A propos / How-To...

En l’absence de serveur radius chez soi (indispensable pour le mode WPA Entreprise), vous pouvez utiliser le mode WPA Personnel (ou WPA Personal ou WPA-PSK [1]) pour sécuriser votre réseau WiFi, pour peu que le secret partagé soit bien choisi...

Ma configuration :

  • portable HP-Compaq nw8000 avec double boot (Windows XP/Gentoo)
  • carte sans-fil : Intel Corporation PRO/Wireless 2200BG (rev 05)
  • point d’accès DLink DWL-3200AP, adresse IP : 10.0.0.40
  • SSID : pervasive-ssid

Ce tutorial / How-To va vous montrer comment configurer WPA Personnel ou WPA-PSK sous les systèmes d’exploitation WindowsXP et GNU/Linux (distribution Gentoo).

WPA-PSK sur la borne DLink DWL-3200AP

Mettre les paramètres suivant (cf. capture d’écran ci-dessous) :

  • Mode : Access Point
  • SSID : pervasive-ssid
  • SSID Broadcast : Enable
  • Authentication : WPA-PSK
  • Cipher Type : TKIP
  • PassPhrase : jesuisunmotdepassecomplexe
PNG - 213.9 ko
Home | Wireless

WPA-PSK sous WindowsXP

J’ai utilisé le logiciel intégré à Windows XP pour gérer le WPA.

  • Vérifier que vous avez installé le SP2 (Service Pack 2) pour Windows XP ou installer le patch WPA pour WindowsXP ou (826942). Merci à NeurOne pour l’info sur le patch
  • Configuration du réseau sans-fil pervasive-ssid
PNG - 15.6 ko
pervasive-ssid | propriétés | onglet Association
Choisir comme : Authentification réseau : WPA, et Cryptage réseau : TKIP. Mettre comme Clé réseau :jesuisunmotdepassecomplexe

WPA-PSK sous GNU/Linux (distribution Gentoo)

- Versions des logiciels utilisés :

- Configuration de WPA-PSK

  • Fichier /etc/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

opensc_engine_path=/usr/lib/opensc/engine_opensc.so
pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

network={
       disabled=0
       ssid="pervasive-ssid"
       scan_ssid=0
       mode=0
       proto=WPA
       key_mgmt=WPA-PSK
       auth_alg=OPEN
       pairwise=TKIP
       group=TKIP
       psk="jesuisunmotdepassecomplexe"
}
  • Fichier /etc/conf.d/wireless

J’ai utilisé le fichier d’exemple par défaut /etc/conf.d/wireless.example.


# cp /etc/conf.d/wireless.example /etc/conf.d/wireless
  • Fichier /etc/conf.d/net

##############################################################################
# QUICK-START
#
# The quickest start is if you want to use DHCP.
# In that case, everything should work out of the box, no configuration
# necessary, though the startup script will warn you that you haven't
# specified anything.
#
# If you want to use a static address or use DHCP explicitly, jump
# down to the section labelled INTERFACE HANDLERS.
#
# If you want to do anything more fancy, you should take the time to
# read through the rest of this file.


##############################################################################
# MODULES
#
# We now support modular networking scripts which means we can easily
# add support for new interface types and modules while keeping
# compatability with existing ones.
#
# Modules load by default if the package they need is installed.  If
# you specify a module here that doesn't have it's package installed
# then you get an error stating which package you need to install.
# Ideally, you only use the modules setting when you have two or more
# packages installed that supply the same service.
#
# In other words, you probably should DO NOTHING HERE...

# Prefer iproute2 over ifconfig
#modules=( "iproute2" )

# You can also specify other modules for an interface
# In this case we prefer udhcpc over dhcpcd
#modules_eth0=( "udhcpc" )

# You can also specify which modules not to use - for example you may be
# using a supplicant or linux-wlan-ng to control wireless configuration but
# you still want to configure network settings per ESSID associated with.
modules=( "!iwconfig" )

[...]

##############################################################################
# OPTIONAL MODULES

#-----------------------------------------------------------------------------
# WIRELESS (802.11 support)
# Wireless can be provided by iwconfig or wpa_supplicant

# iwconfig
# emerge net-wireless/wireless-tools
# Wireless options are held in /etc/conf.d/wireless - but could be here too
# Consult the sample file /etc/conf.d/wireless.example for instructions
# iwconfig is the default

# wpa_supplicant
# emerge net-wireless/wpa-supplicant
# Wireless options are held in /etc/wpa_supplicant.conf
# Consult the sample file /etc/wpa_supplicant.conf.example for instructions
# To choose wpa_supplicant over iwconfig
modules=( "wpa_supplicant" )
# To configure wpa_supplicant
#wpa_supplicant_eth0="-Dprism54" # For Prism54 based cards
#wpa_supplicant_ath0="-Dmadwifi" # For Atheros based cards
wpa_supplicant_eth1="-Dipw"
# Consult wpa_supplicant for more drivers
# By default we give wpa_suppliant 60 seconds to associate and authenticate
#wpa_timeout_eth0=60

[...]
#-----------------------------------------------------------------------------
# DHCP
# DHCP can be provided by dhcpcd, dhclient, udhcpc or pump
#
# dhcpcd:   emerge net-misc/dhcpcd
# dhclient: emerge net-misc/dhcp
# udhcpc:   emerge net-misc/udhcp
# pump:     emerge net-misc/pump

# If you have more than one DHCP client installed, you need to specify which
# one to use - otherwise we default to dhcpcd if available
#modules=( "udhcpc" ) # to select udhcpc over dhcpcd
#
# Notes:
# - dhcpcd, udhcpc and pump send the current hostname
#   to the DHCP server by default
# - dhcpcd does not daemonize when the lease time is infinite
# - udhcp-0.9.3-r3 and earlier does not support getting NTP servers
# - dhclient does not support getting NTP servers
# - pump does not support getting NIS servers
# - DHCP tends to erase any existing device information - so add
#   static addresses after dhcp if you need them

# Regardless of which DHCP client you prefer, you configure them the
# same way using one of following depending on which interface modules
# you're using.
config_eth1=( "dhcp" )

[...]

  • Créer le script de démarrage

# cd /etc/init.d
# ln -s net.lo net.eth1

Vérification que tout fonctionne

- ... La preuve en image sous GNU/Linux :


# /etc/init.d/net.eth1 start
* Starting eth1
*   Starting wpa_supplicant on eth1 ...
ioctl[SIOCSIWPMKSA]: Operation not supported                              [ ok ]
*     eth1 connected to "pervasive-ssid" at 00:11:95:F3:79:DB
*   Bringing up eth1
*     dhcp
*       Running dhcpcd ...                                               [ ok ]
*       eth1 received address 10.0.0.7

# wpa_cli -ieth1 status
bssid=00:11:95:f3:79:db
ssid=pervasive-ssid
pairwise_cipher=TKIP
group_cipher=TKIP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
ip_address=10.0.0.7
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
PNG - 8.5 ko
wpa_gui

Rq : alternative aux 2 commandes précédentes (sur une autre distribution linux ou pour lancer en mode "foreground" les commandes), taper dans une console :


# ifconfig eth1 up
# wpa_supplicant -d -ieth1 -c/etc/wpa_supplicant.conf -Dipw &
# dhclient eth1

- ... La preuve en image sous WindowsXP :

PNG - 15.9 ko
Etat de la connexion sans-fil
PNG - 39.4 ko
Choisir un réseau sans-fil

Documentation

- tutorial WPA pour Debian par David Curé
- tutorial WPA pour Ubuntu


[1] Pre Shared Key