Linux with wifi support

Linux WiFi из командной строки с wpa_supplicant

В этой статье я расскажу, как можно настроить WiFi с помощью wpa_supplicant, без всяких Xorg/X11 утилит. Это необходимо для того, чтобы базовые службы ОС исправно работали с минимальным набором технических средств удаленного доступа. Программа будет исполняться как служба, настройки сделаны правкой конфиг файлов.

По-быстрому, установить соединение с открытой точкой доступа можно таким образом.

Если же надо всерьез и надолго, то прошу внутрь.

Общие сведения о wpa_supplicant

Что из себя представляет wpa_supplicant?

• Кросс-платформенная открытая реализация стандарта IEEE 802.11 для Linux, *BSD, Windows, Mac OS X и прочих систем.
• Полная поддержка WPA2, WPA и более старых протоколов безопасности беспроводной LAN сети.
• Приложение пользовательского пространства, выполняющее функции саппликанта и SME оператора, исполняющего MLME инструкции.

• WPA и полностью IEEE 802.11i/RSN/WPA2.
• WPA-PSK и WPA2-PSK (pre-shared key) («WPA-Personal»).
• WPA вместе с EAP (т.е., сервером аутентификации RADIUS) («WPA-Enterprise») управление ключами CCMP, TKIP, WEP (104/128 и 40/64 бит).
• Кэширование RSN, PMKSA: предварительную аутентификацию.

Как wpa_supplicant устанавливает связь с точкой доступа?

• Cетевой интерфейс должен исправно функционировать с установленным драйвером, прежде чем wpa_supplicant запустится.
• Wpa_supplicant запрашивает драйвер ядра сканировать доступные Basic Service Set (BSS).
• Wpa_supplicant производит выбор BSS в соответствии с настройками.
• Wpa_supplicant запрашивает драйвер ядра установить соединение с выбранной BSS.
• Для WPA-EAP: аутентификацию EAP производит встроенный IEEE 802.1X Supplicant, либо же внешний Xsupplicant с сервером аутентификации.
• Для WPA-EAP: получен мастер-ключ от IEEE 802.1X Supplicant.
• Для WPA-PSK wpa_supplicant использует пароль PSK в качестве мастер-ключа сессии.
• Wpa_supplicant производит с аутентификатором точки доступа 4-х этапное согласование [1] и групповое согласование ключей.
• Wpa_supplicant производит шифрование однонаправленных и широковещательных пакетов [2] , после чего начинается обычный обмен данными.

Главный и большой плюс wpa_supplicant — его юниксвейность, то есть соответствие принципу Unix Way, когда программа делает что-то одно, но делает это хорошо. В каком-то смысле wpa_supplicant также Gentoo Way. Она требует некоторого внимания и терпения вначале, но затем о ней можно напрочь забыть. После того как программа настроена и пущена в дело, она полностью выпадает из потока событий, превращаясь в пару строк из ps -ef . Она не сверкает и не мигает в системном трее, не оповещает о разведанных, подключенных и отключенных беспроводных сетях. Ее просто нет, пока вы сами ее не поищите.

Из минусов — сложность настройки и конфигурации. Много возни по сравнению с тырк-тырк-тырк в окне Network Manager , не говоря уже о WiFi подключении с любого Андроид устройства. Если вы собираетесь в поездку с Linux ноутбуком, то наверняка предпочтете более дружественный фронтенд настройки беспроводной сети, чтобы быстро подключаться к бесплатным точкам доступа WiFi в аэропорту, гостинице или в рабочей обстановке. Для домашнего же беспроводного интернета — самое то.

Установка

Если не выбирать графический фронтенд, то программа почти не тянет за собой никаких зависимостей. Для Gentoo Linux сгодится установка с выставленными флагами как показано.

• emerge -av wpa_supplicant #Gentoo
• aptitude install wpasupplicant #Debian
• yum install wpa_supplicant #Redhat
• pacman -S wpa_supplicant #Arch

Подключение без конфиг файла

Если вам нужно подключиться только один раз, то необходимости создавать файл конфигурации и вникать во все тонкости настройки, нет. Достаточно набрать несколько инструкций из командной строки.

Пример для открытой сети был показан в самом начале. Для закрытой WPA сети быстрое подключение выгладит так:

В начале надо запустить саму программу wpa_supplicant и сопутствующую wpa_cli .

Затем настройка из интерактивного интерфейса wpa_cli .

Для закрытой WPA2 сети:

В конце необходимо вручную запустить демон DHCP.

Подключение к Ad-Hoc сети

Никогда с такой не сталкивался, но готовым нужно быть ко всему. Подключение к открытой ad-hoc.

То же самое с помощью iw .

Настройка для домашней сети

Теперь самое интересное — настройка. Этот процесс задокументирован для Arch Wiki, Debian Wiki и Gentoo Wiki, но всех деталей там естественно нет.

Программа обычно ставится в директорию /etc/wpa_supplicant/ , и наша задача — правильно настроить конфигурационный файл wpa_supplicant.conf , и привязать его к автозапуску беспроводного сетевого интерфейса.

Начнем с wpa_supplicant.conf . Если вы подключаетесь из дома к WPA/WPA2, то скорее всего используете пароль для WiFi соединения, что соответствует режиму WPA-PSK («WPA-Personal») . Мы не будет рассматривать варианты с WEP шифрованием, так как оно ненамного лучше открытой сети.

