WiFi data encryption AES and WAP2

[MikelC]

I am trying to setup my WiPi dongle without success with data encryption for AES and WPA2-PSK which is supported by the h/w (according to its data sheets), but does not seem to be supported by the driver s/w. My SSID is captured OK, though.

When trying to configure with the GUI WiFi Configuration program, there was no selection for AES or WPA2-PSK. I have tried writing the wipi configuration file (the GUI setup: wpa_supplicant.conf) with the following code:
Network={
Ssid="MIC" my ssid
Key_mgmt=WPA2-PSK
group=CCMP
pairwise=AES
proto=WPA2
psk="encryptionkey"
}
But still does not connect to my home wif (home IP Address is Dynamic (WAN)
Mike

[klricks]

If you router encryption is set to AES then set the encryption on the RPi to CCMP.

The Config GUI really should show something like CCMP(AES) in the menu choices. Confusing to many people the way it is as there is no reference to AES at all. I figured it out by Googling AES and it came up many times the 2 terms used together or synonymously.

This is my conf file as written by the WIFI Config GUI....

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid="myssid"
        psk="mypasskey"
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        auth_alg=OPEN
}

[SirLagz]

Alternatively don't use the wpa conf file at all, and place the SSID and PSK straight into /etc/network/interfaces (assuming you're using Raspbian)

Code: Select all

auto wlan0
iface wlan0 inet dhcp
wpa_ssid SSID
wpa_psk PSK

[MikelC]

My USB WiPi is now up and running.

Thanks for your help!
MikeC

If you router encryption is set to AES then set the encryption on the RPi to CCMP.

The Config GUI really should show something like CCMP(AES) in the menu choices. Confusing to many people the way it is as there is no reference to AES at all. I figured it out by Googling AES and it came up many times the 2 terms used together or synonymously.

This is my conf file as written by the WIFI Config GUI....

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid="myssid"
        psk="mypasskey"
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        auth_alg=OPEN
}

[paddypower]

Been hunting for this for ages.. Finally got exactly the right setup, thankyou for your guidance.
My problem was the wifi connecting fine to WPA access points, but failing when accessing a WPA2 & AES encryption point.

I'm running Squeezeplug, which has a walkthru interface to set this up, but it wouldn't work on this setup. So into /etc/wpa_supplicant/wpa_supplicant.conf I went.. and fiddled..

Seems like the key is to change pairwise and group to "CCMP",

trl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="network name"
psk="password"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
group=CCMP
auth_alg=OPEN
}

Logged in and works a treat now!

D

[pilukas]

Hi!
I'm in the very same situation here. I tried through the GUI and through etc/network/interfaces and neither options worked I reset to (what I think is) default so now it looks like this:

Code: Select all

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

I tried the wpa_supplicant, it shows installed and in the newest version, but there is no /etc/wpa_supplicant/wpa_supplicant.conf file (or folder) to modify

The moment I drop all the security the device works properly (and the device appears active in wlan0)

Thanks for any input and help

[SirLagz]

Use the following stanza for wlan0

Code: Select all

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid <ssid here>
wpa-psk <psk here>

[pilukas]

Use the following stanza for wlan0

Code: Select all

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid <ssid here>
wpa-psk <psk here>

Should I add some code for the AES encryption? I think I added all, but something could be missing as it's not working

[SirLagz]

Use the following stanza for wlan0

Code: Select all

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid <ssid here>
wpa-psk <psk here>

Should I add some code for the AES encryption? I think I added all, but something could be missing as it's not working

Nope, the wifi stick will automagically figure out how to connect.
Are you sure ssid and psk is correct ?
Is the network a 2.4ghz network or 5ghz network ?
What USB stick do you have ?

[pilukas]

Nope, the wifi stick will automagically figure out how to connect.
Are you sure ssid and psk is correct ?
Is the network a 2.4ghz network or 5ghz network ?
What USB stick do you have ?

