Setup Wireless LAN for Raspberry Pi === The following guide describes how to setup Raspberry Pi to connect to Wifi. It was tested on the following environment: * Raspberry Pi Model B * Edimax EW-7811Un USB Wifi dongle * OS: Raspbian Jessie Here are the overview of the steps: 1. Ensure that the dongle is recognized 2. Setup authentication info 3. Ensure that the network interface use the authentication info 4. Prevent the dongle from powering down Step 1. Ensure that the dongle is recognized --- Check if the USB hub of the Pi detect the device: ```bash lsusb ``` You should see that the `Edimax` dongle is detected like the following. ``` Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. Bus 001 Device 005: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS] ``` Next, check if the kernel driver is loaded ```bash lsmod ``` You should see `8912cu` loaded in the output like below. ``` Module Size Used by 8192cu 528365 0 cfg80211 386508 0 rfkill 16651 2 cfg80211 i2c_dev 6027 18 snd_bcm2835 18649 0 ... ``` Check that the device is detected by Linux's wireless network configuration. ```bash iwconfig ``` You should see `wlan0` in the output like below. ``` wlan0 unassociated Nickname:"" ... ``` At this point, we can be sure that the dongle is operational. Step 2. Setup authentication info --- Now, you should check what type of authentication your network use. * __Personal:__ Typical home router require one password to connect. (Keywords: WPA, WPA2) * __Enterprise:__ If you use the enterprise network, e.g., `eduroam` at the university, you will have user name and password. (Keywords: PEAP, MSCHAPV2) For security reason, we will create a hash of your password. This hash will be used in the configuration file for the authentication info. This avoids saving your password in plain text. See [Appendix 1 (Personal)](#appendix1) or [Appendix 2 (Enterprise)](#appendix2) for details. Now you can add proper authentication info in the file `/etc/wpa_supplicant/wpa_supplicant.conf`. Use the following command to launch `nano` editor to edit this file. ```bash sudo nano /etc/wpa_supplicant/wpa_supplicant.conf ``` Here're what you should add (depending on the authentication type). Replace `YOUR_NETWORK_NAME`, `YOUR_USER_NAME`, `YOUR_PASSWORD_HASH` below. (Keep the quotation marks if present.) If you have multiple network configurations, you can also add multiple entries. __Personal authentication (WPA, WPA2)__ ``` network={ ssid="YOUR_NETWORK_NAME" proto=RSN key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP psk="YOUR_NETWORK_PASSWORD" } ``` __Enterprise authentication (MSCHAPV2)__ ``` network={ ssid="YOUR_NETWORK_NAME" proto=RSN key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP identity="YOUR_USER_NAME" password=hash:YOUR_PASSWORD_HASH phase1="peaplabel=0" phase2="auth=MSCHAPV2" } ``` For a thorough explanation about important keys in the settings, read [NetBeez's instruction][NetBeez]. Now, we have the authentication information ready. Step 3. Ensure that the network interface use the authentication info --- Here, you should edit `/etc/network/interface`. Find the section about `wlan0` and replace it with one of the following configuration (again, depending on your authentication type). __Personal authentication (WPA, WPA2)__ ``` auto wlan0 allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf ``` __Enterprise authentication (MSCHAPV2)__ ``` auto wlan0 allow-hotplug wlan0 iface wlan0 inet dhcp pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf post-down killall -q wpa_supplicant ``` Now, try bringing the network interface down and up again: ```bash sudo ifdown wlan0 sudo up wlan0 ``` The following error message should be ignored. It's a known bug upstream from Debian. ``` ioctl[SIOCSIWAP]: Operation not permitted ioctl[SIOCSIWENCODEEXT]: Invalid argument ioctl[SIOCSIWENCODEEXT]: Invalid argument ``` If there's no error, you should be able to see the wireless adapter connected with the following command ```bash iwconfig ``` The output will show the SSID and other connection info. ``` wlan0 IEEE 802.11bgn ESSID:"YOUR_NETWORK_NAME" Nickname:"" Mode:Managed Frequency:2.457 GHz Access Point: XX:XX:XX:XX:XX:XX Bit Rate:72.2 Mb/s Sensitivity:0/0 Retry:off RTS thr:off Fragment thr:off ``` You should check if you have an IP address with the following command: ```bash ifconfig ``` The `wlan0` entry should have an IP address, like the following. ``` ... wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:192.168.0.110 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:497 errors:0 dropped:32 overruns:0 frame:0 TX packets:373 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:83237 (81.2 KiB) TX bytes:60068 (58.6 KiB) ... ``` You should be able to ping Google. ```bash sudo ping google.com ``` Step 4. Prevent the dongle from powering down --- This is an optional step to prevent the dongle from powering down (resulting in periodic disconnection). Svay pointed this out in his [blog post][Svay]. First, we will add a task to periodically `ping` Google DNS server (`8.8.8.8`) ```bash crontab-e ``` Add the following line at the end of file. ``` */1 * * * * ping -c 1 8.8.8. ``` Next, we will configure the kernel driver not to power down. ```bash sudo nano /etc/modprobe.d/8192cu.conf ``` Add the following line ``` options 8192cu rtw_power_mgnt=0 rtw_enusbss=0 ``` All is good, now reboot you Pi. ``` sudo reboot ``` Appendix 2: Creating the hash of your password (Personal) --- You need to know your network name (SSID) and password. Then, use the following command. ```bash wpa_passphrase YOUR_NETWORK_NAME YOUR_PASSWORD ``` The output would be something like following. ``` network={ ssid="YOUR_NETWORK_NAME" #psk="YOUR_PASSWORD" psk=a1234e0629be38b2xxxxxxxx6db0263a1234e0629be38b2472ce72f6db027afc } ``` The string after `psk=` is your hash. (Here, it's `a1234...afc`). Don't forget to clear your history. See [Appendix 3](#appendix3) Appendix 2: Creating the hash of your password (Enterprise) --- The following instructions are for enterprise authentication. Use the following command, courtesy of [Duncan et al.][Duncan], to create a hash of your password. ```bash echo -n 'YOUR_PASSWORD' | iconv -t utf16le | openssl md4 ``` The output would be something like following. ``` (stdin)= a1234exxxxxxxx72f6db0263 ``` The string after the equal sign is your hash. (Here, it's `a6be0...20263`). Don't forget to clear your history. See [Appendix 3](#appendix3) Appendix 3: Clear History --- You should clear the history of your input which contains the password in plain text. If you don't mind wiping all history, use the following command: ```bash history -c ``` Otherwise, you can delete a specific line of history. The first command below shows the tail of your history list. Note the line number that contains your password. The second command remove the history at line 400. (Replace 400 with your line number.) ```bash history | tail history -d 400 ``` References === [Duncan][Duncan White, et al. wrote about keeping password in hashed form](https://www.doc.ic.ac.uk/~ajd/Robotics/RoboticsResources/wifi_setup.txt) [NetBeez][NetBeez wrote a good summary of important concepts about authentication](https://netbeez.net/2014/10/14/connect-your-raspberry-pi-to-wireless-enterprise-environments-with-wpa-supplicant/) [Savage][savage.home.automation's guide specific for Edimax](http://www.savagehomeautomation.com/projects/raspberry-pi-installing-the-edimax-ew-7811un-usb-wifi-adapte.html) [Svay][Svay's guide to setup wifi][http://svay.com/blog/setting-up-a-wifi-connection-on-the-raspberrypi/]