Возьмем типовой конфиг из документации. Например такой.

Первая строка необходима, без ctrl_interface программа даже не запустится. GROUP=wheel нужно для того, чтобы запускать из под обычного пользователя в графическом интерфейсе wpa_gui, но это не наш путь. Поэтому меняем на рутовый GROUP=0 .

Каждой сети в файле настроек должен соответствовать блок network <> . Покопавшись в исходниках, обнаружил нашел годное писание переменной ap_scan в файле config.h , а в мануале и руководстве пользователя ее описание очень скудное.

ap_scan — AP scanning/selection

By default, wpa_supplicant requests driver to perform AP scanning and then uses the scan results to select a suitable AP. Another alternative is to allow the driver to take care of AP scanning and selection and use wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association information from the driver.

1: wpa_supplicant initiates scanning and AP selection (default).
0: Driver takes care of scanning, AP selection, and IEEE 802.11 association parameters (e.g., WPA IE generation); this mode can also be used with non-WPA drivers when using IEEE 802.1X mode;
do not try to associate with APs (i.e., external program needs to control association). This mode must also be used when using wired Ethernet drivers.

2: like 0, but associate with APs using security policy and SSID (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to enable operation with hidden SSIDs and optimized roaming;
in this mode, the network blocks in the configuration are tried one by one until the driver reports successful association; each network block should have explicit security policy (i.e., only one
option in the lists) for key_mgmt, pairwise, group, proto variables.

Note: ap_scan=2 should not be used with the nl80211 driver interface (the current Linux interface). ap_scan=1 is optimized work working with nl80211. For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.

• bssid — The Basic Service Set Identifier (BSSID), физический адрес точки доступа.
• key_mgmt — Протоколы аутентификации.
• pairwise — Для WPA2 укажите CCMP, а для WPA — TKIP.
• proto — WPA/WPA2.
• psk — Хэш пароля PreShared Key.

group: list of accepted group (broadcast/multicast) ciphers for WPA
CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
If not set, this defaults to: CCMP TKIP WEP104 WEP40

pairwise: list of accepted pairwise (unicast) ciphers for WPA
CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
NONE = Use only Group Keys (deprecated, should not be included if APs support pairwise keys)

proto: list of accepted protocols
WPA = WPA/IEEE 802.11i/D3.0
RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
If not set, this defaults to: WPA RSN

key_mgmt: list of accepted authenticated key management protocols
WPA-PSK = WPA pre-shared key (this requires ‘psk’ field)
WPA-EAP = WPA using EAP authentication (this can use an external program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically generated WEP keys
NONE = WPA is not used; plaintext or static WEP could be used
If not set, this defaults to: WPA-PSK WPA-EAP

Создаем хэш пароля для psk :

Все готово, чтобы создать конфиг сети. Итоговый файл должен выглядеть как-то так.

Верные значения для bssid , group , proto и pairwise можно определить, сканируя беспроводную сеть.

Команда iwlist из набора Wireless Tools устарела, вместо нее сейчас iw .

Настройка 802.1X для офиса

Стандарт IEEE 802.1X определяет более строгую модель подключения к WiFi сети. Вместо psk пароля необходимо предъявить серверный сертификат.

• ca_cert — Абсолютный путь к CA-сертификату в формате PEM или DER, необходим для возможности подтверждения сертификата сервера.
• ca_path — Абсолютный путь к директории, где хранятся файлы CA-сертификатов (в формате PEM), которые вы хотите добавить в список доверенных.
• client_cert — Абсолютный путь к клиентскому сертификату в формате PEM или DER.
• eap — Разделенный пробелами список поддерживаемых методов EAP: MD5, MSCHAPV2, OTP, GTC, TLS, PEAP, или TTLS.
• identity — Идентификации EAP, например имя пользователя.
• password — Пароль EAP.

Так может выглядеть блок, настроенный для подключения к сети в режиме WPA-Enterprise с аутентификацией 802.1X PEAP, в котором требуется ввод данных учетной записи пользователя:

А это пример блока, настроенного для подключения к сети в режиме WPA-Enterprise с аутентификацией 802.1X EAP-TLS, в котором требуются серверный и клиентский сертификаты:

Привязка wpa_supplicant к сетевой карте

Для Gentoo Linux надо добавить 2 строки в /etc/conf.d/net .

Список поддерживаемых -D драйверов. Для современных чипов и версий ядра подойдет nl80211 . На старом железе может взлететь wext .

• nl80211 — New driver.
• wext — Linux wireless extensions (generic).
• wired — wpa_supplicant wired Ethernet driver.
• roboswitch — wpa_supplicant Broadcom switch driver.
• bsd — BSD 802.11 support (Atheros, etc.).
• ndis — Windows NDIS driver.

Сетевая карта wlan0 должна быть залинкована с lo0 .

Следует также добавить wpa_supplicant в автозапуск.

Пользователи Debian добавляют запись в файл /etc/network/interfaces .

Пользователи RedHat добавляют в /etc/sysconfig/wpa_supplicant

а в файл /etc/sysconfig/network-scripts/ifcfg-wlan0

Отладка

После того как wpa_supplicant успешно подключилась к точке доступа, в dmesg можно увидеть протокол установки соединения.

