[Winpcap-users] Adapting WinPcap?s functionality for connecting to Wi-Fi access points (APs).

Bryan Kadzban bryan at kadzban.is-a-geek.net
Fri Jul 14 17:03:28 GMT 2006


FYI: I'm taking this discussion off-list -- the list is for WinPcap, not
wpa_supplicant.  If you want more people than just me to respond, I'd
suggest sending your questions to the hostap at shmoo.com list.  (I read
that one also.)

On Fri, Jul 14, 2006 at 07:45:17AM -0700, George S. Lockwood wrote:
> Got it to connect to my simple WPA-PSK, TKIP AP, next will be an
> EAP-TTLS/CHAP.  This may be harder to figure out config file-wise.
> 
> Have you ever seen a EAP-TTLS/CHAP specific config file?

Not that I've used (we do EAP-TLS and WPA-PSK here), but it looks like
there are several samples on the wpa_supplicant page.  There's nothing
that exactly matches your setup, but there are a lot of comments in the
sample file.  This is probably what I'd try:

ctrl_interface=/var/run/wpa_supplicant

network={
  ssid="whatever"
  key_mgmt=WPA-EAP
  eap=TTLS
  phase2="autheap=MSCHAPV2"
  identity="username"
  password="password"
  ca_cert="pem_file_or_blob_or_windows_CA_store"
}

For the ca_cert option, you really need to check the sample config file;
it has the documentation for the strings that can be accepted for that
setting.

> Trying to connect to '/var/run/wpa_supplicant/udp
> PING failed to connect to wpa_supplicant
> 
> any ideas?

Is ctrl_interface set in wpa_supplicant's config file?  The changelog
for v0.5.0 says that you can set this to "udp" instead of a path, to get
a UDP socket instead of a Unix-domain socket.  However, this will
require one of the 0.5.x versions.  If you set it to the default path,
you should not have quotes around it (and when starting wpa_gui, don't
put quotes around its path argument either).

-------

Also, you said this to Gianluca:

> furthermore, the ap I wish to connect to is hidden.  so I'm using
> ap_scan=2.  is that correct?

The ap_scan parameter has to be in the global section of the config
file, not a network section.  Perhaps you already knew this, but just to
be sure.  ;-)  Other than that, yes, that's correct.  Also, if you take
a look at the sample config file, you'll see that it says (in the part
where it talks about ap_scan=2):

> each network block should have explicit security policy (i.e., only
> one option in the lists) for key_mgmt, pairwise, group, proto
> variables

which means you need to add this to the above network block:

  pairwise=TKIP
  group=TKIP
  proto=WPA

assuming the network is a WPA1 network with TKIP encryption.  If it's
WPA2, then change proto to be RSN or WPA2.  If it uses CCMP encryption
(AES), then change pairwise and group to CCMP.  (All three settings are
independent of one another, but most APs use matching values for
pairwise and group.  Also, most APs are configured to use CCMP with
WPA2, and TKIP with WPA1, but that's not a requirement of the standard,
so you might see any combination of the three.)

-------

You also mentioned ndis_events somewhere.  If you use wpa_supplicant
0.5.x, ndis_events is integrated into the main wpa_supplicant
executable, so you don't need to run it separately anymore.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://www.winpcap.org/pipermail/winpcap-users/attachments/20060714/7721e6fa/attachment.pgp


More information about the Winpcap-users mailing list