SDB:Tracking down wireless problems
If you want to contribute, please read the rules for this wiki and if you have any questions, don't hesitate to contact the wiki team, we are more then willing to help you! :-)
Purpose
The main components used when setting up a wireless connection are:
- nm-applet (in GNOME) or KNetworkManager (in KDE)
- NetworkManager and/or YaST
- wpa_supplicant
- the wireless driver (some in conjunction with mac80211)
Common Pitfalls
MAC Address Filter
Be sure to disable the MAC address filter in your wireless access point (WAP, AP) or add your wireless card's MAC address.
Kill Switch
Most built-in wireless cards may be activated/deactivated using a hardware switch. Make sure the wireless device is physically enabled. If the hardware switch is deactivated the driver has no chance to set the wireless network up.
Firmware
Some wireless devices (e.g. iwl3945, iwlagn, b43, ...) need a so-called firmware which has to be provided by the host operating system. Some firmware files are already provided with openSUSE in form of rpm packages (e.g. iwl3945-ucode or ralink-firmware) but some firmware files may not be provided due to legal reasons. Hence they have to be installed manually. Some of these firmware files may be downloaded with scripts provided in /usr/sbin (e.g. install_acx100_firmware, install_bcm43xx_firmware and install_intersil_firmware).
To determine if you need to install firmware:
dmesg | less
and step through the output looking for error messages.
Channels 12,13 and 14 are disabled (wrong regulatory domain)
As of openSUSE 11.0 most wireless drivers depend on mac80211. Regulatory domain handling has been implemented in the wireless stack, but it is not available until kernel 2.6.27. In order to stay FCC compliant the stack enables only the minimal subset of available channels (1-11 in the bg-band). For example in Germany the channels 12 and 13 are allowed too but disabled by default. These channels can be enabled by overwriting the regulatory domain (allowed parameters are US, EU and JP):
echo "options cfg80211 ieee80211_regdom=EU" > /etc/modprobe.d/cfg80211
Either reload all wireless modules (mac80211, cfg80211, iwl3945, etc.) or just reboot to enable the new regulatory domain.
This is fixed in Factory due to the use of CRDA
NetworkManager
Which logs are needed
In order to track down wireless issues with NetworkManager the following logs are needed after a failed connection attempt:
- /var/log/NetworkManager
- /var/log/wpa_supplicant (if possible with verbose debug output)
- the output of dmesg
Enable wpa_supplicant debug output
Permanent
To get maximum debug output from wpa_supplicant you have to modify the file /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service.
Just change the line
Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log
to
Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -dddt -f /var/log/wpa_supplicant.log
and run the following commands as root:
> rcnetwork stop > killall wpa_supplicant > rcnetwork start
Now wpa_supplicant will write very verbose debug output to /var/log/wpa_supplicant.log
Short Term
If the debug output should be enabled only for a short period of time (for example to debug one connection attempt) the debug level can be changed with
> kill -SIGUSR1 `pidof wpa_supplicant`
The supplicant log (/var/log/wpa_supplicant) will print a line indicating the new debug level:
Signal 10 received - changing debug level to MSGDUMP
JFI: this is openSUSE specific, the signal handler is not implemented in upstream wpa_supplicant
How to set up a connection manually
Stop NetworkManager and wpa_supplicant
In order to set up a connection manually ensure that no instance of NetworkManager or wpa_supplicant is running at the moment.
> rcnetwork stop > killall wpa_supplicant
If your access point does not use any security you may use plain iwconfig for setting the connection up. Even WEP secured connections can be set up this way. For all other connection types (WPA-PSK, WPA-EAP, 802.1x with dynamic WEP) wpa_supplicant is required.
Basic commands
First run iwconfig to find out which wireless interface you want to use.
> iwconfig
lo no wireless extensions.
eth1 no wireless extensions.
eth0 unassociated ESSID:""
Mode:Managed Frequency=2.412 GHz Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:3 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:53 Missed beacon:0
In this example eth0 is the wireless interface.
If you don't know the name (Essid) of your wireless network you might want to run a scan.
> iwlist eth0 scan
...
Cell 02 - Address: XX:XX:XX:XX:XX:XX
ESSID:"XXXXXX"
Protocol:IEEE 802.11bg
Mode:Master
Channel:2
Frequency:2.417 GHz (Channel 2)
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Quality=37/100 Signal level=-78 dBm
Extra: Last beacon: 488ms ago
...
