wpasupplicant and multiple/hidden SSIDs
dcbw at redhat.com
Fri Dec 7 14:12:36 EST 2007
On Fri, 2007-12-07 at 10:47 -0800, Dave Hansen wrote:
> I have a particularly nasty set of access points at work. I think it's
> all intentional, but it causes pains for wpasupplicant. The APs
> advertise an unencrypted "COMPANYVISITOR" network, but are also capable
> of WPA when you associate with the "COMPANY" SSID. Also, I do not think
> they start to advertise WPA/RSN IE in their beacon frame until after you
> explicitly set the SSID. The only reason I know this is that
> wpasupplicant wouldn't try to associate with them using my wpa-enabled
> config entry even when I tried to force it.
> ap_scan=2 works just fine for these. But, I'd also like to use the
> same .conf file at home and I'd prefer not to fiddle with it whenever I
> move back and forth. ap_scan=2 sadly won't search for multiple SSIDs:
> it simply uses the first one.
This just won't work then. ap_scan=2 is required for use with hidden
networks, and you can't switch between ap_scan=1 and ap_scan=2 on the
fly unless you're talking to the supplicant with wpa_cli or the D-Bus
control interface. You probably want something like NetworkManager or
some other automatic tool that handles these things transparently.
> I've hacked a little "scan_ssid=2" option into my version of
> wpasupplicant, but I've now realized that I hacked it in pretty badly.
> Would adding something like 'advertised_ssid="VISITOR"' option be useful
> functionality to anyone else? It would separate the SSID for which we
> scan from the one with which we actually try to associate.
Not really, since that's a completely different network in reality.
That also confuses the purpose of network blocks unnecessarily.
> Any ideas on how to solve this nicely? Could we have ap_scan=2 timeout
> after it fails to authenticate? Or, have a select set of SSIDs that get
> ap_scan=2 behavior while not extending it to all SSIDs?
Yeah, the problem is that the ap_scan stuff just isn't granular enough
when you're using the config file format, or when you're letting
wpa_supplicant alone handle the roaming.
What you _really_ want is ap_scan=1 + scan_ssid=1 in your network block.
Try that. If your driver supports specific SSID scanning, it'll
probably work for you. If your driver doesn't then you probably need to
get a better network card or find a good driver :) Any driver based on
mac80211, or the ipw2200, or the hostap driver will work with
scan_ssid=1. Most others, probably not.
More information about the HostAP