I'm sure about the ssid and psk, I tried both within quotation marks and without (which one is the standard way? I don't know)
The network is a standard 2.4ghz
My USB stick is the "official" Wi-Pi and works ok when I drop the security, so it has something to do with the config file :/
I tried through the GUI too, pointless. The thing is the GUI fill my PSK pass with more * than it should have :/

[SirLagz]

Nope, the wifi stick will automagically figure out how to connect.
Are you sure ssid and psk is correct ?
Is the network a 2.4ghz network or 5ghz network ?
What USB stick do you have ?

I'm sure about the ssid and psk, I tried both within quotation marks and without (which one is the standard way? I don't know)
The network is a standard 2.4ghz
My USB stick is the "official" Wi-Pi and works ok when I drop the security, so it has something to do with the config file :/
I tried through the GUI too, pointless. The thing is the GUI fill my PSK pass with more * than it should have :/

Can you paste the /etc/network/interfaces file after you've obfuscated the psk ?

[pilukas]

My interfaces file looks like this

Code: Select all

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid ******
wpa-psk ******

iface default inet dhcp

I tried several combinations though, even deleting everything not wlan0 related :/ The ssid setup is hidden, by the way (if it helps in any way)

[SirLagz]

Hidden SSID causes issues.
Don't use hidden SSIDs.

[pilukas]

Oh, thank you
It's not in my power to change that status though

[SirLagz]

Oh, thank you
It's not in my power to change that status though

Bugger.
In that case, change the configuration to use a configuration file
Similar to how this is set up - http://ubuntuforums.org/showthread.php?t=1659866

[pilukas]

Thank you, I'll look into that and try the wifi manager to set it up to non-hidden

[pilukas]

I got the manager to show the ssid and I got it work smoothly, thank again

[skyte]

Hi, I've just got a Raspberry Pi from Maplins.
All is seems to be fine apart form the wifi... I'm trying to connect to a BT Home Hub.
WPA & WPA2 with AEP encryption.
Unfortunately there is no option for AEP on the Pi wifi GUI but I read in this post that CCMP is fine.
The GUI didn't seem to be able to connect at all and would crash, losing all ability to even scan for networks.
I then edited \etc\wpa_supplicant\wpa_supplicant.conf as per the post above. Now the wifi GUI current status is showing...
status: Completed (station)
Last Message: - Connection to [some letters and numbers] comple
Authentication: WPA2-PSK
Encription: CCMP + TKIP
SSID: BTHubxxx
BSSID: [some letters and numbers]
IP Address: [BLANK] although one did flash up for about a second!

This all goes blank then status goes to scanning >> Associating >> completed

My home hub shows that the Pi has connected but it seems like the connection doesn't last for long.

I can't get any internet access

Has anyone had any luck connecting a Pi to a BT Home Hub?

[aceuser]

The followings work for my TP-LINK wifi dongle. I think the theory should work for all wifi adaptors.

From the troubleshooting, I found that...
* wpa_supplicant does not work with dhcp.
So there is no point to setting wlan0 to "iface wlan0 inet dhcp" in /etc/network/interfaces.
It will not work. You see the error message in the boot up.
* Because of that, all the settings are fine. But because there is no dhcp, wlan0 is running but no IP address.
This is confusing. We thought wlan0 was not working completely.
* If you use "ifup wlan0", there are some problems caused by the fact that wlan0 is already up and running.
You need to do "ifdown" and then "ifup". But this down-up is causing other problems, which makes it impossible
to do "ifdown-ifup" in the "/etc/rc.local" auto start script.
* The way you really want is not to start wlan0 automatically.
That is, we need to comment out "auto wlan0" in the /etc/network/interface.
The command "wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf" in the "/etc/network/interface" will start wlan0 for you.
* Now that we only have one wlan0 (wpa_supplicant) running. We can then run "dhclient" command in the "/etc/rc.local" startup script,
because "wpa-roam" does not support dhcp, so we need to do it in the startup script with "dhclient wlan0" command.
* When it all works, the bootup will take longer.

[anAgent]

My network is setup with WAP2-Personal with AES:

How I solved this was by using was by using the command "wpa_passphrase". I then used the generated psk key to configure my /etc/wpa_supplicant/wpa_supplicant.conf file. The wpa_supplicant.conf file looks like the following:

network={
ssid="ZION"
psk=cThisIsTheGeneratedKey
proto=RSN
key_mgmt=WPA-PSK
pairwize=CCMP
auth_alg=OPEN
}

I hope that helps someone as it took me a few hours of all the different forms just to get this to work.

[Asdfgh1995]

If you router encryption is set to AES then set the encryption on the RPi to CCMP.

The Config GUI really should show something like CCMP(AES) in the menu choices. Confusing to many people the way it is as there is no reference to AES at all. I figured it out by Googling AES and it came up many times the 2 terms used together or synonymously.

This is my conf file as written by the WIFI Config GUI....

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid="myssid"
        psk="mypasskey"
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        auth_alg=OPEN
}

So I see some of this code on my own pi finally but it is a model 3 B so i dont need to fight with an adapter but I am still having issues. Should I copy all of this into my own file word for word because some of the lines I dont know and I am not sure if I have to put it in for my particular network. For example my key management according to my router now is WPA2-PSK(AES) and that AES on a pi becomes CCMP and I am not even seeing the pairwise line on my pi yet.

So how closely should I follow these codes and should I tweak the WPA-PSK to WPA2-PSK?

[morguslethe]

If you router encryption is set to AES then set the encryption on the RPi to CCMP.

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid="myssid"
        psk="mypasskey"
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        auth_alg=OPEN
}

LONG STORY SHORT: this should not be necessary. use a fresh version of raspbian, and use sudo-raspi config to set wifi country, wifi name and password. If it doesn't work, check your router for uncommon settings. If it doesn't work for your 5ghz wifi, try it on 2.4ghz. If it still doesn't work, GIVE UP. This is a rabbit hole that will eat up a lot of time.

I thought the post I quoted worked, and it did once, but after reboot nothing worked again. I spent another 5 hours trying to diagnose this issue, learned a lot, but ultimately gave up. My freshly installed and upgraded Pi 3 B+ just refuses to connect to my 5ghz wifi. The strange part is it connects successfully to the 5ghz hotspot on my phone (perhaps it's 5ghz N standard instead of ac?)
I have no idea why it worked that ONE TIME previously. But now it works completely fine for the 2.4ghz. So, I conclude there is a bug or crappy wifi hardware on the Pi, or some setting the pi doesn't like on my almost-default mikrotik router. It should work, but doesn't.

THE WIFI SHOULD WORK JUST BY USING sudo raspi-config AND SETTING THE WIFI COUNTRY AND SSID/PASSWORD. The result of this command should be a /etc/wpa_supplicant/wpa_supplicant.conf with the default two lines of ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev, update_config=1, and additionally the country key, and the network object with ONLY ssid and psk keys.

Contrary to the post I quoted, the explicit keys mentioned (key_mgmt, proto...) should be unnecessary, because the default settings have multiple common options chosen. This is seen on the official (?) website https://w1.fi/cgit/hostap/plain/wpa_sup ... icant.conf

from the site: # If not set, key_mgmt defaults to: WPA-PSK WPA-EAP
# If not set, proto defaults to: WPA RSN
# If not set, pairwise defaults to: CCMP TKIP
# If not set, auth_alg is OPEN, additionally LEAP is enabled if it is allowed as one of the EAP methods

HELPFUL COMMANDS FOR DIAGNOSIS:
sudo iwlist wlan0 scan , this should list all wifi signals within range. if this doesn't work, you have some other problem. I recommend a fresh version of raspbian. If it works but doesn't return your wifi, and you're sure it's not hidden, then somethine else is wrong. I had to set my 5ghz channels to "automatic" in order to get my 5ghz wifi to show up, which is strange.
If it works and you see your wifi, it also lists which proto, pairwise, and auth_alg it uses, so you can be sure. This is a good first step.

For restarting your wifi: ip link set wlan0 down and ip link set wlan0 up
For killing old wpa_supplicant daemons: sudo killall wpa_supplicant
For removing old wpa_supplicant files: sudo rm /var/run/wpa_supplicant/wlan0
For starting new wpa_supplicant daemons: sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf . This should not return any errors. After you're sure it started OK, put it in the background with Ctrl+z and the command "bg".
Also some people mention the command: sudo rfkill unblock wifi