Если же вместо этого вы увидите ошибку:

то скорее всего, надо использовать драйвер wext вместо nl80211 . А с ошибкой:

наоборот, вместо wext надо подставить nl80211 .
В ситуации, когда вы не можете определить ошибку, запустите wpa_supllicant напрямую с ключем -dd .

Источник

Network configuration/Wireless

The main article on network configuration is Network configuration.

Configuring wireless is a two-part process; the first part is to identify and ensure the correct driver for your wireless device is installed (they are available on the installation media, but often have to be installed explicitly), and to configure the interface. The second is choosing a method of managing wireless connections. This article covers both parts, and provides additional links to wireless management tools.

The #iw section describes how to manually manage your wireless network interface / your wireless LANs using iw . The Network configuration#Network managers section describes several programs that can be used to automatically manage your wireless interface, some of which include a GUI and all of which include support for network profiles (useful when frequently switching wireless networks, like with laptops).

Contents

Device driver

The default Arch Linux kernel is modular, meaning many of the drivers for machine hardware reside on the hard drive and are available as modules. At boot, udev takes an inventory of your hardware and loads appropriate modules (drivers) for your corresponding hardware, which will in turn allow creation of a network interface.

Some wireless chipsets also require firmware, in addition to a corresponding driver. Many firmware images are provided by the linux-firmware package; however, proprietary firmware images are not included and have to be installed separately. This is described in #Installing driver/firmware.

Check the driver status

To check if the driver for your card has been loaded, check the output of the lspci -k or lsusb -v command, depending on if the card is connected by PCI(e) or USB. You should see that some kernel driver is in use, for example:

Also check the output of the ip link command to see if a wireless interface was created; usually the naming of the wireless network interfaces starts with the letter «w», e.g. wlan0 or wlp2s0 . Then bring the interface up with:

For example, assuming the interface is wlan0 , this is ip link set wlan0 up .

Check kernel messages for firmware being loaded:

If there is no relevant output, check the messages for the full output for the module you identified earlier ( iwlwifi in this example) to identify the relevant message or further issues:

If the kernel module is successfully loaded and the interface is up, you can skip the next section.

Installing driver/firmware

Check the following lists to discover if your card is supported:

• See the table of existing Linux wireless drivers and follow to the specific driver’s page, which contains a list of supported devices. There is also a List of Wi-Fi Device IDs in Linux.
• The Ubuntu Wiki has a good list of wireless cards and whether or not they are supported either in the Linux kernel or by a user-space driver (includes driver name).
• Linux Wireless Support and The Linux Questions’ Hardware Compatibility List (HCL) also have a good database of kernel-friendly hardware.

Note that some vendors ship products that may contain different chip sets, even if the product identifier is the same. Only the usb-id (for USB devices) or pci-id (for PCI devices) is authoritative.

If your wireless card is listed above, follow the #Troubleshooting drivers and firmware subsection of this page, which contains information about installing drivers and firmware of some specific wireless cards. Then check the driver status again.

If your wireless card is not listed above, it is likely supported only under Windows (some Broadcom, 3com, etc). For these, you can try to use #ndiswrapper.

Utilities

Just like other network interfaces, the wireless ones are controlled with ip from the iproute2 package.

Managing a wireless connection requires a basic set of tools. Either use a network manager or use one of the following directly:

Software	Package	WEXT	nl80211	WEP	WPA/WPA2	Archiso[1]
wireless_tools 1	wireless_tools	Yes	No	Yes	No	Yes
iw	iw	No	Yes	Yes	No	Yes
wpa_supplicant	wpa_supplicant	Yes	Yes	Yes	Yes	Yes
iwd	iwd	No	Yes	No	Yes	Yes

1. Deprecated.

Note that some cards only support WEXT.

iw and wireless_tools comparison

The table below gives an overview of comparable commands for iw and wireless_tools. See iw replaces iwconfig for more examples.

iw command	wireless_tools command	Description
iw dev wlan0 link	iwconfig wlan0	Getting link status.
iw dev wlan0 scan	iwlist wlan0 scan	Scanning for available access points.
iw dev wlan0 set type ibss	iwconfig wlan0 mode ad-hoc	Setting the operation mode to ad-hoc.
iw dev wlan0 connect your_essid	iwconfig wlan0 essid your_essid	Connecting to open network.
iw dev wlan0 connect your_essid 2432	iwconfig wlan0 essid your_essid freq 2432M	Connecting to open network specifying channel.
iw dev wlan0 connect your_essid key 0:your_key	iwconfig wlan0 essid your_essid key your_key	Connecting to WEP encrypted network using hexadecimal key.
	iwconfig wlan0 essid your_essid key s:your_key	Connecting to WEP encrypted network using ASCII key.
iw dev wlan0 set power_save on	iwconfig wlan0 power on	Enabling power save.

Examples in this section assume that your wireless device interface is interface and that you are connecting to your_essid wifi access point. Replace both accordingly.

Get the name of the interface

To get the name of your wireless interface do:

The name of the interface will be output after the word «Interface». For example, it is commonly wlan0 .

Get the status of the interface

To check link status, use following command.