This command prints all access points in range. If your access point doesn't show up in the list it does most likely not broadcast its essid. Try scanning for this specific network.
> iwlist eth0 scan essid your_essid_here ...
iwconfig
Unsecured connection
If you are using a mac80211-driver (e.g. iwl3934, iwl4965, ath5k, b43, rtl8187, rt2x00, ...) the interface has to be up before the connection can be established:
> ip link set eth0 up
Setting up an unsecured wireless connection with iwconfig is quite easy.
> iwconfig eth0 essid your_essid_here
Wait a few seconds and run iwconfig to see if a connection was established.
> iwconfig eth0
eth0 IEEE 802.11g ESSID:"XXXXXX"
Mode:Managed Frequency:2.417 GHz Access Point: XX:XX:XX:XX:XX:XX
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=58/100 Signal level=-68 dBm Noise level=-90 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:10
The important information is
- Access Point: XX:XX:XX:XX:XX:XX - should contain the MAC-address of your access point
- Link Quality=58/100 - should be something else then 0
- Signal level=-68 dBm - should be something else then 0
- Noise level=-90 dBm - should be something else then 0
Now the wireless connection is set up :)
But before you can actually do something useful with this connection you have to get an IP address as described later (Getting an IP address).
WEP secured connection
TBD
wpa_supplicant
Setting up a connection using wpa_supplicant is a bit more complicated than connection to an unsecured wireless network. You first have to write a configuration file which contains all needed information. The configuration file first contains some basic information which is identical for every network you want to connect to.
ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1
The next step is to include the required network block into the configuration file. The network block differs for each type of wireless security.
Open System WEP
network={
ssid="your_ssid_here"
key_mgmt=NONE
group=WEP40 WEP104
# Passphrase keys must be in double-quotes. Hex and ASCII are ok unquoted
wep_key0=FFFFFFFFFF
# wep_key1="passphrase"
# wep_key2=CCCCC
# wep_key3="another_passphrase"
priority=5
#Be sure to set the wep_keyX you want to try first using this
wep_tx_keyidx=0
auth_alg=OPEN
}
For a wpa-psk-secured network, just take this one and modify the parameters ssid and psk.
network={
ssid="your_essid_here"
psk="your_password_here"
key_mgmt=WPA-PSK
priority=5
proto=WPA
}
WPA-EAP
network={
ssid="your_essid_here"
identity="your_usename_here"
psk="your_password_here"
# wpa_supplicant debug output will tell you what to put here
subject_match="/C=US/ST=Utah/L=Provo/O=Novell, Inc./CN=foo.novell.com"
proto=WPA
key_mgmt=WPA-EAP
group=CCMP TKIP
eap=PEAP
phase2="auth=MSCHAPV2"
ca_path="/etc/ssl/certs"
}
Starting the connection
To start the previously configured connection using wpa_supplicant run the following command
> wpa_supplicant -Dwext -ieth0 -c/etc/your_config_file -dddt
-Dwext tells wpa_supplicant to use the wext-driver for communication with the low level driver, most current drivers should work fine with this setting (at least add mac80211-based drivers).
-ieth0 describes which interface should be used for the wireless connection
-c/etc/your_config_file simply tells wpa_supplicant which configuration to use
-dddt enables maximum debug output
After a few seconds wpa_supplicant hopefully shows something like
1213018160.349324: State: GROUP_HANDSHAKE -> COMPLETED 1213018160.349334: CTRL-EVENT-CONNECTED - Connection to XX:XX:XX:XX:XX:XX completed (auth) [id=0 id_str=] 1213018160.349341: wpa_driver_wext_set_operstate: operstate 0->1 (UP) 1213018160.349348: WEXT: Operstate: linkmode=-1, operstate=6 1213018160.349880: EAPOL: External notification - portValid=1 1213018160.349899: EAPOL: External notification - EAP success=1 1213018160.349905: EAPOL: SUPP_PAE entering state AUTHENTICATING 1213018160.349911: EAPOL: SUPP_BE entering state SUCCESS 1213018160.349917: EAP: EAP entering state DISABLED 1213018160.349924: EAPOL: SUPP_PAE entering state AUTHENTICATED 1213018160.349930: EAPOL: SUPP_BE entering state IDLE 1213018160.349954: RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP]) 1213018160.349965: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added 1213018161.356786: RSN: processing PMKSA candidate list 1213018161.356821: RSN: not in suitable state for new pre-authentication 1213018161.852768: EAPOL: startWhen --> 0
The wireless connection is set up and you can verify it by using iwconfig on a new console as described before.
wpa_gui
To make life somewhat easier, wpa_supplicant has two companion applications wpa_cli and wpa_gui. While wpa_cli is part of the wpa_supplicant package, you will need to install wpa_gui separately.
