Making wpa_supplicant work with dhclient on Fedora
proski at gnu.org
Wed May 14 19:51:42 EDT 2008
I have figured out a way to use wpa_supplicant and dhclient on the same
interface in Fedora (tested on Fedora 8 and Fedora 9). I'm actually
surprised that I don't see loud screams that it's not working. It's
quite possible that I'm missing something obvious that everybody else it
doing. Then I apologize for the noise in advance. Anyway, that's the
simplest solution I could find.
There are two problems here. One is that the "network" service starts
before "wpa_supplicant", and dhclient is called when "network" starts.
This means that dhclient fails after a long timeout. When
wpa_supplicant starts, it's too late.
The second problem is that dhclient brings the interface down to remove
associated routes and other settings. This breaks the connection.
wpa_supplicant is notified, but doesn't appear to do anything once the
interface goes up.
The solution involves file /etc/dhclient-exit-hooks, which is called by
dhclient in many situations.
These are the steps:
Use "normal" networking, not NetworkManager, which doesn't support WPA:
# chkconfig NetworkManager off
# chkconfig network on
Set up /etc/wpa_supplicant/wpa_supplicant.conf using
/usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf as a template.
Set up /etc/sysconfig/wpa_supplicant (put your interface and driver):
Create /etc/dhclient-exit-hooks with the following contents:
test "$reason" = PREINIT || exit 0
/sbin/iwgetid -r --ap "$interface" >/dev/null || exit 0
/sbin/ip link set "$interface" up
/sbin/service messagebus start
/sbin/service wpa_supplicant start
/usr/sbin/wpa_cli -i "$interface" reassociate
# chown root:root /etc/dhclient-exit-hooks
# chmod 755 /etc/dhclient-exit-hooks
Make sure that /etc/sysconfig/network-scripts/ifcfg-wlan0 has
That should be it.
Some comments about /etc/dhclient-exit-hooks. The PREINIT state is when
the interface is down. The script brings it up and makes wpa_supplicant
reconnect. Non-wireless interfaces are ignored. The wpa_supplicant
service is started explicitly. It would not hurt it it's running
already. The wpa_supplicant service depends on the messagebus service,
so it's started first. I'm trying to do everything the Fedora way if
possible - that's why wpa_supplicant is not run directly.
In case wpa_supplicant is running already, it should be told to
reassociate. "reconnect" is not sufficient for mac80211 drivers, which
pretend to be connected to an AP after the connection was broken.
This approach works with WEP and open networks too. wpa_supplicant
takes care of reestablishing connections in the driver doesn't do it by
More information about the HostAP