Hi again,

This time, I will go through a couple of things that I learned today, which has bugged me for quite some time. It also took me forever to figure it out why I could not get it to work the way I wanted to. It also was not made easier with a recent change in the network management of Raspbian Jessie. Proper wifi configuration (on the command line) on the Raspberry Pi 3 with its built in wifi is simple, but not easy. This blog entry is about the scenario whan you do all your configuration on the command line. I have no clue on how to do it through any GUI tools.

What I wanted to do, could in principle be easily solved by the first two examples below, but I really wanted to both understand what I was doing, as well as having a flexible solution where my raspberry pi would also be a bit more mobile. By setting the ssid and wpa2 passwords directly in the /etc/network/interfaces file, I would have to remember and reconfigure the wifi configuration (prefreably before I unplug the device) if I were to move a raspberry pi from my home to my office (since they have different ssid:s and network configurations).

So i will touch these topics, since they are closely related:

  • Proper use of wpa_supplicant.conf in a wifi setup
  • Why on earth the raspberry pi claims a DHCP Ip address on eth0, wlan0, etc even if you configure a static IP address

For the quick solution, there are basically two scenarios:

  • If you want wifi, and are ok with DCHP: stay with the default configuration of /etc/network/interfaces, and just add a “network” section to /etc/wpa_supplicant/wpa_supplicant.conf
  • If you want wifi and a static IP address: The key items to remember is: id_str in /etc/wpa_supplicant/wpa_supplicant.conf and wpa-roam instead of wpa-conf in /etc/network/interfaces.

In the “jessie” release of Raspbian, the /etc/network/interfaces configuration changed from using wpa-roam to using wpa-conf to fit with the change to use a system component called dhcpcd. Basically, without any reconfiguration the dhcpcd daemon will monitor the states of any network interface (also eth0) and request an IP address from your DHCP server (which most likely is your internet router at home). In the bulk of installations, this is perfectly ok, even for advanced users, and for beginners it just works out of the box. The default configuration of the /etc/network/interfaces file will now expect you to use the stansa “iface xxx inet manual” instead of “iface xxx inet dhcp”. The DHCP stansa will still work, but is sort of redundant, since dhcpcd should be taking care of your DHCP requests.

Most how-to’s on the internet, showing you how to set up a static ip address on an interface, will work as expected (almost). You will get a static ip addres configured on your interface, but in the background you will also get a second ip address through the dhcpcd daemon, which you sadly will not see with the ifconfig -a command. You will, though, see it with either “hostname -I” or ip addr show“. One side effect (which is also merely more than an annoyance) is that you get a second route to your default gateway. Since the route you configure with your static ip configuration takes precedence, you will not even notice it, but it is there (which is seen by using “netstat -nr” or “ip route show“.

Wifi configurations that come quickly to a decently round up linux admin (which would not at all use the wpa_supplicant.conf):

  • Putting the ssid and WPA2 password directly in the /etc/network/interfaces, using DHCP
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "MY_SSID"
wpa-psk "MY_SECRET_PASSWORD"
  • Using the ssid and WPA password directly in the /etc/network/interfaces, using static IP configuration
allow-hotplug wlan0
iface wlan0 inet static
wpa-ssid "MY_SSID"
wpa-psk "MY_SECRET_PASSWORD"
address 192.168.3.11
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
dns-nameservers 192.168.3.1

Although both these ways of configuring the wifi on my raspberry pi works, they are both very static. As mentioned above, I would have to re-configure the /etc/network/interfaces file before I shut the raspberry pi down if I were to move it to another wifi network. I would like to just shut it down, move it, and start it up with a working configuration.

In the second case I would also get that “shadow” ip address:

pi@raspberrypi:~ $ hostname -I
192.168.3.11 192.168.3.133

The difference between “wpa-conf” and “wpa-roam” in the /etc/network/interfaces file, is that when you use “wpa-conf” you should not be moving your gear around that much. If you want to use DHCP, just set up your network in the /etc/wpa_supplicant/wpa_supplicant.conf or directly in your /etc/network/interfaces file. One network to rule them all. If you move your device, you should be prepared before you shut down, or be prepared for a big hassle when you arrive at your new destination. When using “wpa-roam” you should either accept that you get a shadow IP address, or disable the wlan0 interface in the dhcpcd configuration, or turn off dhcpcd once and for all.

I set up a simple test, which still turned out to be 20 scenarios to go through. Sorry for the crappy table format. The table is mostly for show. Green is where the configuration is ok, yellow is where it looks to work at first glance but there is something lurking in the background.

Test#  Config file:
/etc/network/interfaces
DHCPCD enabled ->
“sudo update-rc.d dhcpd enable; sudo shutdown -r”
DHCPCD disabled ->
“sudo update-rc.d dhcpd enable; sudo shutdown -r now”
1 allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

works (ping 192.168.3.1)
dhclient -v … is running
works (ping 192.168.3.1)
dhclient -v … is running
2 allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

works (ping 192.168.3.1)
no dhcp client running after reboot
does not work, but if you start the dhclient manually, you will get an ip address
3 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

invalid config without the “address” variable invalid config without the “address” variable
4 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.3.11

Works (ping 192.168.3.1)
ifconfig show only one IP address
“ip addr show” shows 2 ip addresses
“netstat -nr” show a default route (from dhcp)
Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 1 ip addresses
“netstat -nr” show no default route (from dhcp)
5 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.3.11
# bad gateway address
gateway 192.168.3.99

Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 2 ip addresses
“netstat -nr” show 2 default routes (from dhcp), but the bad one has precedence
when removing the bad route “sudo route del -net 0.0.0.0 gw 192.168.3.99” all works
Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 1 ip addresses
“netstat -nr” show no default route (from dhcp)
6 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

does not work, missing required variable: address does not work, missing required variable: address
7 allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

Works (ping 192.168.3.1)
ifconfig show only one IP address
“ip addr show” shows 1 ip addresse (dhcp)
“netstat -nr” show a default route (from dhcp)
does not work, although “sudo wpa_cli status” show proper connection to the ssid
running “dhclient -v …” gives wlan0 an IP address
8 allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

Works (ping 192.168.3.1)
proper gw, dns, all
wpa_cli status” show proper connection
“ip addr show” shows 2 ip addresses
“netstat -nr” shows 2 routes to the default gateway
Works (ping 192.168.3.1)
proper gw, dns, all
wpa_cli status” show proper connection
“ip addr show” shows only 1 ip address
9 command line:
echo “denyinterfaces wlan0” | sudo tee -a /etc/hdcpcd.conf
sudo service dhcpcd restart/etc/network/interfaces

configuration:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

Works as expected. Static IP set.
Ping 192.168.3.1 ok
proper gw, dns, all
wpa_cli status” show proper wifi connection
“ip addr show” shows 1 ip address
“hostname -I” shows 1 ip address
“netstat -nr” shows 1 default route
n/a, will work, see test 8
10 command line:
echo “denyinterfaces wlan0” | sudo tee -a /etc/hdcpcd.conf
sudo service dhcpcd restart/etc/network/interfaces

configuration:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface default dhcp

Works as expected. DHCP address.
“wpa_cli status” show proper wifi connection
dhclient -v … is running
Ping 192.168.3.1 ok
proper gw, dns, all
wpa_cli status” show proper wifi connection
“ip addr show” shows 1 ip address
“hostname -I” shows 1 ip address
“netstat -nr” shows 1 default route
n/a, will work, see test 8

You can ignore your wlan0 interface by doing the following (which will survive a reboot).

echo "denyinterfaces wlan0" | sudo tee -a /etc/dhcpcd.conf
sudo service dhcpcd restart

In the end, the choice is yours. If you are decently experienced and you disable dhcpcd, you will not lose much at all. I would even recommend it.

  • Disable dhcpcd
sudo update-rc.d dhcpcd disable
sudo service dhcpcd stop
# sudo shutdown -r now
  • /etc/wpa_supplicant/wpa_supplicant.conf
country=GB
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
  ssid="AT_HOME"
  psk="SUPERSECRET"
  id_str="HOME_SSID"
  priority=15
}

network={
  ssid="OFFICE_SSID"
  psk="SUPERSECRET"
  id_str="OFFICE"
  priority=14
}
  • /etc/network/interfaces
auto lo
iface lo inet loopback

allow-hotplug wlan0
iface wlan0 inet manual
    wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

iface HOME inet static
  address 192.168.2.11
  netmask 255.255.255.0
  gateway 192.168.2.1
  broadcast 192.168.2.255
  dns-nameservers 192.168.2.1

iface OFFICE inet static
  address 192.168.3.11
  netmask 255.255.255.0
  gateway 192.168.3.1
  broadcast 192.168.3.255
  dns-nameservers 192.168.3.1

Useful commands:

  • wpa_cli status
  • sudo iw wlan0 scan | grep -i ssid
  • hostname -I
  • iwconfig wlan0
  • ip addr show
  • ip route show

References:

  • https://wiki.debian.org/WPA
  • http://manual.aptosid.com/en/inet-setup-en.htm
  • https://www.raspberrypi.org/forums/viewtopic.php?t=110606