wpa_supplicant.conf (189902) | wpa_supplicant.conf (214734) |
---|---|
1##### Example wpa_supplicant configuration file ############################### 2# 3# ***** Please check wpa_supplicant.conf(5) for details on these options ***** 4# 5# This file describes configuration file format and lists all available option. 6# Please also take a look at simpler configuration examples in 'examples' 7# subdirectory. 8# --- 64 unchanged lines hidden (view full) --- 73eapol_version=1 74 75# AP scanning/selection 76# By default, wpa_supplicant requests driver to perform AP scanning and then 77# uses the scan results to select a suitable AP. Another alternative is to 78# allow the driver to take care of AP scanning and selection and use 79# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association 80# information from the driver. | 1##### Example wpa_supplicant configuration file ############################### 2# 3# ***** Please check wpa_supplicant.conf(5) for details on these options ***** 4# 5# This file describes configuration file format and lists all available option. 6# Please also take a look at simpler configuration examples in 'examples' 7# subdirectory. 8# --- 64 unchanged lines hidden (view full) --- 73eapol_version=1 74 75# AP scanning/selection 76# By default, wpa_supplicant requests driver to perform AP scanning and then 77# uses the scan results to select a suitable AP. Another alternative is to 78# allow the driver to take care of AP scanning and selection and use 79# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association 80# information from the driver. |
81# 1: wpa_supplicant initiates scanning and AP selection | 81# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to 82# the currently enabled networks are found, a new network (IBSS or AP mode 83# operation) may be initialized (if configured) (default) |
82# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association 83# parameters (e.g., WPA IE generation); this mode can also be used with 84# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with 85# APs (i.e., external program needs to control association). This mode must 86# also be used when using wired Ethernet drivers. 87# 2: like 0, but associate with APs using security policy and SSID (but not 88# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to 89# enable operation with hidden SSIDs and optimized roaming; in this mode, 90# the network blocks in the configuration file are tried one by one until 91# the driver reports successful association; each network block should have 92# explicit security policy (i.e., only one option in the lists) for 93# key_mgmt, pairwise, group, proto variables 94# 95# For use in FreeBSD with the wlan module ap_scan must be set to 1. | 84# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association 85# parameters (e.g., WPA IE generation); this mode can also be used with 86# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with 87# APs (i.e., external program needs to control association). This mode must 88# also be used when using wired Ethernet drivers. 89# 2: like 0, but associate with APs using security policy and SSID (but not 90# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to 91# enable operation with hidden SSIDs and optimized roaming; in this mode, 92# the network blocks in the configuration file are tried one by one until 93# the driver reports successful association; each network block should have 94# explicit security policy (i.e., only one option in the lists) for 95# key_mgmt, pairwise, group, proto variables 96# 97# For use in FreeBSD with the wlan module ap_scan must be set to 1. |
98# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be 99# created immediately regardless of scan results. ap_scan=1 mode will first try 100# to scan for existing networks and only if no matches with the enabled 101# networks are found, a new IBSS or AP mode network is created. |
|
96ap_scan=1 97 98# EAP fast re-authentication 99# By default, fast re-authentication is enabled for all EAP methods that 100# support it. This variable can be used to disable fast re-authentication. 101# Normally, there is no need to disable this. 102fast_reauth=1 103 --- 72 unchanged lines hidden (view full) --- 176# 5-0050F204-1 (Storage / NAS) 177# 6-0050F204-1 (Network Infrastructure / AP) 178#device_type=1-0050F204-1 179 180# OS Version 181# 4-octet operating system version number (hex string) 182#os_version=01020300 183 | 102ap_scan=1 103 104# EAP fast re-authentication 105# By default, fast re-authentication is enabled for all EAP methods that 106# support it. This variable can be used to disable fast re-authentication. 107# Normally, there is no need to disable this. 108fast_reauth=1 109 --- 72 unchanged lines hidden (view full) --- 182# 5-0050F204-1 (Storage / NAS) 183# 6-0050F204-1 (Network Infrastructure / AP) 184#device_type=1-0050F204-1 185 186# OS Version 187# 4-octet operating system version number (hex string) 188#os_version=01020300 189 |
190# Config Methods 191# List of the supported configuration methods 192# Available methods: usba ethernet label display ext_nfc_token int_nfc_token 193# nfc_interface push_button keypad 194#config_methods=label display push_button keypad 195 |
|
184# Credential processing 185# 0 = process received credentials internally (default) 186# 1 = do not process received credentials; just pass them over ctrl_iface to 187# external program(s) 188# 2 = process received credentials internally and pass them over ctrl_iface 189# to external program(s) 190#wps_cred_processing=0 191 | 196# Credential processing 197# 0 = process received credentials internally (default) 198# 1 = do not process received credentials; just pass them over ctrl_iface to 199# external program(s) 200# 2 = process received credentials internally and pass them over ctrl_iface 201# to external program(s) 202#wps_cred_processing=0 203 |
204# Maximum number of BSS entries to keep in memory 205# Default: 200 206# This can be used to limit memory use on the BSS entries (cached scan 207# results). A larger value may be needed in environments that have huge number 208# of APs when using ap_scan=1 mode. 209#bss_max_count=200 210 211 212# filter_ssids - SSID-based scan result filtering 213# 0 = do not filter scan results (default) 214# 1 = only include configured SSIDs in scan results/BSS table 215#filter_ssids=0 216 217 |
|
