Skip to content

Instantly share code, notes, and snippets.

@chatchavan
Last active April 27, 2024 20:33
Show Gist options
  • Save chatchavan/3c58511e3d48f478b0c2 to your computer and use it in GitHub Desktop.
Save chatchavan/3c58511e3d48f478b0c2 to your computer and use it in GitHub Desktop.
Setup Wifi on Raspberry Pi

Setup Wireless LAN for Raspberry Pi

The following guide describes how to setup Raspberry Pi to connect to Wifi. It was tested on the following environment:

  • Raspberry Pi Model B
  • Edimax EW-7811Un USB Wifi dongle
  • OS: Raspbian Jessie

Here are the overview of the steps:

  1. Ensure that the dongle is recognized
  2. Setup authentication info
  3. Ensure that the network interface use the authentication info
  4. Prevent the dongle from powering down

Step 1. Ensure that the dongle is recognized

Check if the USB hub of the Pi detect the device:

lsusb

You should see that the Edimax dongle is detected like the following.

Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. 
Bus 001 Device 005: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]

Next, check if the kernel driver is loaded

lsmod

You should see 8912cu loaded in the output like below.

Module                  Size  Used by
8192cu                528365  0 
cfg80211              386508  0 
rfkill                 16651  2 cfg80211
i2c_dev                 6027  18 
snd_bcm2835            18649  0 
...

Check that the device is detected by Linux's wireless network configuration.

iwconfig

You should see wlan0 in the output like below.

wlan0     unassociated  Nickname:"<WIFI@REALTEK>"
...

At this point, we can be sure that the dongle is operational.

Step 2. Setup authentication info

Now, you should check what type of authentication your network use.

  • Personal: Typical home router require one password to connect. (Keywords: WPA, WPA2)

  • Enterprise: If you use the enterprise network, e.g., eduroam at the university, you will have user name and password. (Keywords: PEAP, MSCHAPV2)

For security reason, we will create a hash of your password. This hash will be used in the configuration file for the authentication info. This avoids saving your password in plain text. See Appendix 1 (Personal) or Appendix 2 (Enterprise) for details.

Now you can add proper authentication info in the file /etc/wpa_supplicant/wpa_supplicant.conf. Use the following command to launch nano editor to edit this file.

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Here're what you should add (depending on the authentication type). Replace YOUR_NETWORK_NAME, YOUR_USER_NAME, YOUR_PASSWORD_HASH below. (Keep the quotation marks if present.) If you have multiple network configurations, you can also add multiple entries.

Personal authentication (WPA, WPA2)

network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="YOUR_NETWORK_PASSWORD"
}

Enterprise authentication (MSCHAPV2)

network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
identity="YOUR_USER_NAME"
password=hash:YOUR_PASSWORD_HASH
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}

For a thorough explanation about important keys in the settings, read [NetBeez's instruction][NetBeez].

Now, we have the authentication information ready.

Step 3. Ensure that the network interface use the authentication info

Here, you should edit /etc/network/interface. Find the section about wlan0 and replace it with one of the following configuration (again, depending on your authentication type).

Personal authentication (WPA, WPA2)

auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

Enterprise authentication (MSCHAPV2)

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
	pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
	post-down killall -q wpa_supplicant

Now, try bringing the network interface down and up again:

sudo ifdown wlan0
sudo up wlan0

The following error message should be ignored. It's a known bug upstream from Debian.

ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument

If there's no error, you should be able to see the wireless adapter connected with the following command

iwconfig

The output will show the SSID and other connection info.

wlan0     IEEE 802.11bgn  ESSID:"YOUR_NETWORK_NAME"  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency:2.457 GHz  Access Point: XX:XX:XX:XX:XX:XX   
          Bit Rate:72.2 Mb/s   Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off

You should check if you have an IP address with the following command:

ifconfig

The wlan0 entry should have an IP address, like the following.

...
wlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.0.110  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:497 errors:0 dropped:32 overruns:0 frame:0
          TX packets:373 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:83237 (81.2 KiB)  TX bytes:60068 (58.6 KiB)
...

You should be able to ping Google.

sudo ping google.com

Step 4. Prevent the dongle from powering down

This is an optional step to prevent the dongle from powering down (resulting in periodic disconnection). Svay pointed this out in his [blog post][Svay]. First, we will add a task to periodically ping Google DNS server (8.8.8.8)

crontab-e

Add the following line at the end of file.

