September 3, 2008 – 12:30 am by dj_goku
I wasn’t able to get WPA/WPA2 to work in OpenBSD 4.3-current in April of this year (support for WPA was added in mid April). So I thought it was too early and might be a little buggy still, and would wait until after OpenBSD 4.3 was released.
I have been thinking more about wireless security lately and thought I would give it another try (since I was using WEP). Upon installing and getting to the same point and failing like I did in April. I thought I would start messing with the options for ifconfig. The offending option was ‘wpaakms’ which defaults to’psk,802.1x’ and seems that it uses 802.1x (which uses an external server for authentication) by default. So after setting ‘wpaakms psk’ fixed all my problems, because I just want to enter a password/pass phrase.
If you have a supported card and are running a current snapshot follow the below example that I used for my ral supported card::
inet 10.0.2.1 255.255.255.0 NONE media autoselect \
mode 11g nwid obsd-wpa wpa wpapsk $(wpa-psk obsd-wpa super_secret_password_here) \
wpaakms psk mediaopt hostap
# ifconfig ral
ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
media: IEEE802.11 autoselect mode 11g hostap
ieee80211: nwid obsd-wpa chan 1 bssid 00:0e:2e:ff:ce:67 wpapsk 0xcac6fd3605965ddab2d5e90bd75edaa35ac23e5c52d840a449cb1677ebcd9923 wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip 100dBm
inet6 fe80::20e:2eff:feff:ce67%ral0 prefixlen 64 scopeid 0×2
inet 10.0.2.1 netmask 0xffffff00 broadcast 10.0.2.255
You will also need to setup dhcpd, and PF to get working, but after that all you need to do with your device is scan and enter ‘super_secret_password_here’ and you’ll be surfing in no time at all.
Initial WPA/WPA2 stuff on undeadly.org: http://undeadly.org/cgi?action=article&sid=20080416195151