mgmt=WPA-PSK

psk="This_is_the_big_bopper_speaking."

}

bopper /etc/wpa_supplicant # 

```

I now get a good wpa_gui listing.

I did an ifconfig. It follows:

```

bopper /etc/wpa_supplicant # ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.0.34  netmask 255.255.255.0  broadcast 10.0.0.255

        inet6 2601:58b:4100:c227::af4e  prefixlen 128  scopeid 0x0<global>

        inet6 2601:58b:4100:c227:b58f:9e93:439d:6e2f  prefixlen 64  scopeid 0x0<global>

        inet6 fe80::df89:ac5b:452a:814a  prefixlen 64  scopeid 0x20<link>

        ether d8:5d:4c:f2:a8:5e  txqueuelen 1000  (Ethernet)

        RX packets 23413  bytes 22611800 (21.5 MiB)

        RX errors 0  dropped 2  overruns 0  frame 0

        TX packets 16795  bytes 2474264 (2.3 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 1456  bytes 118648 (115.8 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 1456  bytes 118648 (115.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet6 fe80::724d:7bff:fe12:9783  prefixlen 64  scopeid 0x20<link>

        inet6 2601:58b:4100:c227:724d:7bff:fe12:9783  prefixlen 64  scopeid 0x0<global>

        ether 70:4d:7b:12:97:83  txqueuelen 1000  (Ethernet)

        RX packets 395  bytes 123636 (120.7 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 115  bytes 43168 (42.1 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bopper /etc/wpa_supplicant 

```

I did an "ifconfig eth0 down" to try wlan0. The network went down.

If you notice there is no inet for wlan0, only 2 inet6. This might be why it failed.

Any thoughts on what to do next?

----------

## NeddySeagoon

Featherfoot,

First of all, thats public IPv6 addresses on both eth0 and wlan0.  I hope you have an IPv6 firewall in place.

Any IPv6 address starting with a 2 is on the internet. There is no NAT to hide you.

That means the wifi came up in IPv6 mode anyway.

You will probably need to edit /etc/rc.conf.  The default is 

```
# Do we allow any started service in the runlevel to satisfy the dependency

# or do we want all of them regardless of state? For example, if net.eth0

# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"

# both will be started, but services that depend on 'net' will work if either

# one comes up. With rc_depend_strict="YES" we would require them both to

# come up.

#rc_depend_strict="YES"
```

which is not what you want to operate on one interface out of two.

----------

## Featherfoot

I made the change you suggested to rc.conf. It still doesn't work.

For completeness's sake. Here is the dmesg output when I set up wlan0: It appears that wlan0 was authenticated.

I turned on wlan0 with "ifconfig wlan0 up arp". Should I have used another incantation?

```

[  180.481050] wlan0: deauthenticating from 78:f2:9e:e9:7b:c8 by local choice (Reason: 3=DEAUTH_LEAVING)

[  227.940986] wlan0: authenticate with 78:f2:9e:e9:7b:c8

[  227.960877] wlan0: send auth to 78:f2:9e:e9:7b:c8 (try 1/3)

[  227.967566] wlan0: authenticated

[  227.974339] wlan0: associate with 78:f2:9e:e9:7b:c8 (try 1/3)

[  228.001179] wlan0: RX AssocResp from 78:f2:9e:e9:7b:c8 (capab=0x431 status=0 aid=3)

[  228.019096] wlan0: associated

[  453.829731] r8169 0000:04:07.0 eth0: link down

[  453.829745] r8169 0000:04:07.0 eth0: link down

[  453.829834] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready

[  456.416423] r8169 0000:04:07.0 eth0: link up

[  456.416430] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready

```

----------

## NeddySeagoon

Featherfoot,

Does 

```
[  180.481050] wlan0: deauthenticating from 78:f2:9e:e9:7b:c8 by local choice (Reason: 3=DEAUTH_LEAVING) 
```

 keep repeating in dmesg?

```
Reason: 3=DEAUTH_LEAVING
```

means you asked it to shut down.[/code]

It means that several network tools are fighting over wpa_supplicant. You may have an most, one tool controlling your network.

You fix this by not having wifi start at all at boot. That's your reference point.

Now you start it by hand and show it works.

Lastly you add your single tool of choice to the startup sequence.

----------

## Featherfoot

I think the reason you see the authenticate/deauthenicate sequence is because I brought up wpa_gui and did another connect. Here is a "clean sequence." The comment about firmware is not ready to run is disturbing...

```

   17.361450] rtl8192c_common: Polling FW ready fail! REG_MCUFWDL:0x00030006.

[   17.361452] rtl8192c_common: Firmware is not ready to run!

[
```

A complete listing follows:

```

    8.529185] rtl8192cu: Board Type 0

[    8.530308] rtl_usb: rx_max_size 15360, rx_urb_num 8, in_ep 1

[    8.530342] rtl8192cu: Loading firmware rtlwifi/rtl8192cufw_TMSC.bin

[    8.530448] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'

[    8.530572] usbcore: registered new interface driver rtl8192cu

[    8.532434] usbcore: registered new interface driver rtl8xxxu

[    8.590187] firewire_core 0000:04:0e.0: created device fw0: GUID 0013cd21001c6f65, S400

[    9.604157] EXT4-fs (sda2): re-mounted. Opts: (null)

[    9.678199] Adding 9799676k swap on /dev/mapper/pdc_ichaghch7.  Priority:-2 extents:1 across:9799676k 

[    9.712010] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: discard,user_xattr,errors=remount-ro

[    9.737234] EXT4-fs (dm-4): mounted filesystem with ordered data mode. Opts: (null)

[    9.767507] EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts: (null)

[    9.801477] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null)

[   10.537997] rtl8192cu: MAC auto ON okay!

[   10.737467] rtl8192cu: Tx queue select: 0x05

[   11.200948] input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:02.0/0000:01:00.1/sound/card1/input13

[   11.200994] input: HDA NVidia HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:02.0/0000:01:00.1/sound/card1/input14

[   11.201044] input: HDA NVidia HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:02.0/0000:01:00.1/sound/card1/input15

[   11.201086] input: HDA NVidia HDMI/DP,pcm=9 as /devices/pci0000:00/0000:00:02.0/0000:01:00.1/sound/card1/input16

[   17.361450] rtl8192c_common: Polling FW ready fail! REG_MCUFWDL:0x00030006.

[   17.361452] rtl8192c_common: Firmware is not ready to run!

[   18.090596] r8169 0000:04:07.0 eth0: link down

[   18.090598] r8169 0000:04:07.0 eth0: link down

[   19.420313] wlan0: authenticate with 78:f2:9e:e9:7b:c8

[   19.471635] wlan0: send auth to 78:f2:9e:e9:7b:c8 (try 1/3)

[   19.474722] wlan0: authenticated

[   19.480100] wlan0: associate with 78:f2:9e:e9:7b:c8 (try 1/3)

[   19.486650] wlan0: RX AssocResp from 78:f2:9e:e9:7b:c8 (capab=0x431 status=0 aid=3)

[   19.619608] wlan0: associated

[   20.236485] r8169 0000:04:07.0 eth0: link up

[   36.063818] resource sanity check: requesting [mem 0x000c0000-0x000fffff], which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]

[   36.064002] caller _nv001171rm+0xe3/0x1d0 [nvidia] mapping multiple BARs

[   36.308212] nvidia-modeset: Allocated GPU:0 (GPU-97fe9c0f-1de7-349d-5510-f2f9b4324f9d) @ PCI:0000:01:00.0

jc@bopper ~ $ 

```

----------

## NeddySeagoon

Featherfoot,

```
[   19.420313] wlan0: authenticate with 78:f2:9e:e9:7b:c8

[   19.471635] wlan0: send auth to 78:f2:9e:e9:7b:c8 (try 1/3)

[   19.474722] wlan0: authenticated

[   19.480100] wlan0: associate with 78:f2:9e:e9:7b:c8 (try 1/3)

[   19.486650] wlan0: RX AssocResp from 78:f2:9e:e9:7b:c8 (capab=0x431 status=0 aid=3)

[   19.619608] wlan0: associated 
```

That's the hard part. Once its associated, you run dhcpcd on the interface.

```
dhcpcd wlan0
```

and in should 'just work'.

Note that IPv6 normally uses a different mechanism to set up the IPv6 side of the interface.

It seems as if that works as you have, or had, a  global scope IPv6 address.

----------

## Featherfoot

You were right. It does work! 

I am puzzled that it didn't start dhcpcd automatically. Here is my /etc/conf.d/net file where I try to turn on dhcp for wlan0:

:

```

bopper /etc/conf.d # cat net

# set the dns_domain_lo variable to the selected domain name

dns_domain_lo="Cox"

config_eth0="dhcp"

#config_eth0=10.0.0.33 netmask 255.255.255.0 brd=10.0.0.255

#modules=

modules="wpa_supplicant"

config_wlan0="dhcp"

#key_ESSID1="[1] s:Cox_House This_is_the_big_bopper_speaking. [1] enc open"

#key_ESSID2="[1] s:Cox_House2 This_is_the_big_bopper_speaking. [1] enc open"

#preffered_aps="'ESSID1' 'ESSID2'"

#adhoc_essid_eth0="Cox_House2"

#iwconfig_eth0="mode managed"

```

----------

## NeddySeagoon

Featherfoot,

Do you have a net.wlan0 -> net.lo symlink?

Is net.wlan0 in the default runlevel.

----------

## Featherfoot

The answer is no, I don't have either the link or net.wlan0 at the default runlevel.Last edited by Featherfoot on Fri Mar 09, 2018 8:57 pm; edited 1 time in total

----------

## blopsalot

```

ls -lA /etc/init.d/net*

rc-status

```

----------

## Featherfoot

The symbolic link is set, but net.wlan0 is not at the default runlevel.

I expermented with rc-update and it didn't work. How do I make sure it starts?

```

jc@bopper ~ $ ls -lA /etc/init.d/net* 

lrwxrwxrwx 1 root root     6 Jan 30 15:47 /etc/init.d/net.eth0 -> net.lo

-rwxr-xr-x 1 root root 18514 Dec 15 16:54 /etc/init.d/net.lo

-rwxr-xr-x 1 root root  2071 Dec 15 16:50 /etc/init.d/netmount

-rwxr-xr-x 1 root root  2043 Dec 15 16:50 /etc/init.d/net-online

jc@bopper ~ $ rc-status

Runlevel: default

 dbus                                                                                                                          [  started  ]

 syslog-ng                                                                                                                     [  started  ]

 wpa_supplicant                                                                                                                [  started  ]

 net.eth0                                                                                                                      [  started  ]

 netmount                                                                                                                      [  started  ]

 sshd                                                                                                                          [  started  ]

 bluetooth                                                                                                                     [  started  ]

 ntp-client                                                                                                                    [  started  ]

 cronie                                                                                                                        [  started  ]

 cupsd                                                                                                                         [  started  ]

 lm_sensors                                                                                                                    [  started  ]

 ntpd                                                                                                                          [  started  ]

 xdm                                                                                                                           [  started  ]

 local                                                                                                                         [  started  ]

Dynamic Runlevel: hotplugged

Dynamic Runlevel: needed/wanted

 lvmetad                                                                                                                       [  started  ]

 avahi-daemon                                                                                                                  [  started  ]

 modules-load                                                                                                                  [  started  ]

 xdm-setup                                                                                                                     [  started  ]

Dynamic Runlevel: manual

jc@bopper ~ $ 

```

----------

## khayyam

Featherfoot ...

if you are using 'netifrc' (which is what would execute /etc/conf.d/net, and so I expect you are) then do not add wpa_supplicant to the runlevel, you want one, and only one, service providing 'net' (wpa_supplicant will be started as a consequence of your modules="wpa_supplicant" ... and by the way, that should be 'modules_wlan0', because wpa_supplicant is not being used for other interfaces).

