本文描述了如何在Debian系統(tǒng)上配置WiFi網(wǎng)口，從而連接無線網(wǎng)絡(luò)。This page describes how to configure a WiFi interface on a Debian system, for use on a network.

如果你的無線設(shè)備擁有一個(gè)可用的接口（使用iwconfig來驗(yàn)證），就有必要配置它并使之連上網(wǎng)絡(luò)。如果你并沒有發(fā)現(xiàn)無線接口，請(qǐng)參考 WiFi 來獲得對(duì)應(yīng)設(shè)備的驅(qū)動(dòng)程序的信息。

Wireless network interface configuration can be performed using a connection manager (such as NetworkManager) or through Debian's /etc/network/interfaces file with a special purpose utility (such as wpa_supplicant). Examples of NetworkManager and wpa_supplicant configuration are described below. 無線網(wǎng)絡(luò)接口的配置可以通過連接管理器（如 NetworkManager ）或者 Debian 系統(tǒng)的配置文件/etc/network/interfaces 及特定的工具程序（如wpa_supplicant）來實(shí)現(xiàn)。使用NetworkManager 和 wpa_supplicant 來配置的例子參見下面的描述。

The WEP algorithm is insecure and deprecated by WPA. Use of WEP is not recommended and is not covered within this document. 注意 WEP 算法并不安全，WPA不建議使用。本文沒有涉及到使用 WEP 的內(nèi)容，也不推薦使用。

NetworkManager

NetworkManager is configured through graphical interfaces, which are available for GNOME and KDE. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file. 網(wǎng)絡(luò)管理器作為任何一個(gè)前端管理包依賴的組件被引入進(jìn)來，它可以通過 GNOME 和 KDE 圖形界面來配置。不要在你 Debian 系統(tǒng)的/etc/network/interfaces文件內(nèi)指引你的無線接口。

NetworkManager is also a front-end for wpa_supplicant. 網(wǎng)絡(luò)管理器同樣也是 wpa_supplicant 的前端處理器。 === GNOME === 對(duì)于GNOME

1. Ensure your user account is a member of the netdev group.

確認(rèn)你的用戶賬號(hào)屬于 netdev 組

1. Install the network-manager-gnome package:

安裝debian包network-manager-gnome

$ su
# aptitude update
# aptitude install network-manager-gnome

1. Log out of GNOME, then log back in to your system.
2. A new applet (computer icon) will appear in the notification area / system tray. Left-click this icon to present the nm-applet pop-up menu.
3. Neighboring wireless networks with a broadcasted SSID should be listed:
   • Click on the desired network's name.
   • If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
   • The wireless network connection will be activated.
   If the desired network is not listed (e.g. SSID not broadcast/hidden):
   • Click "Connect to Other Wireless Network...".
   • Enter the network's SSID at "Network Name".
   • If encryption is used, select the method from the "Wireless Security" drop-down list (usually "WPA Personal" or "WPA2 Personal").
     • Enter the passphrase/pre-shared key at "Password".
   • Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

KDE

1. Ensure your user account is a member of the netdev group.

2. Install the network-manager-kde package:

   $ su
   # aptitude update
   # aptitude install network-manager-kde

3. From the K Menu, select "Run Command". Enter "knetworkmanager" and click "Run".
4. A new applet (wallplug/socket icon) will appear in the system tray. Right-click this icon to present the KNetworkManager pop-up menu.
5. Neighboring wireless networks with a broadcasted SSID should be listed:
   • Click on the desired network's name.
   • If the network uses WPA encryption with a password (aka passphrase/pre-shared key), you will be prompted to enter it. After providing, click the "Connect" button.
   • The wireless network connection will be activated.
   If the desired network is not listed (e.g. SSID not broadcast/hidden):
   • Click "Connect to Other Wireless Network...".
   • Enter the network's name in "Name (ESSID)".
   • Tick "Use Encryption" if in use on the network.
     • Select the encryption method used (usually "WPA Personal").
     • Enter the passphrase/pre-shared key at "Password".
     • Select "WPA 1" or "WPA 2" for the protocol version, as used by the network.
   • Click the "Connect" button to activate the wireless network connection.

See the NetworkManager page for frequently asked questions, documentation and support references.

Other GUI

The network-manager-kde package will work for icewm and Xfce too

wicd - for Xfce, LXDE, Fluxbox

wicd (Wireless Interface Connection Daemon) is an alternative to NetworkManager. It is environment independent, making it a perfect replacement for other desktop environments (e.g. Xfce, LXDE, Fluxbox, etc.). Like NetworkManager, wicd is configured via a graphical interface. Your wireless interface should not be referenced within Debian's /etc/network/interfaces file.

Lenny users: wicd is not included in Lenny, but is available as a backported package. Configure /etc/apt/sources.list as explained in the Backports page before continuing.

1. Update the list of available packages and install the wicd package:

   $ su
   # aptitude update
   # aptitude install wicd

2. Amend /etc/network/interfaces to contain only the following:

   # This file describes the network interfaces available on your system
   # and how to activate them. For more information, see interfaces(5).
   
   # The loopback network interface
   auto lo
   iface lo inet loopback

3. If not already performed, add your regular user account to the netdev group and reload DBus:

   # adduser yourusername netdev
   # /etc/init.d/dbus reload

4. Start the wicd daemon:

   # /etc/init.d/wicd start

5. Start the wicd GUI with your regular user account:

   # exit
   $ wicd-client -n

See also wicd frequently asked questions.

wpa_supplicant

wpa_supplicant is a WPA client and IEEE 802.1X supplicant.

The wpasupplicant package provides wpa-* ifupdown options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.

• GNOME and KDE users shouldn't configure wpa_supplicant manually. Use NetworkManager as explained above.

Before continuing, install the wpasupplicant package:

• $ su
  # aptitude update
  # aptitude install wpasupplicant

WPA-PSK and WPA2-PSK

Also known as "WPA Personal" and "WPA2 Personal" respectively.

1. Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure:

   # chmod 0600 /etc/network/interfaces

2. Open /etc/network/interfaces in a text editor:

   # sensible-editor /etc/network/interfaces

3. Define appropriate stanzas for your wireless interface, along with the SSID and PSK. For example:

   auto wlan0
   iface wlan0 inet dhcp
       wpa-ssid mynetworkname
       wpa-psk mysecretpassphrase

   The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
4. Save the file and exit the editor.

5. Bring your interface up. This will start wpa_supplicant as a background process.

   # ifup wlan0

Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.

For general /etc/network/interfaces information, see the interfaces(5) man page.

WPA-EAP

For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.

Once available, reference your configuration file in /etc/network/interfaces. For example:

• auto wlan0
  iface wlan0 inet dhcp
      wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections

To switch between multiple distinct configurations:

• GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)

• Console users can

  • use logical interfaces, as

    iface wlan_home inet dhcp
        wpa-ssid mynetworkname
        wpa-psk mysecretpassphrase

    # ifup wlan0=wlan_home

  • use ifscheme, see the example configuration at .

  • You can use guessnet(8) to switch profiles automatically by your location. Tutorial here.

Security consideration

1. Every member of a network can listen to other members' traffic. (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (https, imaps...) or VPN to preserve your privacy.

2. WEP is so insecure that it is basically equivalent to not using any encryption at all.

3. WPA 1 is deprecated. Use WPA2 instead.

4. Make sure you use strong pass-phrase.

Network security, see: http://www./doku.php?id=tutorial.

See Also

• WiFi/AdHoc - Establishing a WiFi network without an access point.

• iwconfig(8)

• NetworkConfiguration

• NetworkManager

• WiFi

• WPA