WiFi
- 4 minutes read - 681 wordsOur “Just Focus” laptop will not have access to GUI network managers. To manage our WiFi status, we will need to leverage command-line tools. This might feel weird.
WiFi Management in FreeBSD: The Command Line Approach
Given that we’re using the CLI exclusively here, we’re going to be working with
a mildly NSFW-named tool called wpa_supplicant.conf(5) that we’ll
pair with wpa_cli(8).
I’ll also tell you about a subtle bug around tethering to my phone that was tough to diagnose!
Working with wpa_cli: Interactive vs. Command Mode
Run # wpa_cli. Congratulations, you’re in interactive mode.
Use help to find the realm of commands you can enter. They are not entirely obvious, but they’re not terminally opaque either. Commands are like list_networks or select_network.
Here’s a quick example of an interactive session:
# wpa_cli
wpa_cli v2.9
Interactive mode
> scan
OK
<3>CTRL-EVENT-SCAN-RESULTS
> scan_results
bssid / frequency / signal level / flags / ssid
00:11:22:33:44:55 2462 -43 [WPA2-PSK-CCMP][ESS] HomeNetwork
> quit
As noted in the man page, the command set is the same between interactive
mode and command-line mode.
Common WiFi Commands You’ll Need
The man page, wpa_cli(8) is great. Here are commands I used when I was
getting familiar with the tool. If you set up WiFi at time of install and you
tend to be on that one access point, you’re probably not going to use wpa_cli
too much.
# wpa_cli scan
# wpa_cli scan_results
# wpa_cli list_networks
# wpa_cli add_network
# wpa_cli select_network
But if you rove a bit to get your focused time, you might need the following for managing connections:
# wpa_cli connect
# wpa_cli disconnect
# wpa_cli reassociate
I no longer use public WiFi, so I’m not going to detail how wpa_cli can be
used to do the sign-on and pass-through for public endpoints; the man page
suggests it’s possible and easy. I am going to cover the case of teaching the
laptop to tether to my iPhone. Those are the two SSIDs I’d urge everyone to
prefer.
Phone Tethering: A Special Case
I was over at my favorite pizzeria, and also, luckily, the nearest pizzeria to
my apartment, and I was trying to tether to my iPhone which, by iPhone default
configuration, is called: Steven Harms’s iPhone (5). This setup
revealed three difficulties:
- For the possessive case, the iPhone used a non-ASCII character of RIGHT SINGLE QUOTE CHARACTER
- The network name wound up being too long and throwing an error
- I wasn’t thrilled with recording the password in plaintext (even if it is in a file owned by
rootwith600).
👀 TOIMPROVE: We should deal with non-typeable characters better and test whether the length of the SSID is too long at time of parsing the config or handling the request.
For the first two problems, I just renamed my Personal Hotspot SSID. The last
part required caching my credentials in /etc/wpa_supplicant.conf.
Securing WiFi Credentials
The good news is that if you set up WiFi at install time, you can steal that block of text to add new networks.
I copied the network stanza for my home network and changed the name to my
iPhone – my, uh, newly-renamed iPhone that is.
To enhance security, the password can also be provided in a hexadecimal key format:
psk WPA preshared key used in WPA-PSK mode. The key is specified
as 64 hex digits or as an 8-63 character ASCII passphrase.
ASCII passphrases are dynamically converted to a 256-bit key at
runtime using the network SSID, or they can be statically con-
verted at configuration time using the wpa_passphrase(8) util-
ity.
Notably, you can generate a hex encoded version of your psk password with the
application wpa_passphrase(8). The wpa_passphrase(8) utility converts your
plaintext password to a more secure representation that will foil any casual
shoulder-surfer. Invoke this command, tell it the source SSID in
/etc/wpa_supplicant.conf and a plain-text password and the command will
provide you a new stanza with the encoded password.
With these in place, you should be clear to use wpa_cli and your feet to
change your location and your network so you can “Just Focus.”