The following guide describes how to setup Raspberry Pi to connect to Wifi. It was tested on the following environment:
- Raspberry Pi Model B
- Edimax EW-7811Un USB Wifi dongle
- OS: Raspbian Jessie
Here are the overview of the steps:
- Ensure that the dongle is recognized
- Setup authentication info
- Ensure that the network interface use the authentication info
- Prevent the dongle from powering down
Check if the USB hub of the Pi detect the device:
lsusbYou should see that the Edimax dongle is detected like the following.
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 005: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]
Next, check if the kernel driver is loaded
lsmodYou should see 8912cu loaded in the output like below.
Module Size Used by
8192cu 528365 0
cfg80211 386508 0
rfkill 16651 2 cfg80211
i2c_dev 6027 18
snd_bcm2835 18649 0
...
Check that the device is detected by Linux's wireless network configuration.
iwconfigYou should see wlan0 in the output like below.
wlan0 unassociated Nickname:"<WIFI@REALTEK>"
...
At this point, we can be sure that the dongle is operational.
Now, you should check what type of authentication your network use.
-
Personal: Typical home router require one password to connect. (Keywords: WPA, WPA2)
-
Enterprise: If you use the enterprise network, e.g.,
eduroamat the university, you will have user name and password. (Keywords: PEAP, MSCHAPV2)
For security reason, we will create a hash of your password. This hash will be used in the configuration file for the authentication info. This avoids saving your password in plain text. See Appendix 1 (Personal) or Appendix 2 (Enterprise) for details.
Now you can add proper authentication info in the file /etc/wpa_supplicant/wpa_supplicant.conf. Use the following command to launch nano editor to edit this file.
sudo nano /etc/wpa_supplicant/wpa_supplicant.confHere're what you should add (depending on the authentication type). Replace YOUR_NETWORK_NAME, YOUR_USER_NAME, YOUR_PASSWORD_HASH below. (Keep the quotation marks if present.) If you have multiple network configurations, you can also add multiple entries.
Personal authentication (WPA, WPA2)
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="YOUR_NETWORK_PASSWORD"
}
Enterprise authentication (MSCHAPV2)
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
identity="YOUR_USER_NAME"
password=hash:YOUR_PASSWORD_HASH
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
For a thorough explanation about important keys in the settings, read [NetBeez's instruction][NetBeez].
Now, we have the authentication information ready.
Here, you should edit /etc/network/interface. Find the section about wlan0 and replace it with one of the following configuration (again, depending on your authentication type).
Personal authentication (WPA, WPA2)
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
Enterprise authentication (MSCHAPV2)
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant
Now, try bringing the network interface down and up again:
sudo ifdown wlan0
sudo up wlan0The following error message should be ignored. It's a known bug upstream from Debian.
ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
If there's no error, you should be able to see the wireless adapter connected with the following command
iwconfigThe output will show the SSID and other connection info.
wlan0 IEEE 802.11bgn ESSID:"YOUR_NETWORK_NAME" Nickname:"<WIFI@REALTEK>"
Mode:Managed Frequency:2.457 GHz Access Point: XX:XX:XX:XX:XX:XX
Bit Rate:72.2 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
You should check if you have an IP address with the following command:
ifconfigThe wlan0 entry should have an IP address, like the following.
...
wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.0.110 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:497 errors:0 dropped:32 overruns:0 frame:0
TX packets:373 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:83237 (81.2 KiB) TX bytes:60068 (58.6 KiB)
...
You should be able to ping Google.
sudo ping google.comThis is an optional step to prevent the dongle from powering down (resulting in periodic disconnection). Svay pointed this out in his [blog post][Svay]. First, we will add a task to periodically ping Google DNS server (8.8.8.8)
crontab-eAdd the following line at the end of file.
*/1 * * * * ping -c 1 8.8.8.
Next, we will configure the kernel driver not to power down.
sudo nano /etc/modprobe.d/8192cu.confAdd the following line
options 8192cu rtw_power_mgnt=0 rtw_enusbss=0
All is good, now reboot you Pi.
sudo reboot
wpa_passphrase YOUR_NETWORK_NAME YOUR_PASSWORDThe output would be something like following.
network={
ssid="YOUR_NETWORK_NAME"
#psk="YOUR_PASSWORD"
psk=a1234e0629be38b2xxxxxxxx6db0263a1234e0629be38b2472ce72f6db027afc
}
The string after psk= is your hash. (Here, it's a1234...afc).
Don't forget to clear your history. See Appendix 3
Appendix 2: Creating the hash of your password (Enterprise) ---The following instructions are for enterprise authentication. Use the following command, courtesy of [Duncan et al.][Duncan], to create a hash of your password.
echo -n 'YOUR_PASSWORD' | iconv -t utf16le | openssl md4The output would be something like following.
(stdin)= a1234exxxxxxxx72f6db0263
The string after the equal sign is your hash. (Here, it's a6be0...20263).
Don't forget to clear your history. See Appendix 3
Appendix 3: Clear History ---You should clear the history of your input which contains the password in plain text. If you don't mind wiping all history, use the following command:
history -cOtherwise, you can delete a specific line of history. The first command below shows the tail of your history list. Note the line number that contains your password. The second command remove the history at line 400. (Replace 400 with your line number.)
history | tail
history -d 400[Duncan]Duncan White, et al. wrote about keeping password in hashed form
[NetBeez]NetBeez wrote a good summary of important concepts about authentication
[Savage]savage.home.automation's guide specific for Edimax
[Svay][Svay's guide to setup wifi][http://svay.com/blog/setting-up-a-wifi-connection-on-the-raspberrypi/]
Thank you for the good tutorial!