You can get statistic information, such as the amount of tx/rx bytes, signal strength etc., with following command:

Activate the interface

Some cards require that the kernel interface be activated before you can use iw or wireless_tools:

To verify that the interface is up, inspect the output of the following command:

The UP in
is what indicates the interface is up, not the later state DOWN .

Discover access points

To see what access points are available:

The important points to check:

• SSID: the name of the network.
• Signal: is reported in a wireless power ratio in dBm (e.g. from -100 to 0). The closer the negative value gets to zero, the better the signal. Observing the reported power on a good quality link and a bad one should give an idea about the individual range.
• Security: it is not reported directly, check the line starting with capability . If there is Privacy , for example capability: ESS Privacy ShortSlotTime (0x0411) , then the network is protected somehow.
  • If you see an RSN information block, then the network is protected by Robust Security Network protocol, also known as WPA2.
  • If you see an WPA information block, then the network is protected by Wi-Fi Protected Access protocol.
  • In the RSN and WPA blocks you may find the following information:
    • Group cipher: value in TKIP, CCMP, both, others.
    • Pairwise ciphers: value in TKIP, CCMP, both, others. Not necessarily the same value than Group cipher.
    • Authentication suites: value in PSK, 802.1x, others. For home router, you will usually find PSK (i.e. passphrase). In universities, you are more likely to find 802.1x suite which requires login and password. Then you will need to know which key management is in use (e.g. EAP), and what encapsulation it uses (e.g. PEAP). See #WPA2 Enterprise and Wikipedia:Authentication protocol for details.
  • If you see neither RSN nor WPA blocks but there is Privacy , then WEP is used.

Set operating mode

You might need to set the proper operating mode of the wireless card. More specifically, if you are going to connect an ad-hoc network, you need to set the operating mode to ibss :

Connect to an access point

Depending on the encryption, you need to associate your wireless device with the access point to use and pass the encryption key:

• No encryption
• WEP
  • using a hexadecimal or ASCII key (the format is distinguished automatically, because a WEP key has a fixed length):
  • using a hexadecimal or ASCII key, specifying the third set up key as default (keys are counted from zero, four are possible):

Regardless of the method used, you can check if you have associated successfully:

Authentication

This article or section needs expansion.

WPA2 Personal

WPA2 Personal, a.k.a. WPA2-PSK, is a mode of Wi-Fi Protected Access.

You can authenticate to WPA2 Personal networks using wpa_supplicant or iwd, or connect using a network manager. If you only authenticated to the network, then to have a fully functional connection you will still need to assign the IP address(es) and routes either manually or using a DHCP client.

WPA2 Enterprise

WPA2 Enterprise is a mode of Wi-Fi Protected Access. It provides better security and key management than WPA2 Personal, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called RADIUS server to handle the authentication of users. This is in contrast to Personal mode which does not require anything beyond the wireless router or access points (APs), and uses a single passphrase or password for all users.

The Enterprise mode enables users to log onto the Wi-Fi network with a username and password and/or a digital certificate. Since each user has a dynamic and unique encryption key, it also helps to prevent user-to-user snooping on the wireless network, and improves encryption strength.

This section describes the configuration of network clients to connect to a wireless access point with WPA2 Enterprise mode. See Software access point#RADIUS for information on setting up an access point itself.

For a comparison of protocols see the following table.

MS-CHAPv2

WPA2-Enterprise wireless networks demanding MSCHAPv2 type-2 authentication with PEAP sometimes require pptpclient in addition to the stock ppp package. netctl seems to work out of the box without ppp-mppe, however. In either case, usage of MSCHAPv2 is discouraged as it is highly vulnerable, although using another method is usually not an option.

eduroam

eduroam is an international roaming service for users in research, higher education and further education, based on WPA2 Enterprise.

Manual/automatic setup

• wpa_supplicant can be configured directly by its configuration file or using its CLI/GUI front ends and used in combination with a DHCP client. See the examples in /usr/share/doc/wpa_supplicant/wpa_supplicant.conf for configuring the connection details.
• iwd#WPA Enterprise
• NetworkManager can create WPA2 Enterprise profiles with nmcli or the graphical front ends. nmtui does not support this (NetworkManager issue 376), but may use existing profiles.
• ConnMan needs a separate configuration file before connecting to the network. See connman-service.config(5) and ConnMan#Connecting to eduroam (802.1X) for details.
• netctl supports wpa_supplicant configuration through blocks included with WPAConfigSection= . See netctl.profile(5) for details.

WPA3 Personal

WPA3 Personal, a.k.a. WPA3-SAE, is a mode of Wi-Fi Protected Access.

wpa_supplicant supports WPA3 Personal ( CONFIG_SAE is enabled in wpa_supplicant since version 2:2.9-4).

iwd supports WPA3 since at least version 1.0.

Tips and tricks

Respecting the regulatory domain

The regulatory domain, or «regdomain», is used to reconfigure wireless drivers to make sure that wireless hardware usage complies with local laws set by the FCC, ETSI and other organizations. Regdomains use ISO 3166-1 alpha-2 country codes. For example, the regdomain of the United States would be «US», China would be «CN», etc.

Regdomains affect the availability of wireless channels. In the 2.4GHz band, the allowed channels are 1-11 for the US, 1-14 for Japan, and 1-13 for most of the rest of the world. In the 5GHz band, the rules for allowed channels are much more complex. In either case, consult this list of WLAN channels for more detailed information.

Regdomains also affect the limit on the effective isotropic radiated power (EIRP) from wireless devices. This is derived from transmit power/»tx power», and is measured in dBm/mBm (1dBm=100mBm) or mW (log scale). In the 2.4GHz band, the maximum is 30dBm in the US and Canada, 20dBm in most of Europe, and 20dBm-30dBm for the rest of the world. In the 5GHz band, maximums are usually lower. Consult the wireless-regdb for more detailed information (EIRP dBm values are in the second set of brackets for each line).

Misconfiguring the regdomain can be useful — for example, by allowing use of an unused channel when other channels are crowded, or by allowing an increase in tx power to widen transmitter range. However, this is not recommended as it could break local laws and cause interference with other radio devices.

Since kernel 4.15, there are two ways to load the regulatory database. The first is to use the deprecated «central regulatory domain agent» provided by crda , which loads the database via udev rule. The second is to allow the kernel to load the database directly, which is supported by wireless-regdb . For direct loading the kernel must be configured with CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS set to yes and should, for security’s sake, be configured with CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS set to yes to allow for cryptographic verification of the database. This is true of the stock Arch kernel, but if you are using an alternate kernel, or compiling your own, you should verify this. More information is available at this guide.

To configure the regdomain, install crda or wireless-regdb and reboot (to reload the cfg80211 module and all related drivers). Check the boot log to make sure that CRDA is being called or the database loaded and key verified by cfg80211 :

The current regdomain can be set to the United States with:

And queried with:

However, setting the regdomain may not alter your settings. Some devices have a regdomain set in firmware/EEPROM, which dictates the limits of the device, meaning that setting regdomain in software can only increase restrictions, not decrease them. For example, a CN device could be set in software to the US regdomain, but because CN has an EIRP maximum of 20dBm, the device will not be able to transmit at the US maximum of 30dBm.

For example, to see if the regdomain is being set in firmware for an Atheros device:

For other chipsets, it may help to search for «EEPROM», «regdomain», or simply the name of the device driver.

To see if your regdomain change has been successful, and to query the number of available channels and their allowed transmit power:

A more permanent configuration of the regdomain can be achieved through editing /etc/conf.d/wireless-regdom and uncommenting the appropriate domain.

wpa_supplicant can also use a regdomain in the country= line of /etc/wpa_supplicant/wpa_supplicant.conf .

It is also possible to configure the cfg80211 kernel module to use a specific regdomain by adding, for example, options cfg80211 ieee80211_regdom=JP as module options. The module option is inherited from the old regulatory implementation and in modern kernels act as a userspace regulatory hint as if it came through nl80211 through utilities like iw and wpa_supplicant .

Rfkill caveat

Many laptops have a hardware button (or switch) to turn off wireless card, however, the card can also be blocked by kernel. This can be handled by rfkill. To show the current status:

If the card is hard-blocked, use the hardware button (switch) to unblock it. If the card is not hard-blocked but soft-blocked, use the following command:

Hardware buttons to toggle wireless cards are handled by a vendor specific kernel module, frequently these are WMI modules. Particularly for very new hardware models, it happens that the model is not fully supported in the latest stable kernel yet. In this case it often helps to search the kernel bug tracker for information and report the model to the maintainer of the respective vendor kernel module, if it has not happened already.

Power saving

Troubleshooting

This section contains general troubleshooting tips, not strictly related to problems with drivers or firmware. For such topics, see next section #Troubleshooting drivers and firmware.

Temporary internet access

If you have problematic hardware and need internet access to, for example, download some software or get help in forums, you can make use of Android’s built-in feature for internet sharing via USB cable. See Android tethering#USB tethering for more information.

Observing logs

A good first measure to troubleshoot is to analyze the system’s logfiles first. In order not to manually parse through them all, it can help to open a second terminal/console window and watch the kernels messages with

while performing the action, e.g. the wireless association attempt.

When using a tool for network management, the same can be done for systemd with

Frequently a wireless error is accompanied by a deauthentication with a particular reason code, for example:

Looking up the reason code might give a first hint. Maybe it also helps you to look at the control message flowchart, the journal messages will follow it.

The individual tools used in this article further provide options for more detailed debugging output, which can be used in a second step of the analysis, if required.

Failed to get IP address

• If getting an IP address repeatedly fails using the default dhcpcd client, try installing and using dhclient instead. Do not forget to select dhclient as the primary DHCP client in the connection manager.

• If you can get an IP address for a wired interface and not for a wireless interface, try disabling the wireless card’s power saving features (specify off instead of on ).

• If you get a timeout error due to a waiting for carrier problem, then you might have to set the channel mode to auto for the specific device:

Before changing the channel to auto, make sure your wireless interface is down. After it has successfully changed it, you can bring the interface up again and continue from there.

Valid IP address but cannot resolve host

If you are on a public wireless network that may have a captive portal, make sure to query an HTTP page (not an HTTPS page) from your web browser, as some captive portals only redirect HTTP. If this is not the issue, check if you can resolve domain names, it may be necessary to use the DNS server advertised via DHCP.

Setting RTS and fragmentation thresholds

Wireless hardware disables RTS and fragmentation by default. These are two different methods of increasing throughput at the expense of bandwidth (i.e. reliability at the expense of speed). These are useful in environments with wireless noise or many adjacent access points, which may create interference leading to timeouts or failing connections.

