# WiFi: WEP and WPA/WPA2 mixed mode/roaming possible?



## GrandAdmiralThrawn (Nov 13, 2014)

Hello guys,

I am (once again) playing around with BSD systems on a notebook I got for free, and it seems I'll stay on FreeBSD this time. It's working pretty smoothly by now after a bit of work, there is just one thing that bugs me a bit, and that's WiFi.

It seems it's impossible to configure WiFi for both WPA(2) and WEP fallback? Can't be, right? So I guess I'm doing it wrong. I can manage either WPA(2) or WEP, but not with a unified configuration at the same time.

So I started with WPA2 first. Here's /etc/rc.conf (only relevant lines shown).

```
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
```
And /etc/wpa_supplicant.conf:

```
ctrl_interface=/var/run/wpa_supplicant
eapol_version=2
ap_scan=1
fast_reauth=1

network={
  ssid="MyWPAnet"
  scan_ssid=1
  #+ any_bssid
  key_mgmt=WPA-PSK
  psk="mypassphrase"
}
```
It worked fine, so I thought I could just rely on /etc/wpa_supplicant.conf for WEP too, which is why I added this to the file:

```
network={
  ssid="MyWEPnet"
  scan_ssid=1
  #+ any_bssid
  key_mgmt=NONE
  wep_key1="MyWEPkey104bi"
  wep_tx_keyidx=1
}
```
I do `service netif restart`, I wait, nothing. No associated SSID on the wlan0 interface, and it still showed as being in WPA mode in `ifconfig`. Okay I thought, so let's just use ifconfig itself instead:

```
ifconfig wlan0 down
ifconfig wlan0 ssid MyWEPnet wepmode on wepkey 1:0x4d795745506b65793130346269 weptxkey 1 up
```
The key I just converted to hex myself in case you're wondering, as I wasn't sure whether ASCII works when fed to ifconfig like that. The sequence is correct though, as I found out later. Well, but `ifconfig wlan0 scan` worked, but nothing else did!

What I had to do was to change the line 
	
	



```
ifconfig_wlan0="WPA DHCP"
```
 in /etc/rc.conf to 
	
	



```
ifconfig_wlan0="DHCP"
```
 then use the ifconfig line shown above, and boom! It worked with a WEP-encrypted network. It seems the WPA part in /etc/rc.conf resulted in enforced WPA. Or maybe wpa_supplicant was somehow failing or I configured it wrong, no idea.

So I wrote myself two configuration files for both /etc/rc.conf and /etc/wpa_supplicant.conf (just to make sure), one for WEP and one for WPA. That plus a switching script to be run as root (that's very amateurish, but gets the job done), see here:

```
#!/usr/local/bin/bash

if [ -f /etc/rc.conf.wpa ]
then
  echo -e "Currently in WEP mode. Switching to WPA/WPA2...\n"
  cp /etc/rc.conf /etc/rc.conf.wep
  cp /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.wep
  mv -f /etc/rc.conf.wpa /etc/rc.conf
  mv -f /etc/wpa_supplicant.conf.wpa /etc/wpa_supplicant.conf
  service netif restart
elif [ -f /etc/rc.conf.wep ]
then
  echo -e "Currently in WPA/WPA2 mode. Switching to WEP...\n"
  cp /etc/rc.conf /etc/rc.conf.wpa
  cp /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.wpa
  mv -f /etc/rc.conf.wep /etc/rc.conf
  mv -f /etc/wpa_supplicant.conf.wep /etc/wpa_supplicant.conf
  ifconfig wlan0 down
  ifconfig wlan0 ssid MyWEPnet wepmode on wepkey 1:0x4d795745506b65793130346269 weptxkey 1 up
else
  echo -e "Couldn't find my files, check /etc/rc.conf.[wpa|wep]!\n"
  exit 1
fi
```
I tried the switch to WEP at work (where we have such a network), and it went well. Just now I tested it at home to go back to WPA2 mode, and it just does the job.

But the question is: Should I really fool around like this? Is there no better way, maybe with a GUI? wifimgr doesn't work for me, just not applying any settings and wpa_gui also doesn't do what it's supposed to. Is there no easy and smooth GUI or CLI way to use WiFi roaming in FreeBSD? Oh, FreeBSD 10 (-RELEASE) by the way in case it matters.

It seems a bit weird to have to hack around like that to get to some really inelegant way of roaming. It would be nice to have a tool that can just scan for WiFi, take the users input for a connection, connect and save the configuration somewhere for later (likely in /etc/wpa_supplicant.conf I guess). I understand that's what wifimgr and wpa_gui are for, but they just don't work, at least for me on FreeBSD 10. And there seems to be no wicd or NetworkManager, not even in the ports tree, too many Linux dependencies I heard.

Any ideas on this? Not sure if I'm just too blind to see the solution or something.

Thanks!


----------



## SirDice (Nov 13, 2014)

Don't use WEP at all. It's extremely easy to crack.


----------



## GrandAdmiralThrawn (Nov 13, 2014)

It depends on your threat model. My university/employer uses it, doing the real authentication using an HTTPS-based system. One has to be aware of the implications, that's all. And it's not my choice anyway. At home I do use WPA2.

I don't want to be rude, but my question was not "should I be using WEP?" It was "can I somehow get smooth WEP/WPA2 roaming?"

Thank you.


----------



## GrandAdmiralThrawn (Nov 15, 2014)

Hmm, after looking for ways for some time, I found nothing. So it seems there is no super-easy way of doing this. I will go ahead then and enhance my scripts to provide proper user interaction, so it's easier to roam to new networks and store them in wpa_supplicant.conf for WPA/WPA2 and maybe in my own configuration file for WEP networks.


----------

