How-To: WiFi roaming with wpa-supplicant

1 minute read

wpa_supplicant can be used as a roaming daemon so you can get your system to automatically connect to different network as you are going from one location to another.

This come in pretty handy on headless machines where you rely on network connection to be up in order to be able to access the machine.

First, you need to make sure that you have wpasupplicant installed:

apt-get install wpasupplicant

Once wpasupplicant we can go ahead and configure different networks. Go and open /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
# WPA-Personal (PSK)
network={
    ssid="home"
    scan_ssid=1
    key_mgmt=WPA-PSK
    psk="home_psk"
    id_str="home"
}
# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
network={
    ssid="work"
    scan_ssid=1
    key_mgmt=WPA-EAP
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=TLS
    identity="[email protected]"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    id_str="work"
}
# non encrypted network
network={
    ssid="unsecure"
    scan_ssid=1
    key_mgmt=NONE
    id_str="unsecure"
}

Now that we have our different SSIDs set up, we have to configure /etc/network/interfaces to use wpa-supplicant in roaming mode.

To do that, we you need to make sure wlan0 (or whichever interface name your WiFi interface maps to) is set up as follow:

allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf


iface default inet dhcp

With this setting, wpa-supplicant will establish a link with the access-point. Then, the OS will set up the network with DHCP.

As you might have seen, we have defined id_str for each network in /etc/wpa_supplicant/wpa_supplicant.conf . We can use those IDs to set up custom network settings depending on which access point we are connected to.

In the settings below, we will configure a static ip for home and work and we will default to DHCP for the rest.

allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf


# Leave this in to default to dhcp
iface default inet dhcp


# At home, we want to have a static IP 192.168.1.2/24 with default gw 192.168.1.1
iface home inet static
        address 192.168.1.2
        network 255.255.255.0
        gateway 192.168.1.1


# At work, we want static IP 10.0.0.10/24 with default gw 10.0.0.1
iface work inet static
        address 10.0.0.20
        network 255.255.255.0
        gateway 10.0.0.1

That should be it, you can run the following as root:

ifdown wlan0; ifup wlan0

And the interface should be coming up if oyu properly set up all your settings.

More info on setting wpa_supplicant.conf can be checked through

man wpa_supplicant.conf