Packet fragmentation improves throughput by splitting up packets with size exceeding the fragmentation threshold. The maximum value (2346) effectively disables fragmentation since no packet can exceed it. The minimum value (256) maximizes throughput, but may carry a significant bandwidth cost.

RTS improves throughput by performing a handshake with the access point before transmitting packets with size exceeding the RTS threshold. The maximum threshold (2347) effectively disables RTS since no packet can exceed it. The minimum threshold (0) enables RTS for all packets, which is probably excessive for most situations.

Random disconnections

Cause #1

If dmesg says wlan0: deauthenticating from MAC by local choice (reason=3) and you lose your Wi-Fi connection, it is likely that you have a bit too aggressive power-saving on your Wi-Fi card. Try disabling the wireless card’s power saving features (specify off instead of on ).

If your card does not support enabling/disabling power save mode, check the BIOS for power management options. Disabling PCI-Express power management in the BIOS of a Lenovo W520 resolved this issue.

Cause #2

If you are experiencing frequent disconnections and dmesg shows messages such as

ieee80211 phy0: wlan0: No probe response from AP xx:xx:xx:xx:xx:xx after 500ms, disconnecting

try changing the channel bandwidth to 20MHz through your router’s settings page.

Cause #3

On some laptop models with hardware rfkill switches (e.g., Thinkpad X200 series), due to wear or bad design, the switch (or its connection to the mainboard) might become loose over time resulting in seemingly random hardblocks/disconnects when you accidentally touch the switch or move the laptop. There is no software solution to this, unless your switch is electrical and the BIOS offers the option to disable the switch. If your switch is mechanical (most are), there are lots of possible solutions, most of which aim to disable the switch: Soldering the contact point on the mainboard/wifi-card, glueing or blocking the switch, using a screw nut to tighten the switch or removing it altogether.

Cause #4

Another cause for frequent disconnects or a complete failure to connect may also be a sub-standard router, incomplete settings of the router, or interference by other wireless devices.

To troubleshoot, first best try to connect to the router with no authentication.

If that works, enable WPA/WPA2 again but choose fixed and/or limited router settings. For example:

• If the router is considerably older than the wireless device you use for the client, test if it works with setting the router to one wireless mode
• Disable mixed-mode authentication (e.g. only WPA2 with AES, or TKIP if the router is old)
• Try a fixed/free channel rather than «auto» channel (maybe the router next door is old and interfering)
• Disable WPS
• Change the router’s 5 GHz channel(s) to a non-DFS (Dynamic Frequency Selection) channel. Connections on such channels may be dropped or suddenly switched due to interference from nearby weather radar.
• Disable 40MHz channel bandwidth (lower throughput but less likely collisions) with cfg80211.cfg80211_disable_40mhz_24ghz=1
• If the router has quality of service settings, check completeness of settings (e.g. Wi-Fi Multimedia (WMM) is part of optional QoS flow control. An erroneous router firmware may advertise its existence although the setting is not enabled)

Cause #5

On some wireless network adapters (e.g. Qualcomm Atheros AR9485), random disconnects can happen with a DMA error:

A possible workaround is to disable the Intel IOMMU driver (DMA), adding intel_iommu=off to the kernel parameters [3].

Cause #6

If you are using a device with iwlwifi and iwlmvm for wireless connectivity, and your Wi-Fi card appears to disappear when on battery power (perhaps after a reboot or resuming from suspend), this can be fixed by configuring power saving settings in iwlmvm.

Create the file /etc/modprobe.d/iwlmvm.conf if it does not exist already, then add the following line to it:

A power_scheme of 1 sets iwlmvm to «Always Active.» Available options are:

Value	Description
1	Always Active
2	Balanced
3	Low-power

This fix was discovered at [4].

Cause #7

If your device undergoes long periods of inactivity (e.g. a file server) the disconnection may be due to power saving, which will block incoming traffic and prevent connections. Try disabling power saving for the interface:

You can create a udev rule to do this on boot, see Power management#Network interfaces.

Wi-Fi networks invisible because of incorrect regulatory domain

If the computer’s Wi-Fi channels do not match those of the user’s country, some in-range Wi-Fi networks might be invisible, because they use wireless channels that are not allowed by default. The solution is to configure the regulatory domain correctly, see #Respecting the regulatory domain.

Troubleshooting drivers and firmware

This section covers methods and procedures for installing kernel modules and firmware for specific chipsets, that differ from generic method.

See Kernel modules for general information on operations with modules.

Ralink/Mediatek

rt2x00

Unified driver for Ralink chipsets (it replaces rt2500 , rt61 , rt73 , etc). This driver has been in the Linux kernel since 2.6.24, you only need to load the right module for the chip: rt2400pci , rt2500pci , rt2500usb , rt61pci or rt73usb which will autoload the respective rt2x00 modules too.

A list of devices supported by the modules is available at the project’s homepage.

Additional notes

• Since kernel 3.0, rt2x00 includes also these drivers: rt2800pci , rt2800usb .
• Since kernel 3.0, the staging drivers rt2860sta and rt2870sta are replaced by the mainline drivers rt2800pci and rt2800usb [5].
• Some devices have a wide range of options that can be configured with iwpriv . These are documented in the source tarballs available from Ralink.

rt3090

For devices which are using the rt3090 chipset it should be possible to use rt2800pci driver, however, is not working with this chipset very well (e.g. sometimes it is not possible to use higher rate than 2Mb/s).

rt3290

The rt3290 chipset is recognised by the kernel rt2800pci module. However, some users experience problems and reverting to a patched Ralink driver seems to be beneficial in these cases.

rt3573

New chipset as of 2012. It may require proprietary drivers from Ralink. Different manufacturers use it, see the Belkin N750 DB wireless usb adapter forums thread.

mt7612u

New chipset as of 2014, released under their new commercial name Mediatek. It is an AC1200 or AC1300 chipset. Manufacturer provides drivers for Linux on their support page. As of kernel 5.5 it should be supported by the included mt76 driver.

Realtek

See [6] for a list of Realtek chipsets and specifications.

rtl8192cu

The driver is now in the kernel, but many users have reported being unable to make a connection although scanning for networks does work.

8192cu-dkms AUR includes many patches, try this if it does not work fine with the driver in kernel.

rtl8723ae/rtl8723be

The rtl8723ae and rtl8723be modules are included in the mainline Linux kernel.

Some users may encounter errors with powersave on this card. This is shown with occasional disconnects that are not recognized by high level network managers (netctl, NetworkManager). This error can be confirmed by running dmesg -w as root or journalctl -f as root and looking for output related to powersave and the rtl8723ae / rtl8723be module. If you are having this issue, use the fwlps=0 kernel option, which should prevent the WiFi card from automatically sleeping and halting connection. See Kernel module#Setting module options.

If you have poor signal, perhaps your device has only one physical antenna connected, and antenna autoselection is broken. You can force the choice of antenna with ant_sel=1 or ant_sel=2 kernel option. [7]

rtl88xxau

Realtek chipsets rtl8811au, rtl8812au, rtl8814au and rtl8821au designed for various USB adapters ranging from AC600 to AC1900. Several packages provide various kernel drivers, these require DKMS (the dkms package and the kernel headers installed):

Chipset	Driver version	Package	Notes
rtl8811au, rtl8812au, rtl8821au	5.6.4.2	rtl88xxau-aircrack-dkms-git AUR	Aircrack-ng kernel module for 8811au, 8812au and 8821au chipsets with monitor mode and injection support.
rtl8814au	5.8.5.1	rtl8814au-aircrack-dkms-git AUR	Aircrack-ng kernel module for 8814au chipsets with monitor mode and injection support.
rtl8812au	5.9.3.2	rtl8812au-dkms-git AUR	Latest official Realtek driver version for rtl8812au only.
rtl8811au, rtl8821au	5.8.2.3	rtl8821au-dkms-git AUR	Newer driver version for rtl8821au.
rtl8814au	5.8.5.1	rtl8814au-dkms-git AUR	Possibly works for rtl8813au too. Seems to be deprecated in favor of rtl8814au-aircrack-dkms-git AUR

rtl8811cu/rtl8821cu

rtl8821cu-dkms-git AUR provides a kernel module for the Realtek 8811cu and 8821cu chipset.

This requires DKMS, so make sure you have your proper kernel headers installed.

If no wireless interface shows up even though the 8821cu module is loaded, you may need to manually specify the rtw_RFE_type option [8][9]. Try e.g. rtw_RFE_type=0x26 , other values might also work. See Kernel module#Setting module options for details.

rtl8821ce

rtl8821ce-dkms-git AUR provides a kernel module for the Realtek 8821ce chipset found in the Asus X543UA.

This requires DKMS, so make sure you have your proper kernel headers installed.

rtl8822bu

rtl8822bu-dkms-git AUR or rtl88x2bu-dkms-git AUR provides a kernel module for the Realtek 8822bu chipset found in the Edimax EW7822ULC USB3, Asus AC53 Nano USB 802.11ac and TP-Link Archer T3U adapter.

This requires DKMS, so make sure you have your proper kernel headers installed.

rtl8xxxu

This article or section needs expansion.

Issues with the rtl8xxxu mainline kernel module may be solved by compiling a third-party module for the specific chipset. The source code can be found in GitHub repositories.

Some drivers may be already prepared in the AUR, e.g. rtl8723bu-git-dkms AUR .

Atheros

The MadWifi team currently maintains three different drivers for devices with Atheros chipset:

• madwifi is an old, obsolete driver. Not present in Arch kernel since 2.6.39.1 [10] .
• ath5k is newer driver, which replaces the madwifi driver. Currently a better choice for some chipsets, but not all chipsets are supported (see below)
• ath9k is the newest of these three drivers, it is intended for newer Atheros chipsets. All of the chips with 802.11n capabilities are supported.

There are some other drivers for some Atheros devices. See Linux Wireless documentation for details.

ath5k

If you find web pages randomly loading very slow, or if the device is unable to lease an IP address, try to switch from hardware to software encryption by loading the ath5k module with nohwcrypt=1 option. See Kernel modules#Setting module options for details.

Some laptops may have problems with their wireless LED indicator flickering red and blue. To solve this problem, do:

For alternatives, see this bug report.

ath9k

As of Linux 3.15.1, some users have been experiencing a decrease in bandwidth. In some cases this can fixed by setting the nohwcrypt=1 option for the ath9k module. See Kernel module#Setting module options.