192# network block 193# 194# Each network (usually AP's sharing the same SSID) is configured as a separate 195# block in this configuration file. The network blocks are in preference order 196# (the first match is used). 197# 198# network block fields: 199# --- 28 unchanged lines hidden (view full) --- 228# policy, signal strength, etc. 229# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not 230# using this priority to select the order for scanning. Instead, they try the 231# networks in the order that they are listed in the configuration file. 232# 233# mode: IEEE 802.11 operation mode 234# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) 235# 1 = IBSS (ad-hoc, peer-to-peer) | 218# network block 219# 220# Each network (usually AP's sharing the same SSID) is configured as a separate 221# block in this configuration file. The network blocks are in preference order 222# (the first match is used). 223# 224# network block fields: 225# --- 28 unchanged lines hidden (view full) --- 254# policy, signal strength, etc. 255# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not 256# using this priority to select the order for scanning. Instead, they try the 257# networks in the order that they are listed in the configuration file. 258# 259# mode: IEEE 802.11 operation mode 260# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) 261# 1 = IBSS (ad-hoc, peer-to-peer) |
262# 2 = AP (access point) |
|
236# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) | 263# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) |
237# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has 238# to be set to 2 for IBSS. WPA-None requires following network block options: | 264# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). WPA-None requires 265# following network block options: |
239# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not 240# both), and psk must also be set. 241# 242# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g., 243# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial 244# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode. 245# In addition, this value is only used by the station that creates the IBSS. If 246# an IBSS network with the configured SSID is already present, the frequency of 247# the network will be used instead of this configured value. 248# | 266# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not 267# both), and psk must also be set. 268# 269# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g., 270# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial 271# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode. 272# In addition, this value is only used by the station that creates the IBSS. If 273# an IBSS network with the configured SSID is already present, the frequency of 274# the network will be used instead of this configured value. 275# |
276# scan_freq: List of frequencies to scan 277# Space-separated list of frequencies in MHz to scan when searching for this 278# BSS. If the subset of channels used by the network is known, this option can 279# be used to optimize scanning to not occur on channels that the network does 280# not use. Example: scan_freq=2412 2437 2462 281# 282# freq_list: Array of allowed frequencies 283# Space-separated list of frequencies in MHz to allow for selecting the BSS. If 284# set, scan results that do not match any of the specified frequencies are not 285# considered when selecting a BSS. 286# |
|
249# proto: list of accepted protocols 250# WPA = WPA/IEEE 802.11i/D3.0 251# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) 252# If not set, this defaults to: WPA RSN 253# 254# key_mgmt: list of accepted authenticated key management protocols 255# WPA-PSK = WPA pre-shared key (this requires 'psk' field) 256# WPA-EAP = WPA using EAP authentication --- 100 unchanged lines hidden (view full) --- 357# PSK) is also configured using this field. For EAP-GPSK, this is a 358# variable length PSK. 359# ca_cert: File path to CA certificate file (PEM/DER). This file can have one 360# or more trusted CA certificates. If ca_cert and ca_path are not 361# included, server certificate will not be verified. This is insecure and 362# a trusted CA certificate should always be configured when using 363# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may 364# change when wpa_supplicant is run in the background. | 287# proto: list of accepted protocols 288# WPA = WPA/IEEE 802.11i/D3.0 289# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) 290# If not set, this defaults to: WPA RSN 291# 292# key_mgmt: list of accepted authenticated key management protocols 293# WPA-PSK = WPA pre-shared key (this requires 'psk' field) 294# WPA-EAP = WPA using EAP authentication --- 100 unchanged lines hidden (view full) --- 395# PSK) is also configured using this field. For EAP-GPSK, this is a 396# variable length PSK. 397# ca_cert: File path to CA certificate file (PEM/DER). This file can have one 398# or more trusted CA certificates. If ca_cert and ca_path are not 399# included, server certificate will not be verified. This is insecure and 400# a trusted CA certificate should always be configured when using 401# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may 402# change when wpa_supplicant is run in the background. |
403# 404# Alternatively, this can be used to only perform matching of the server 405# certificate (SHA-256 hash of the DER encoded X.509 certificate). In 406# this case, the possible CA certificates in the server certificate chain 407# are ignored and only the server certificate is verified. This is 408# configured with the following format: 409# hash:://server/sha256/cert_hash_in_hex 410# For example: "hash://server/sha256/ 411# 5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a" 412# |
|
365# On Windows, trusted CA certificates can be loaded from the system 366# certificate store by setting this to cert_store://<name>, e.g., 367# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". 368# Note that when running wpa_supplicant as an application, the user 369# certificate store (My user account) is used, whereas computer store 370# (Computer account) is used when running wpasvc as a service. 371# ca_path: Directory path for CA certificate files (PEM). This path may 372# contain multiple CA certificates in OpenSSL format. Common use for this --- 459 unchanged lines hidden --- | 413# On Windows, trusted CA certificates can be loaded from the system 414# certificate store by setting this to cert_store://<name>, e.g., 415# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". 416# Note that when running wpa_supplicant as an application, the user 417# certificate store (My user account) is used, whereas computer store 418# (Computer account) is used when running wpasvc as a service. 419# ca_path: Directory path for CA certificate files (PEM). This path may 420# contain multiple CA certificates in OpenSSL format. Common use for this --- 459 unchanged lines hidden --- |