WPA-PSK on Linux Intel centrino ipw2100

I recently converted my wired LAN to a wireless WLAN.

This is the steps I made to create a WPA-PSK secured WLAN with my Intel centrino ipw2100 wireless card under Linux.
I report here the commands and configuration files used . I hope those will be helpful for someone else.

Note: this page contains informations updated on March 2007. More recent softwares may works differently.

My environment

My system runs ArchLinux current with kernel 2.6.20 (the default one with my distro).

I have a WPA-PSK/WPA2-PSK enabled access point and a Intel Centrino wireless card (ipw2100).

Following the output of lspci -v:

02:04.0 Network controller: Intel Corporation PRO/Wireless LAN 2100 3B Mini PCI Adapter (rev 04)
        Subsystem: Intel Corporation MIM2000/Centrino
        Flags: bus master, medium devsel, latency 64, IRQ 11
        Memory at d0206000 (32-bit, non-prefetchable) [size=4K]
        Capabilities: [dc] Power Management version 2

Please note that this is one of the first versions of the Centrino Wireless card. Latest versions uses different chipset and drivers but you could find this informations still useful.

Get drivers and install them

The 2100 wireless card could be used under Linux using the native ipw2100 driver developed by Intel. There is no need of using Windows Drivers using Ndiswrapper.

I will not describe the installation of the driver here. You can use your distro’s packages or compile them from sources. If you are going to compile the README and INSTALL documents are really helpful.
Check the requirements!

Once you have the driver, under Linux called module, you should load it with:

modprobe ipw2100

executed by root.

Then check the output of dmesg and look for something like

ipw2100: Intel(R) PRO/Wireless 2100 Network Driver, git-1.2.2
ipw2100: Copyright(c) 2003-2006 Intel Corporation

Test the unprotected wifi connection before

I suggest you to test that the wifi card and module work as espected connecting to an unprotected access point. You will then be sure that everything is fine with the installation of the module.

Once the module is loaded you should be able to display awailable WLAN using the command iwlist scanning
The command will display something similar to:

[root@beta ~]# iwlist scanning
lo        Interface doesn't support scanning.

eth0      Interface doesn't support scanning.

eth1      Interface doesn't support scanning.

eth2      Scan completed :
          Cell 01 - Address: 00:03:6F:94:B5:63
                    ESSID:"Alice-39040094"
                    Protocol:IEEE 802.11bg
                    Mode:Master
                    Channel:1
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                              11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Quality:29  Signal level:0  Noise level:0
                    Extra: Last beacon: 272ms ago
          Cell 02 - Address: 00:18:4D:BB:AB:6E
                    ESSID:"VARESANO_NET"
                    Protocol:IEEE 802.11bg
                    Mode:Master
                    Channel:11
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                              11 Mb/s; 12 Mb/s; 18 Mb/s; 22 Mb/s; 24 Mb/s
                              36 Mb/s; 48 Mb/s; 54 Mb/s
                    Quality:61  Signal level:0  Noise level:0
                    IE: WPA Version 1
                        Group Cipher : WEP-40
                        Pairwise Ciphers (1) : WEP-40
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : WEP-40
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    Extra: Last beacon: 4976ms ago

This output display all the available WLAN on my home. There is one with essid “Alice-39040094” and one “VARESANO_NET”. The command also displays different other useful info such as the encryption used or the link quality.

Now you should connect to a unprotected WLAN using the command iwconfig X essid ESSID where X is the name the system gived to your wireless device and ESSID is the essid of the network you are connecting into.

Then using iwconfig you should have reported that the wireless card is connected to your WLAN.

If you are using DHCP (Get automatically the IP under Windows) you should now run dhcpcd X where X is the name of your interface.

Did your connection works? Can you ping google.com?
I hope! Let’s continue!

Encrypt the wireless data

Now we must configure the card to use encrypted wifi traffic.

We will use wpa_supplicant for this. Once again use your distro packages or get the sources and compile them.

Once you have wpa_supplicant installed you will have a configuration file called /etc/wpa_supplicant.conf. Edit it to something similar to this:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

network={
       ssid="your_wireless_access_point_name_here"
       psk="your_password_here"
       key_mgmt=WPA-PSK
       proto=WPA
       pairwise=TKIP
       group=TKIP
}

Note: where it asks for your psk, do not enter the passkey. You must first run the following command (from the terminal):

wpa_passphrase "your_ssid" "your_secret_phrase"

This will then output something like this:

network={
         ssid="your_ssid"
         #psk="your_secret_phrase"
         psk=325lasdflk234523lkasdflkl654325234lkasdf123jkkj34kl
}

What you need is the long alphanumeric string to paste into the wpa_supplicant.conf shown above.

The ctrl_interface directory needs to be created (as it’s not usually there by default):

mkdir /var/run/wpa_supplicant

Now the configuration of WPA is completed.

Start you network

We are now ready to securely connect to the WLAN.

Again check that you see the WLAN you want to connect to with iwlist scanning.

Then connect to your network: iwconfig X essid ESSID.

Now enable secure connection with:

wpa_supplicant -i eth2 -Dwext -c /etc/wpa_supplicant.conf &

It should return something like:

Trying to associate with 00:18:4d:bb:ab:6e (SSID='VARESANO_NET' freq=2462 MHz)
ioctl[SIOCSIWFREQ]: Operation not supported
Association request to the driver failed
Associated with 00:18:4d:bb:ab:6a
WPA: Key negotiation completed with 00:18:4d:bb:ab:6a [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to 00:18:4d:bb:ab:6a completed (auth) [id=0 id_str=]

Now dhcpcd X should let you join your network.

Conclusions

With this steps I’ve been able to create a WPA-PSK secured wireless LAN on my Intel Pro Wireless 2100 network card. I’ve been using this setup for three weeks and everything is good. Stable connection and good speed.

However WPA-PSK has known to be not the best in security. For the best you should run WPA2-PSK.

My access point is WPA2-PSK capable but I was not able to configure a WPA2 secured WLAN on my ipw2100 card. However it seems that this is possible: I once chatted with a guy on IRC channel #ipw2100 on irc.freenode.org which was successful with this.

Scroll to Top