In the unlikely event that you have stability issues that trouble you, you could try using the backports-patched AUR package. An ath9k mailing list exists for support and development related discussions.

Power saving

Although Linux Wireless says that dynamic power saving is enabled for Atheros ath9k single-chips newer than AR9280, for some devices (e.g. AR9285) powertop might still report that power saving is disabled. In this case enable it manually.

On some devices (e.g. AR9285), enabling the power saving might result in the following error:

The solution is to set the ps_enable=1 option for the ath9k module, see Kernel module#Setting module options.

Intel

ipw2100 and ipw2200

These modules are fully supported in the kernel, but they require additional firmware. Depending on which of the chipsets you have, install either ipw2100-fw or ipw2200-fw . Then reload the appropriate module.

iwlegacy

iwlegacy is the wireless driver for Intel’s 3945 and 4965 wireless chips. The firmware is included in the linux-firmware package.

udev should load the driver automatically, otherwise load iwl3945 or iwl4965 manually. See Kernel modules for details.

If you have problems connecting to networks in general, random failures with your card on bootup or your link quality is very poor, try to disable 802.11n:

If the failures persist during bootup and you are using Nouveau driver, try enabling early KMS to prevent the conflict [11].

iwlwifi

iwlwifi is the wireless driver for Intel’s current wireless chips, such as 5100AGN, 5300AGN, and 5350AGN. See the full list of supported devices. The firmware is included in the linux-firmware package. The linux-firmware-iwlwifi-git AUR may contain some updates sooner.

If you have problems connecting to networks in general or your link quality is very poor, try to disable 802.11n, and perhaps also enable software encryption:

If you have a problem with slow uplink speed in 802.11n mode, for example 20Mbps, try to enable antenna aggregation:

Do not be confused with the option name, when the value is set to 8 it does not disable anything but re-enables transmission antenna aggregation.[12] [13]

In case this does not work for you, you may try disabling power saving for your wireless adapter.

Some have never gotten this to work. Others found salvation by disabling N in their router settings after trying everything. This is known to have be the only solution on more than one occasion. The second link there mentions a 5ghz option that might be worth exploring.

If you have an 802.11ax (WiFi 6) access point and have problems detecting the beacons or an unreliable connection, review Intel Article 54799.

Bluetooth coexistence

If you have difficulty connecting a bluetooth headset and maintaining good downlink speed, try disabling bluetooth coexistence [14]:

Firmware stack traces

The factual accuracy of this article or section is disputed.

You may have some issue where the driver outputs stack traces & errors, which can cause some stuttering.

To fix those errors, you may downgrade the package linux-firmware or rename the last version of the firmware used by your device so that an older version is loaded (which keeps it out of pacman’s ignored packages).

Disabling LED blink

The default settings on the module are to have the LED blink on activity. Some people find this extremely annoying. To have the LED on solid when Wi-Fi is active, you can use the systemd-tmpfiles:

Run systemd-tmpfiles —create phy0-led.conf for the change to take effect, or reboot.

To see all the possible trigger values for this LED:

Broadcom

Other drivers/devices

Tenda w322u

Treat this Tenda card as an rt2870sta device. See #rt2x00.

orinoco

This should be a part of the kernel package and be installed already.

Some Orinoco chipsets are Hermes II. You can use the wlags49_h2_cs driver instead of orinoco_cs and gain WPA support. To use the driver, blacklist orinoco_cs first.

prism54

The driver p54 is included in kernel, but you have to download the appropriate firmware for your card from this site and install it into the /usr/lib/firmware directory.

ACX100/111

Packages: tiacx tiacx-firmware (deleted from official repositories and AUR)

zd1211rw

zd1211rw is a driver for the ZyDAS ZD1211 802.11b/g USB WLAN chipset, and it is included in recent versions of the Linux kernel. See [15] for a list of supported devices. You only need to install the firmware for the device, provided by the zd1211-firmware AUR package.

hostap_cs

Host AP is a Linux driver for wireless LAN cards based on Intersil’s Prism2/2.5/3 chipset. The driver is included in Linux kernel.

ndiswrapper

Ndiswrapper is a wrapper script that allows you to use some Windows drivers in Linux. You will need the .inf and .sys files from your Windows driver.

Follow these steps to configure ndiswrapper.

2. Install the driver to /etc/ndiswrapper/*

3. List all installed drivers for ndiswrapper

4. Let ndiswrapper write its configuration in /etc/modprobe.d/ndiswrapper.conf :

Now the ndiswrapper install is almost finished; follow the instructions on Kernel modules#Automatic module loading with systemd to automatically load the module at boot.

The important part is making sure that ndiswrapper exists on this line, so just add it alongside the other modules. It would be best to test that ndiswrapper will load now, so:

and wlan0 should now exist. If you have problems, some help is available at: ndiswrapper howto and ndiswrapper FAQ.

backports-patched

backports-patched AUR provide drivers released on newer kernels backported for usage on older kernels. The project started since 2007 and was originally known as compat-wireless, evolved to compat-drivers and was recently renamed simply to backports.

If you are using old kernel and have wireless issue, drivers in this package may help.

Источник