*/1 * * * * ping -c 1 8.8.8.

Next, we will configure the kernel driver not to power down.

sudo nano /etc/modprobe.d/8192cu.conf

Add the following line

options 8192cu rtw_power_mgnt=0 rtw_enusbss=0

All is good, now reboot you Pi.

sudo reboot
Appendix 2: Creating the hash of your password (Personal) --- You need to know your network name (SSID) and password. Then, use the following command.
wpa_passphrase YOUR_NETWORK_NAME YOUR_PASSWORD

The output would be something like following.

network={
	ssid="YOUR_NETWORK_NAME"
	#psk="YOUR_PASSWORD"
	psk=a1234e0629be38b2xxxxxxxx6db0263a1234e0629be38b2472ce72f6db027afc
}

The string after psk= is your hash. (Here, it's a1234...afc).

Don't forget to clear your history. See Appendix 3

Appendix 2: Creating the hash of your password (Enterprise) ---

The following instructions are for enterprise authentication. Use the following command, courtesy of [Duncan et al.][Duncan], to create a hash of your password.

echo -n 'YOUR_PASSWORD' | iconv -t utf16le | openssl md4

The output would be something like following.

(stdin)= a1234exxxxxxxx72f6db0263

The string after the equal sign is your hash. (Here, it's a6be0...20263).

Don't forget to clear your history. See Appendix 3

Appendix 3: Clear History ---

You should clear the history of your input which contains the password in plain text. If you don't mind wiping all history, use the following command:

history -c

Otherwise, you can delete a specific line of history. The first command below shows the tail of your history list. Note the line number that contains your password. The second command remove the history at line 400. (Replace 400 with your line number.)

history | tail
history -d 400

[Duncan]Duncan White, et al. wrote about keeping password in hashed form

[NetBeez]NetBeez wrote a good summary of important concepts about authentication

[Savage]savage.home.automation's guide specific for Edimax

[Svay][Svay's guide to setup wifi][http://svay.com/blog/setting-up-a-wifi-connection-on-the-raspberrypi/]

# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
#===============================================================================
# Uncomment below for WPA authentication (password-only wifi)
#===============================================================================
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
#===============================================================================
#===============================================================================
# Uncomment below for enterprise authentication
#===============================================================================
# auto wlan0
# allow-hotplug wlan0
# iface wlan0 inet dhcp
# pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
# post-down killall -q wpa_supplicant
#===============================================================================
allow-hotplug wlan1
iface wlan1 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
#===============================================================================
# Use this section for enterprise authentication (e.g., eduroam or uzh)
#===============================================================================
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
identity="YOUR_USER_NAME"
password=hash:YOUR_PASSWORD_HASH
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
#===============================================================================
# Use this section for password-only authentication (e.g., your typical home router)
#===============================================================================
network={
ssid="YOUR_NETWORK_NAME"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk=YOUR_PASSWORD_HASH
}
@VoeGalore
Copy link

VoeGalore commented Jun 4, 2020

I just used your template /etc/network/interfaces (interface without s - a typo?) and /etc/wpa_supplicant/wpa_supplicant.conf to connect to WPA-Enterprise wireless network. This is by far the only method that worked with my environment. Thanks a mil!

I have tested it on Pi zero W and 3A+, all with latest Raspi OS (Buster) 32-bit.

@DawsonFranz
Copy link

DawsonFranz commented Nov 15, 2022

Heyo! Posting on this a few years later in case someone tries this with an updated Pi 4b+ and is struggling with connecting to a WPA2 enterprise network. There are some small config changes you'll have to do with the new pi. After following this guide, and editing my network config files, I managed to get it working.

These form posts helped me a lot: https://forums.raspberrypi.com/viewtopic.php?t=314015 and https://forums.raspberrypi.com/viewtopic.php?t=247310

And one important tip from within the form posted above--be careful with whitespaces in wpa_supplicant.conf!

There must not be white spaces after any end of line.
There must not be any white spaces after or before any equal (=)
Tab can't be white spaces, it must be just one Tab.
Double quotes should be written and not copied, there are 2 types " and "

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment