Source string Read only

(itstool) path: callout/para
148/1480
Context English State
<prompt>#</prompt> <userinput>wpa_supplicant -i <replaceable>wlan0</replaceable> -c /etc/wpa_supplicant.conf</userinput>
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:11:95:c3:0d:ac completed (auth) [id=0 id_str=]
The next operation is to launch <citerefentry><refentrytitle>dhclient</refentrytitle><manvolnum>8</manvolnum></citerefentry> to get the <acronym>IP</acronym> address from the <acronym>DHCP</acronym> server:
<prompt>#</prompt> <userinput>dhclient <replaceable>wlan0</replaceable></userinput>
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
If <filename>/etc/rc.conf</filename> has an <literal>ifconfig_wlan0="DHCP"</literal> entry, <citerefentry><refentrytitle>dhclient</refentrytitle><manvolnum>8</manvolnum></citerefentry> will be launched automatically after <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> associates with the access point.
If <acronym>DHCP</acronym> is not possible or desired, set a static <acronym>IP</acronym> address after <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> has authenticated the station:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.100</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
When <acronym>DHCP</acronym> is not used, the default gateway and the nameserver also have to be manually set:
<prompt>#</prompt> <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
<prompt>#</prompt> <userinput>echo "nameserver <replaceable>your_DNS_server</replaceable>" &gt;&gt; /etc/resolv.conf</userinput>
<acronym>WPA</acronym> with <acronym>EAP-TLS</acronym>
The second way to use <acronym>WPA</acronym> is with an 802.1X backend authentication server. In this case, <acronym>WPA</acronym> is called <acronym>WPA</acronym> Enterprise to differentiate it from the less secure <acronym>WPA</acronym> Personal. Authentication in <acronym>WPA</acronym> Enterprise is based on the Extensible Authentication Protocol (<acronym>EAP</acronym>).
<acronym>EAP</acronym> does not come with an encryption method. Instead, <acronym>EAP</acronym> is embedded inside an encrypted tunnel. There are many <acronym>EAP</acronym> authentication methods, but <acronym>EAP-TLS</acronym>, <acronym>EAP-TTLS</acronym>, and <acronym>EAP-PEAP</acronym> are the most common.
EAP with Transport Layer Security (<acronym>EAP-TLS</acronym>) is a well-supported wireless authentication protocol since it was the first <acronym>EAP</acronym> method to be certified by the <link xlink:href="http://www.wi-fi.org/">Wi-Fi Alliance</link>. <acronym>EAP-TLS</acronym> requires three certificates to run: the certificate of the Certificate Authority (<acronym>CA</acronym>) installed on all machines, the server certificate for the authentication server, and one client certificate for each wireless client. In this <acronym>EAP</acronym> method, both the authentication server and wireless client authenticate each other by presenting their respective certificates, and then verify that these certificates were signed by the organization's <acronym>CA</acronym>.
As previously, the configuration is done via <filename>/etc/wpa_supplicant.conf</filename>:
network={
ssid="freebsdap" <co xml:id="co-tls-ssid"/>
proto=RSN <co xml:id="co-tls-proto"/>
key_mgmt=WPA-EAP <co xml:id="co-tls-kmgmt"/>
eap=TLS <co xml:id="co-tls-eap"/>
identity="loader" <co xml:id="co-tls-id"/>
ca_cert="/etc/certs/cacert.pem" <co xml:id="co-tls-cacert"/>
client_cert="/etc/certs/clientcert.pem" <co xml:id="co-tls-clientcert"/>
private_key="/etc/certs/clientkey.pem" <co xml:id="co-tls-pkey"/>
private_key_passwd="freebsdmallclient" <co xml:id="co-tls-pwd"/>
}
This field indicates the network name (<acronym>SSID</acronym>).
This example uses the <acronym>RSN</acronym> <trademark class="registered">IEEE</trademark> 802.11i protocol, also known as <acronym>WPA2</acronym>.
The <literal>key_mgmt</literal> line refers to the key management protocol to use. In this example, it is <acronym>WPA</acronym> using <acronym>EAP</acronym> authentication.
This field indicates the <acronym>EAP</acronym> method for the connection.
The <literal>identity</literal> field contains the identity string for <acronym>EAP</acronym>.
The <literal>ca_cert</literal> field indicates the pathname of the <acronym>CA</acronym> certificate file. This file is needed to verify the server certificate.
The <literal>client_cert</literal> line gives the pathname to the client certificate file. This certificate is unique to each wireless client of the network.
The <literal>private_key</literal> field is the pathname to the client certificate private key file.
The <literal>private_key_passwd</literal> field contains the passphrase for the private key.
Then, add the following lines to <filename>/etc/rc.conf</filename>:
The next step is to bring up the interface:
<prompt>#</prompt> <userinput>service netif start</userinput>
Starting wpa_supplicant.
DHCPREQUEST on wlan0 to 255.255.255.255 port 67 interval 7
DHCPREQUEST on wlan0 to 255.255.255.255 port 67 interval 15
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300 seconds.
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet DS/11Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
It is also possible to bring up the interface manually using <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
<acronym>WPA</acronym> with <acronym>EAP-TTLS</acronym>
With <acronym>EAP-TLS</acronym>, both the authentication server and the client need a certificate. With <acronym>EAP-TTLS</acronym>, a client certificate is optional. This method is similar to a web server which creates a secure <acronym>SSL</acronym> tunnel even if visitors do not have client-side certificates. <acronym>EAP-TTLS</acronym> uses an encrypted <acronym>TLS</acronym> tunnel for safe transport of the authentication data.
The required configuration can be added to <filename>/etc/wpa_supplicant.conf</filename>:
network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=TTLS <co xml:id="co-ttls-eap"/>
identity="test" <co xml:id="co-ttls-id"/>
password="test" <co xml:id="co-ttls-passwd"/>
ca_cert="/etc/certs/cacert.pem" <co xml:id="co-ttls-cacert"/>
phase2="auth=MD5" <co xml:id="co-ttls-pha2"/>
}

Loading…

No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

The translations in several languages have failing checks

Reset

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: callout/para
Flags
read-only
Source string location
book.translate.xml:63542
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10405