ctrl_interface=/var/run/wpa_supplicant # This variable can be a group name or gid. #ctrl_interface_group=wheel ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 ################################################################# # WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers #network={ # ssid="" # key_mgmt=NONE # psk="0123456789" # priority=5 # priority=2 #} # Same as previous, but request SSID-specific scanning (for APs that reject # broadcast SSID) #network={ # ssid="Matrix" # scan_ssid=1 # psk="0123456789" # priority=2 #} # Only WPA-PSK is used. Any valid cipher combination is accepted. #network={ # ssid="Matrix" # proto=WPA # key_mgmt=WPA-PSK # pairwise=CCMP TKIP # group=CCMP TKIP WEP104 WEP40 # psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb # priority=2 #} #network={ # ssid="WFA_TEST_ENGINE" # proto=WPA # key_mgmt=WPA-PSK # pairwise=TKIP # group=TKIP # psk="12345678" # priority=1 #} #network={ # ssid="WFA_TEST_ENGINE" # proto=WPA # key_mgmt=WPA-PSK # pairwise=CCMP TKIP # group=CCMP TKIP WEP104 WEP40 # psk="12345678" # priority=1 #} ################################################################# #network={ # ssid="networkmanager" # auth_alg=OPEN # key_mgmt=NONE # wep_key0=1234567890 # group=WEP104 # priority=1 #} ################################################################# # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 # or WEP40 as the group cipher will not be accepted. #network={ # ssid="WFA_TEST_ENGINE" # proto=RSN # key_mgmt=WPA-EAP # pairwise=CCMP # group=CCMP # eap=TLS # identity="wpatest2" # ca_cert="/root/ca.pem" # client_cert="/root/id.pem" # private_key="/root/id_key.pem" # private_key_passwd="ralink" # priority=1 #} # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel # (e.g., Radiator) network={ ssid="Jerry 3200g" # ssid="WFA_TEST_ENGINE" ## proto=WPA key_mgmt=WPA-EAP ## pairwise=TKIP ## group=TKIP eap=PEAP identity="wpatest2" password="test2" ca_cert="/root/ca.pem" phase1="peaplabel=0" phase2="auth=MSCHAPV2" priority=1 } # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the # unencrypted use. Real identity is sent only within an encrypted TLS tunnel. #network={ # ssid="example" # key_mgmt=WPA-EAP # eap=TTLS # identity="user@example.com" # anonymous_identity="anonymous@example.com" # password="foobar" # ca_cert="/etc/cert/ca.pem" # priority=2 #} # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted # use. Real identity is sent only within an encrypted TLS tunnel. #network={ # ssid="example" # key_mgmt=WPA-EAP # eap=TTLS # identity="user@example.com" # anonymous_identity="anonymous@example.com" # password="foobar" # ca_cert="/etc/cert/ca.pem" # phase2="auth=MSCHAPV2" #} # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner # authentication. #network={ # ssid="example" # key_mgmt=WPA-EAP # eap=TTLS # # Phase1 / outer authentication # anonymous_identity="anonymous@example.com" # ca_cert="/etc/cert/ca.pem" # # Phase 2 / inner authentication # phase2="autheap=TLS" # ca_cert2="/etc/cert/ca2.pem" # client_cert2="/etc/cer/user.pem" # private_key2="/etc/cer/user.prv" # private_key2_passwd="password" # priority=2 #} ################################################################# # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and # group cipher. #network={ # ssid="example" # bssid=00:11:22:33:44:55 # proto=WPA RSN # key_mgmt=WPA-PSK WPA-EAP # pairwise=CCMP # group=CCMP # psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb #} # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP # and all valid ciphers. #network={ # ssid=00010203 # psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f #} ################################################################# # EAP-SIM with a GSM SIM or USIM #network={ # ssid="eap-sim-test" # key_mgmt=WPA-EAP # eap=SIM # pin="1234" # pcsc="" #} # EAP-PSK #network={ # ssid="eap-psk-test" # key_mgmt=WPA-EAP # eap=PSK # identity="eap_psk_user" # eappsk=06b4be19da289f475aa46a33cb793029 # nai="eap_psk_user@example.com" #} ################################################################# # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using # EAP-TLS for authentication and key generation; require both unicast and # broadcast WEP keys. #network={ # ssid="iverson" # key_mgmt=IEEE8021X # eap=TLS # identity="wpatest2" # ca_cert="/etc/cert/ca.pem" # client_cert="/etc/cert/id.pem" # private_key="/etc/cert/id_key.pem" # private_key_passwd="ralink" # eapol_flags=3 #} # LEAP with dynamic WEP keys #network={ # ssid="leap-example" # key_mgmt=IEEE8021X # eap=LEAP # identity="user" # password="foobar" #} # EAP-FAST with WPA (WPA or WPA2) #network={ # ssid="eap-fast-test" # key_mgmt=WPA-EAP # eap=FAST # anonymous_identity="FAST-000102030405" # identity="username" # password="password" # phase1="fast_provisioning=1" # pac_file="/etc/wpa_supplicant.eap-fast-pac" #} #network={ # ssid="eap-fast-test" # key_mgmt=WPA-EAP # eap=FAST # anonymous_identity="FAST-000102030405" # identity="username" # password="password" # phase1="fast_provisioning=1" # pac_file="blob://eap-fast-pac" #} ################################################################# # IBSS/ad-hoc network with WPA-None/TKIP. #network={ # ssid="Matrix" # mode=1 # proto=WPA # key_mgmt=WPA-NONE # pairwise=NONE # group=TKIP # psk="secret passphrase" #} # Catch all example that allows more or less all configuration modes #network={ # ssid="example" # scan_ssid=1 # key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE # pairwise=CCMP TKIP # group=CCMP TKIP WEP104 WEP40 # psk="very secret passphrase" # eap=TTLS PEAP TLS # identity="user@example.com" # password="foobar" # ca_cert="/etc/cert/ca.pem" # client_cert="/etc/cert/user.pem" # private_key="/etc/cert/user.prv" # private_key_passwd="password" # phase1="peaplabel=0" #} # Example of EAP-TLS with smartcard (openssl engine) #network={ # ssid="example" # key_mgmt=WPA-EAP # eap=TLS # proto=RSN # pairwise=CCMP TKIP # group=CCMP TKIP # identity="user@example.com" # ca_cert="/etc/cert/ca.pem" # client_cert="/etc/cert/user.pem" # engine=1 # The engine configured here must be available. Look at # OpenSSL engine support in the global section. # The key available through the engine must be the private key # matching the client certificate configured above. # use the opensc engine #engine_id="opensc" #key_id="45" # use the pkcs11 engine # engine_id="pkcs11" # key_id="id_45" # Optional PIN configuration; this can be left out and PIN will be # asked through the control interface # pin="1234" #} # Example configuration showing how to use an inlined blob as a CA certificate # data instead of using external file #network={ # ssid="example" # key_mgmt=WPA-EAP # eap=TTLS # identity="user@example.com" # anonymous_identity="anonymous@example.com" # password="foobar" # ca_cert="blob://exampleblob" # priority=20 #} blob-base64-exampleblob={ SGVsbG8gV29ybGQhCg== }