Making wpa_supplicant work with dhclient on Fedora

Dan Williams dcbw at redhat.com
Thu May 15 11:45:01 EDT 2008


On Thu, 2008-05-15 at 11:36 -0400, Pavel Roskin wrote:
> On Thu, 2008-05-15 at 10:34 -0400, Dan Williams wrote:
> > > 
> > > There are two problems here.  One is that the "network" service starts
> > > before "wpa_supplicant", and dhclient is called when "network" starts.
> > > This means that dhclient fails after a long timeout.  When
> > > wpa_supplicant starts, it's too late.
> > 
> > Because the normal 'network' service doesn't support WPA at this time,
> > it was pointless to integrate wpa_supplicant into the network service
> > startup scripts (ifup-wireless) until WPA was supported.
> 
> OK, I understand that the global wpa_supplicant service with a fixed
> list of devices is a hack, which is disabled by default for a good
> reason.
> 
> A better solution would be to run wpa_supplicant for every interface
> configured to support WPA.
> 
> > I'd like to add the key/value pairs to the ifcfg files for WPA support,
> > which NetworkManager needs anyway to use system connections.  That would
> > also mean a fairly straightforward effort to make ifup-wireless write
> > out a wpa_supplicant config file and launch the supplicant if you don't
> > want to use NM for your interface.
> 
> Actually, I would prefer that configuration files are not rewritten by
> any scripts (as opposed to more intelligent configuration utilities).
> Perhaps it should be possible to have per-interface configurations if
> required.

The canonical source for network config information in Fedora is the
ifcfg file.  If there's something that is needed in the supplicant
config that's not able to be expressed in the ifcfg file, I'd consider
that a bug.

The problem with allowing a SUPPLICANT_CONFIG=/path/to/file is that then
something like NM has to parse that file as well.  It also completely
breaks the one-ifcfg-file-per-connection paradigm that is currently in
use, since you can specify multiple network blocks in the supplicant
config, but that's not how ifcfg files work.

I don't think it's too big of an issue to have ifup-wireless write out a
pristine wpa_supplicant.conf based on the information you put in the
ifcfg file.

> > > The second problem is that dhclient brings the interface down to remove
> > > associated routes and other settings.  This breaks the connection.
> > 
> > Yeah, this is pretty lame and should be required; all it needs to do is
> > flush the routes and addresses with netlink.  Apparently it takes a
> > shortcut and downs the device.  NetworkManager doesn't do this any more
> > for this specific reason.
> 
> That's very good news!
> 
> > > Use "normal" networking, not NetworkManager, which doesn't support WPA:
> > 
> > Confused... you mean that "normal" networking (ie, the 'network'
> > service) doesn't support WPA, or that NM doesn't support WPA?
> 
> I mean NetworkManager doesn't support WPA.  At least it didn't last time
> I tried.  I understand that the work is underway.

NM has supported most WPA configurations (when the driver supports >=
WE-18 of course) since at least early 2006.  What bits aren't working
for you?

Dan



More information about the HostAP mailing list