The following guide describes how to setup Raspberry Pi to connect to Wifi. It was tested on the following environment:
- Raspberry Pi Model B
- Edimax EW-7811Un USB Wifi dongle
- OS: Raspbian Jessie
Here are the overview of the steps:
- Ensure that the dongle is recognized
- Setup authentication info
- Ensure that the network interface use the authentication info
- Prevent the dongle from powering down
Check if the USB hub of the Pi detect the device:
lsusb
You should see that the Edimax
dongle is detected like the following.
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 005: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]
Next, check if the kernel driver is loaded
lsmod
You should see 8912cu
loaded in the output like below.
Module Size Used by
8192cu 528365 0
cfg80211 386508 0
rfkill 16651 2 cfg80211
i2c_dev 6027 18
snd_bcm2835 18649 0
...
Check that the device is detected by Linux's wireless network configuration.
iwconfig
You should see wlan0
in the output like below.
wlan0 unassociated Nickname:"<WIFI@REALTEK>"
...
At this point, we can be sure that the dongle is operational.
Now, you should check what type of authentication your network use.
-
Personal: Typical home router require one password to connect. (Keywords: WPA, WPA2)
-
Enterprise: If you use the enterprise network, e.g.,
eduroam
at the university, you will have user name and password. (Keywords: PEAP, MSCHAPV2)
For security reason, we will create a hash of your password. This hash will be used in the configuration file for the authentication info. This avoids saving your password in plain text. See Appendix 1 (Personal) or Appendix 2 (Enterprise) for details.
Now you can add proper authentication info in the file /etc/wpa_supplicant/wpa_supplicant.conf
. Use the following command to launch nano
editor to edit this file.
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Here're what you should add (depending on the authentication type). Replace YOUR_NETWORK_NAME
, YOUR_USER_NAME
, YOUR_PASSWORD_HASH
below. (Keep the quotation marks if present.) If you have multiple network configurations, you can also add multiple entries.
Personal authentication (WPA, WPA2)
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="YOUR_NETWORK_PASSWORD"
}
Enterprise authentication (MSCHAPV2)
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
identity="YOUR_USER_NAME"
password=hash:YOUR_PASSWORD_HASH
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
For a thorough explanation about important keys in the settings, read [NetBeez's instruction][NetBeez].
Now, we have the authentication information ready.
Here, you should edit /etc/network/interface
. Find the section about wlan0
and replace it with one of the following configuration (again, depending on your authentication type).
Personal authentication (WPA, WPA2)
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
Enterprise authentication (MSCHAPV2)
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant
Now, try bringing the network interface down and up again:
sudo ifdown wlan0
sudo up wlan0
The following error message should be ignored. It's a known bug upstream from Debian.
ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
If there's no error, you should be able to see the wireless adapter connected with the following command
iwconfig
The output will show the SSID and other connection info.
wlan0 IEEE 802.11bgn ESSID:"YOUR_NETWORK_NAME" Nickname:"<WIFI@REALTEK>"
Mode:Managed Frequency:2.457 GHz Access Point: XX:XX:XX:XX:XX:XX
Bit Rate:72.2 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
You should check if you have an IP address with the following command:
ifconfig
The wlan0
entry should have an IP address, like the following.
...
wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.0.110 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:497 errors:0 dropped:32 overruns:0 frame:0
TX packets:373 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:83237 (81.2 KiB) TX bytes:60068 (58.6 KiB)
...
You should be able to ping Google.
sudo ping google.com
This is an optional step to prevent the dongle from powering down (resulting in periodic disconnection). Svay pointed this out in his [blog post][Svay]. First, we will add a task to periodically ping
Google DNS server (8.8.8.8
)
crontab-e
Add the following line at the end of file.
*/1 * * * * ping -c 1 8.8.8.
Next, we will configure the kernel driver not to power down.
sudo nano /etc/modprobe.d/8192cu.conf
Add the following line
options 8192cu rtw_power_mgnt=0 rtw_enusbss=0
All is good, now reboot you Pi.
sudo reboot
Appendix 2: Creating the hash of your password (Personal)
---
You need to know your network name (SSID) and password. Then, use the following command.
wpa_passphrase YOUR_NETWORK_NAME YOUR_PASSWORD
The output would be something like following.
network={
ssid="YOUR_NETWORK_NAME"
#psk="YOUR_PASSWORD"
psk=a1234e0629be38b2xxxxxxxx6db0263a1234e0629be38b2472ce72f6db027afc
}
The string after psk=
is your hash. (Here, it's a1234...afc
).
Don't forget to clear your history. See Appendix 3
Appendix 2: Creating the hash of your password (Enterprise) ---The following instructions are for enterprise authentication. Use the following command, courtesy of [Duncan et al.][Duncan], to create a hash of your password.
echo -n 'YOUR_PASSWORD' | iconv -t utf16le | openssl md4
The output would be something like following.
(stdin)= a1234exxxxxxxx72f6db0263
The string after the equal sign is your hash. (Here, it's a6be0...20263
).
Don't forget to clear your history. See Appendix 3
Appendix 3: Clear History ---You should clear the history of your input which contains the password in plain text. If you don't mind wiping all history, use the following command:
history -c
Otherwise, you can delete a specific line of history. The first command below shows the tail of your history list. Note the line number that contains your password. The second command remove the history at line 400. (Replace 400 with your line number.)
history | tail
history -d 400
[Duncan]Duncan White, et al. wrote about keeping password in hashed form
[NetBeez]NetBeez wrote a good summary of important concepts about authentication
[Savage]savage.home.automation's guide specific for Edimax
[Svay][Svay's guide to setup wifi][http://svay.com/blog/setting-up-a-wifi-connection-on-the-raspberrypi/]
I just used your template /etc/network/interfaces (interface without s - a typo?) and /etc/wpa_supplicant/wpa_supplicant.conf to connect to WPA-Enterprise wireless network. This is by far the only method that worked with my environment. Thanks a mil!
I have tested it on Pi zero W and 3A+, all with latest Raspi OS (Buster) 32-bit.