# wpa_supplicant ignores config files?



## disi (Mar 8, 2011)

Hi,

I just setup FreeBSD 8.2 and want to connect to only one wireless network (our houselan).

the /etc/wpa_supplicant.conf looks like this:

```
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=2

network={
  ssid="houelan"
  key_mgmt=WPA-PSK
  scan_ssid=1
  psk="somesecret_stuff_thingy"
}
```

It works fine, if I run:

```
# ifconfig wlan0 create wlandev ath0
# wpa_supplicant -c /etc/wpa_supplicant.conf -i wlan0
```
Then "ifconfig blabla" and "route add default" etc. and I am on the internet.

now, my /etc/rc.conf looks like this:

```
wlans_ath0="wlan0"
ifconfig_wlan0="WPA" # also tried wpa_supplicant="YES", same result
ifconfig_wlan0="inet 192.168.1.100 netmask 255.255.255.0"
defaultrouter="192.168.1.254"
```

It always connects to the next unsecure network, but I understand ap_scan=2 with scan_ssid=1 will only use configured networks in the wpa_supplicant.conf. We have those unsecured BTFON and BTOpenzone networks in the area and it always uses those instead of our secured network.

wpa_supplicant seems to ignore the wpa_supplicant.conf, if I use the options in rc.conf. Can I just put the lines to start *wpa_supplicant* manually into my rc.conf, like 
	
	



```
wpa_supllicant -B -c /etc/wpa_supplicant.conf -i wlan0
```
?


----------



## cheme (Mar 8, 2011)

Hello,

Check out the Handbook's wireless networking section.  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html  There is a ton of great information on configuring your network.  

Try combining your ifconfig lines into one like this.


```
[B]/etc/rc.conf[/B]
wlans_ath0="wlan0"
ifconfig_wlan0="WPA inet 192.168.1.100 netmask 255.255.255.0"
defaultrouter="192.168.1.254"
```

The handbook section also mentions that you can add the ssid of your access point to the end of the ifconfig line, if you are connecting to one access point.

Also check out http://www.freebsd.org/cgi/man.cgi?query=wpa_supplicant.conf&sektion=5

The wpa_supplicant.conf man page states that ap_scan should be set to 1 when using the wlan module.  


```
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=1
network={
  ssid="houelan"
  key_mgmt=WPA-PSK
  scan_ssid=1
  psk="somesecret_stuff_thingy"
}
```

Once you have made these two changes try rebooting.  

I use DHCP so I haven't tested this configuration out with a static setup. 

On a side note in my configuration I do not use ap_scan or scan_ssid in my /etc/wpa_supplicant.conf.  I also do  not set the defulatrouter in my /etc/rc.conf file.   Again I use DHCP and it may take care of some of these settings for me.

Good Luck.


----------



## disi (Mar 8, 2011)

Thanks for the answer. I oversaw the information that ap_scan=2 is for other OS. *wpa_supplicant* didn't complain about the setting running in the terminal (as it did with some other options I found and tested).

I separated the ip configuration from the wireless configuration to see, that I first get the link up and running to the correct AP. This happens before DHCP or anything and that's where it goes wrong and connects to the wrong AP (ignoring my wpa_supplicant.conf) 

AFAIK, *ifconfig* cannot handle WPA encryption, only WEP. That's why I didn't put the ssid information into the line (I think that this is exclusively handled by *wpa_supplicant* to bring up the link).

When I get home (stupid work), I'll just put the line into rc.conf and see what happens (apparently the rc.conf is not automatically overwritten or anything and a normal bash file?).


----------



## wblock@ (Mar 8, 2011)

disi said:
			
		

> now, my /etc/rc.conf looks like this:
> 
> ```
> wlans_ath0="wlan0"
> ...



That won't work.  /etc/rc.conf is a shell script, sourced by the rc.d scripts.  Those lines are variable assignments.  So the first ifconfig_wlan0 sets a value, and then the second overwrites it.  They'll have to be combined; maybe just

```
ifconfig_wlan0="WPA inet 192.168.1.100 netmask 255.255.255.0"
```
I can't recall trying a static IP with WPA, that might need adjusting.

Further notes: for a standard WPA setup, you only need this in /etc/wpa_supplicant.conf:

```
network={
        ssid="myssid"
        psk="myultrasupersecretpsk"
}
```

scan_ssid=1 indicates you're using a "hidden" SSID, which does not, in fact, hide an SSID.  It's merely a request to polite clients to ignore the SSID, makes the network harder to use, and offers questionable security benefits.  So I suggest removing that and setting your access point from not-really-hidden-SSID to normal.


----------



## disi (Mar 8, 2011)

Oh it does  for some reason...

If I start /etc/rc.d/netif I get associated with some unsecure network around (e.g. BTFON) and have the ip 192.168.1.100/24 on the adapter wlan0. That makes me wonder, if wpa_supplicant is started at all if the two lines are seperated ^^

Maybe ifconfig just looks around for some wireless network, it can connect to (which excludes wpa encrypted networks), and uses the first one it gets.

Thanks, I'll change that later and post my results...


----------



## wblock@ (Mar 8, 2011)

disi said:
			
		

> That makes me wonder, if wpa_supplicant is started at all if the two lines are seperated ^^



No, it isn't, because the second line overwrites the first.  Put another way, whenever you have more than one line assigning values to a variable, the last one is the one that wins.  The values aren't combined, just replaced.  It's the same as having only that last line alone.

All of these lines set the ifconfig_wlan0 variable to a value.  Since the last one is... last, that's the final value of the variable.

```
ifconfig_wlan0="problem?"
ifconfig_wlan0="DHCP, but not really"
ifconfig_wlan0="WPA SYNCDHCP"
```

None of this does anything except set variable values.  Then the rc.d scripts do things based on those values.


----------



## disi (Mar 8, 2011)

Just came home...

That did it, new lines:

```
ifconfig_wlan0="WPA"
ifconfig_wlan0="$ifconfig_wlan0 inet 192.168.1.100 netmask 255.255.255.0"
```

associated with the correct AP and correct ip address, thanks


----------



## phoenix (Mar 8, 2011)

Remove the first line, and just put WPA at the start of the second line.

You only need one line to make it work.


----------