# zypper in wpa_supplicant-gui
For wpa_gui to be able to cooperate with wpa_supplicant, we need to edit the file /etc/wpa_supplicant/wpa_supplicant.conf with gedit or your favorite editor.
# gedit /etc/wpa_supplicant/wpa_supplicant.conf
We simply add "update_config=1" after the existing lines and save the file. For reference to wpa_supplicant configuration see /usr/share/doc/packages/wpa_supplicant/wpa_supplicant.conf
Now we start wpa_supplicant
# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B
followed by
# wpa_gui
The wpa_gui dialog opens, we press scan and are presented with a window listing all detected Access Points. Double clicking on any one entry opens yet another dialog which lets us enter the passphrase, by pressing Add, the network is added to wpa_gui and connection is made. This works for open, WEP and WPA encrypted networks. wpa_gui also writes the proper parameters to wpa_supplicant.conf, so if you're interested what they look like, do
# cat /etc/wpa_supplicant/wpa_supplicant.conf
Note: wpa_gui will not work with the instance of wpa_supplicant started by NetworkManager, as that is using D-Bus to communicate. It works perfectly with the instance started by ifup though, not even a configuration file is needed.
Getting an IP address
DHCP
If your network uses dhcp for IP address assignment you need to first check for instances of dhcpcd or dhclient running and stop them, if any.
# killall -TERM dhcpcd dhclient
Now you can use either dhcpcd wlan0 | eth1 or dhclient wlan0 | eth1 to acquire an IP address
# dhcpcd wlan0
If dhccpcd returns to the commandline the interface should have an IP address assigned. That can be verified using ip.
> ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 50
link/ether XX:XX:XX:39:49:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.173/24 brd 196.168.0.255 scope global eth0
inet6 fe80::212:f0ff:fe39:49b4/64 scope link
valid_lft forever preferred_lft forever
The relevant part is 192.168.0.173.
Manual IP setup
Just set the desired IP address using iproute2
> ip addr add 192.168.0.145/24 dev eth0
Verify if the connection is working
The best way to determine if the connection is up and running is to ping an internet site
> ping google.com PING google.com (64.233.167.99) 56(84) bytes of data. 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=242 time=156 ms 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=2 ttl=242 time=151 ms 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=3 ttl=242 time=151 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008ms rtt min/avg/max/mdev = 151.011/152.976/156.665/2.648 ms
If the output looks like the above the connection is working!
If you don't get that response, you may want to check whether at least the AP is reachable. In this example 192.168.0.1:
ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.75 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=2.14 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=1.75 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=1.84 ms ^C --- 192.168.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3012ms rtt min/avg/max/mdev = 1.754/1.874/2.145/0.160 ms
If you can ping the AP but no Internet address, there is someting wrong with name resolution. This could be caused by two NICs being enabled (i.e. wired and wireless) where each one has dhcpcd running.
Please take down both interfaces and then up the wireless NIC and retry from top.
# ifdown eth0 # ifdown wlan0 # ifup wlan0
TODO: Explain what to do now..
Capturing packets aka monitor mode
Needed software
For capturing packets on a wireless interface you can use kismet. Afterwards Wireshark is able to read a capture file produced by kismet and show the packets in a user friendly way.
Enable monitor mode
If you have a second wireless card which can be used for monitoring the wireless traffic the following starts capturing the traffic:
> ip link set wlan0 down > iwconfig wlan0 mode monitor > ip link set wlan0 up > iwconfig wlan0 channel X > wireshark -i wlan0 -k
This will open wireshark and start capturing all frames received by wlan0 on channel X.
FAQ
Q: My connection is dropped every few minutes
A: Some access points tend to drop connections if the client is inactive for a specific amount of time. Sometimes this behavior can be changed in the access points configuration interface.
Links to Novell and openSUSE pages
- forum Wireless on forums.opensuse.org
External links
- http://wireless.kernel.org/en/users/Reporting_bugs
- Specific tips to KDE's Network Management tools
- Network Manager Debuging in Gnome
Authors
Helmut Schaa <hschaa@suse.de>