```
# /etc/init.d/wpa_supplicant stop

# rc-update del wpa_supplicant default

# rc-update add net.wlan0 default

# /etc/init.d/net.wlan0 stop

# /etc/init.d/net.wlan0 start
```

HTH & best ... khay

----------

## Featherfoot

khayyam thanks for your advice. I was trying to follow the various pieces of advice for setting up wireless networks in gentoo.

----------

## Featherfoot

Where I stand at the moment is that my WiFi works very well if I do a "dhcpcd wlan0" ant then "ifconfig eth0 down" when I want to use it. Perhaps the developers felt that it was superfluous, although it is like having several Ethernet connections.

NeddySeagoon: As usual, you have been extremely helpful. Thank you.

----------

## NeddySeagoon

Featherfoot,

You need to avoid having several interfaces in the same subnet.

It can be made to work but bad things happen when you try.

If you are really lucky, only one interface will be used.

----------

## Featherfoot

There is a long  story on why I have two that has to do with a new rug and the installers refusal to allow a wire under the rug . I understand the jeopardy I have put myself in.

I did have a case where I was doing my taxes with Windows 10 when my Ethernet went down.  It suggested I use the wireless card and configured it on  the fly. Pretty slick. So I got the idea that since I had the card, I should try to get It to work again. I have also configured a wireless card, with a great deal of expert help.

----------

## NeddySeagoon

Featherfoot,

There are a couple of tools you might like to try.

ifplugd being one.  I've never used it.

I'm sure that there will solutions to only using the fastest interface when several are available too.

Its something that lots of people will want to do.

I've not needed it, so I don't know where to point you.

Now that both interfaces can work, you might try starting a new topic on automatic selection.

----------

## Featherfoot

NeddySeagoon: Thanks for the info. Mr. Google thought that ifplugd, netplug, and NetworkManager have similar capabilities. I can't comment beyond that about any of them, but NetworkManager is running on my system.

In my case, the Ethernet is clearly faster than WiFi.  My use case is to connect from my PC to the router when the Ethernet quits for some reason, so I'm not sure that it is worthwhile except as an interesting experiment. Things could get interesting if I can be sure I could figure out where the USB-3 ports on my motherboard are located.

----------

## NeddySeagoon

Featherfoot,

You can tell by the colours of the plastic inserts.

USB1 is usually Black.

USB2 is usually Blue.

USB3 is usually Red.

except when they aren't :)

You can also set up a failover bond. You donate both interfaces to a bond, set up the bond as your single interface.

It uses wired if it can and silently switches to wifi when its needed.

However, both ends of the link need to support bonding.

----------

## Featherfoot

They are all black on my motherboard. It appears that the ASUS USB-N13 is a USB-2 device. I am getting transfer rates consistent with that, even though I think I am plugged into USB-3.

----------

## NeddySeagoon

Featherfoot,

```
lsusb
```

 will show your USB tree. e.g.

```
$ lsusb

Bus 009 Device 006: ID 0bda:0307 Realtek Semiconductor Corp. Card Reader

Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 009 Device 004: ID 2109:0812 VIA Labs, Inc. VL812 Hub

Bus 008 Device 005: ID 0451:8043 Texas Instruments, Inc. Hub

Bus 008 Device 003: ID 0451:8043 Texas Instruments, Inc. Hub

Bus 008 Device 004: ID 2109:2812 VIA Labs, Inc. VL812 Hub

Bus 004 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver

Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 008 Device 002: ID 2109:2812 VIA Labs, Inc. VL812 Hub

Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 002 Device 002: ID 058f:6362 Alcor Micro Corp. Flash Card Reader/Writer

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 009 Device 002: ID 2109:0812 VIA Labs, Inc. VL812 Hub

Bus 009 Device 005: ID 0451:8041 Texas Instruments, Inc. Hub

Bus 009 Device 003: ID 0451:8041 Texas Instruments, Inc. Hub

Bus 009 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
```

Thats a mess but  

```
$ lsusb |grep hub | sort

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 009 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
```

sorts the buses in order.

For me, Buses 1,2 and 8 are USB2. Bus 9 is USB3 and the rest are USB 1.1 

Grepping for 'Bus 009' 

```
$ lsusb |grep 'Bus 009' | sort

Bus 009 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 009 Device 002: ID 2109:0812 VIA Labs, Inc. VL812 Hub

Bus 009 Device 003: ID 0451:8041 Texas Instruments, Inc. Hub

Bus 009 Device 004: ID 2109:0812 VIA Labs, Inc. VL812 Hub

Bus 009 Device 005: ID 0451:8041 Texas Instruments, Inc. Hub

Bus 009 Device 006: ID 0bda:0307 Realtek Semiconductor Corp. Card Reader
```

lists all the devices on Bus 009, which is USB3, from above.

Now its your turn :)

----------

## Featherfoot

Interesting and frustrating:

lsusb gives:

```

bopper /home/jc # lsusb

Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 009 Device 003: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse

Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 001 Device 005: ID 03f0:8904 Hewlett-Packard DeskJet 6940 series

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 006 Device 002: ID 0a5c:21e8 Broadcom Corp. BCM20702A0 Bluetooth 4.0

Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 004 Device 010: ID 0b05:17ab ASUSTek Computer, Inc. USB-N13 802.11n Network Adapter (rev. B1) [Realtek RTL8192CU]

Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

bopper /home/jc # 

```

lsusb | grep hub | sort gives

```

bopper /home/jc # lsusb | grep hub | sort

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

```

So, Bus 005 is the USB-3 hub.

The interesting thing is that I plugged into every USB port on the back of the box and none of them connect to Bus 005!

This motherboard has been around for awhile, so I think I'm sunk.

----------

## khayyam

 *Featherfoot wrote:*   

> [...] but NetworkManager is running on my system.

 

Featherfoot ... again, one, and only one, service should be providing 'net', so if you have wpa_supplicant, net.wlan0, and NetworkManager, in the runlevel, then these will conflict with one another.

If you want/need to use NetworkManager then you can't use netifrc, or wpa_supplicant, these will start a wpa_supplicant (and probably dhcpcd) instance on the interface, with obvious consequences if one is already runing.

As for switching between wired/wireless then you probably already have ifplugd (in the form of busybox) ...

```
% grep PLUG /etc/portage/savedconfig/sys-apps/busybox-1.28.0

CONFIG_IFPLUGD=y
```

That is the default, so unless you explicitly disabled yours should be set likewise. All you would need to do is create a symlink busybox => /usr/local/sbin/ifplugd. With netifrc you would then add modules_wlan0="plug" to conf.d/net and configure as you would for sys-apps/ifplugd. Not sure how NetworkManager intergrates with ifplugd so I can't help ITR.

HTH & best ... khay

----------

## NeddySeagoon

Featherfoot,

Put the output of dmidecode onto a pastebin.

Its quite possible that your USB 3 in a header on your motherboard and you need a cable and backplate to bring it out.

----------

## Featherfoot

Here is the pastebin output: https://pastebin.com/bNiN9PEf

A careful reading of the manual says that the port supports the USB-3 specification and is compatible with  the USB-2/1.1 specification, whatever that means. I do know that it drives the WiFi adapter at full USB-2 speed.

----------

## NeddySeagoon

Featherfoot,

I suspect that your USB bus 5 is only visible to USB 3 devices.

----------

## Featherfoot

I think you're right.

----------

