Making wpa_supplicant work with dhclient on Fedora

Dan Williams dcbw
Thu May 15 07:34:21 PDT 2008

On Wed, 2008-05-14 at 19:51 -0400, Pavel Roskin wrote:
> Hello!
> I have figured out a way to use wpa_supplicant and dhclient on the same
> interface in Fedora (tested on Fedora 8 and Fedora 9).  I'm actually
> surprised that I don't see loud screams that it's not working.  It's
> quite possible that I'm missing something obvious that everybody else it
> doing.  Then I apologize for the noise in advance.  Anyway, that's the
> simplest solution I could find.
> There are two problems here.  One is that the "network" service starts
> before "wpa_supplicant", and dhclient is called when "network" starts.
> This means that dhclient fails after a long timeout.  When
> wpa_supplicant starts, it's too late.

Because the normal 'network' service doesn't support WPA at this time,
it was pointless to integrate wpa_supplicant into the network service
startup scripts (ifup-wireless) until WPA was supported.

I'd like to add the key/value pairs to the ifcfg files for WPA support,
which NetworkManager needs anyway to use system connections.  That would
also mean a fairly straightforward effort to make ifup-wireless write
out a wpa_supplicant config file and launch the supplicant if you don't
want to use NM for your interface.  The only problem is figuring out
when the state changes to CONNECTED so that dhclient can be run if
BOOTPROTO=dhcp.  I assume somebody could write a small tool that pokes
the control interface to check for the connected state.

> The second problem is that dhclient brings the interface down to remove
> associated routes and other settings.  This breaks the connection.

Yeah, this is pretty lame and should be required; all it needs to do is
flush the routes and addresses with netlink.  Apparently it takes a
shortcut and downs the device.  NetworkManager doesn't do this any more
for this specific reason.

> wpa_supplicant is notified, but doesn't appear to do anything once the
> interface goes up.

It's up to the driver to send a disconnection SIOCSIWAP event when the
association breaks, and that includes when the device goes down.  So if
the device goes down, the supplicant should get the notice, and then try
to re-establish the connection.  If the driver doesn't send that event,
it's broken and we need to fix it.

> The solution involves file /etc/dhclient-exit-hooks,  which is called by
> dhclient in many situations.
> These are the steps:
> Use "normal" networking, not NetworkManager, which doesn't support WPA:

Confused... you mean that "normal" networking (ie, the 'network'
service) doesn't support WPA, or that NM doesn't support WPA?


> # chkconfig NetworkManager off
> # chkconfig network on 
> Set up /etc/wpa_supplicant/wpa_supplicant.conf using 
> /usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf as a template.
> Set up /etc/sysconfig/wpa_supplicant (put your interface and driver):
> INTERFACES="-i wlan0"
> DRIVERS="-D wext"
> Create /etc/dhclient-exit-hooks with the following contents:
> ---------------------------
> #! /bin/sh
> test "$reason" = PREINIT || exit 0
> /sbin/iwgetid -r --ap "$interface" >/dev/null || exit 0
> /sbin/ip link set "$interface" up
> /sbin/service messagebus start
> /sbin/service wpa_supplicant start
> /usr/sbin/wpa_cli -i "$interface" reassociate
> exit 0
> ?---------------------------
> # chown root:root /etc/dhclient-exit-hooks
> # chmod 755 /etc/dhclient-exit-hooks
> Make sure that /etc/sysconfig/network-scripts/ifcfg-wlan0 has
> That should be it.
> Some comments about /etc/dhclient-exit-hooks.  The PREINIT state is when
> the interface is down.  The script brings it up and makes wpa_supplicant
> reconnect.  Non-wireless interfaces are ignored.  The wpa_supplicant
> service is started explicitly.  It would not hurt it it's running
> already.  The wpa_supplicant service depends on the messagebus service,
> so it's started first.  I'm trying to do everything the Fedora way if
> possible - that's why wpa_supplicant is not run directly.
> In case wpa_supplicant is running already, it should be told to
> reassociate.  "reconnect" is not sufficient for mac80211 drivers, which
> pretend to be connected to an AP after the connection was broken.
> This approach works with WEP and open networks too.  wpa_supplicant
> takes care of reestablishing connections in the driver doesn't do it by
> itself.

More information about the Hostap mailing list