Rootserver Sponsor



Please support your operating system's further development:



wpa-roaming is a method with which you can browse and connect to wireless networks within and without a graphical desktop environment. This is very convenient for notebook users. Some Linux users might know network-manager from other distributions which looks great but has some caveats:
  • it only can be used in a GUI environment
  • it has a daemon running
  • it is sometimes very unreliable

wpasupplicant is a program to not only address wireless networks with WPA keys but all wireless networks. In combination with the "classic" /etc/network/interfaces it is a very powerful method to connect to networks without even doing anything. It does it automatically if a network is open or the network is added to a configuration file. Even more convenient: if you allow hotplugging, the correct connection is set fully automated right after logging in (into a desktop environment or into a non X session).


To be able to use wpa-roaming with wpasupplicant in a GUI environment you have to have two packages installed:
  • wpasupplicant
  • wpagui

apt-get update && apt-get install wpasupplicant wpagui

wpasupplicant is mandatory, wpagui is a very convenient addition for GUI controlled networking in environments in which you want to change your access point.

An excellent theoretical introduction and very elaborate setups for /etc/network/interfaces and /etc/wpa_supplicant/wpa_supplicant.conf you find in our aptosid manual, this wiki entrance strives to present the practical part: how is wpa-roaming set up and how is it used with wpa_gui.

Have also a look into:


Using wpa-gui without network configuration

As root adapt your /etc/network/interfaces so that it contains those lines. the name of the interface might vary:

allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

As root you also edit a raw /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


This setup connects automatically to any available open WLAN.

If you do not want to be automatically connected, add the option "disabled=1". You then can decide on your own when you want to be connected to an open WLAN by using wpagui:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


The next step secures wpa_supplicant.conf from unwanted access. This is necessary, because secret keys of private networks are saved in this file:

chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

Running it

  • Make sure, you are member of the group netdev (1)
  • Restart the network or reboot (2)

(1) default for the user who is set up during the installation of sidux

(2) Stop any running network with

ifdown <interface>

(3) Initiate roaming for the first time with

ifup wlan0

Starting wpa_gui

This starts the wpa_gui as user (you need the full path!):


This is the default screen (forget the data in it, I have a very custom setup):


This is the interface for managing networks:


To add a known network just click "add" and you will get this interface with pulldown menus (supports no encryption, WEP, WPA - just add the correct data) and hit "add" here as well:


Or more easily, just hit "scan" to scan the network


and doubleclick on the network you want to add the desired network (all data is automatically added, you just need the passphrase - plain or in hex) and hit "add":


If you are happy and everything is working, you can add the settings to /etc/wpa_supplicant/wpa_supplicant.conf by choosing "File > Save Configuration".

Using wpa-gui with network configuration

With the help of "IDString" and "Priority" you can direct to which network the box is connected at boot time. Highest priority is "1000", lowest priority is "0". You have to add the IDString to /etc/network/interfaces as well.

Here now the syntax for /etc/network/interfaces. First for connection to DHCP servers, the second if you are provided with a fix IP address. Adjust to your settings:

# id_str="home_dhcp"
iface home_dhcp inet dhcp

# id_str="home_static"
iface home_static inet static



Here an example how I use it. I want to be automatically connected to my home WLAN when I am at home, so I gave that the IDString "home" and priority "15". When I am travelling, I want the laptop to connect to any free, non passworded network which is available. I gave it the IDString "stalk" and priority "1" (very low). But please, always check if your connection is legal and disconnect if it is obviously not intended to be free.

So, here my stanzas in /etc/network/interfaces:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
# automatically added when upgrading
auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
  wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface home inet dhcp
iface stalk inet dhcp

And here my /etc/wpa_supplicant/wpa_supplicant.conf (SSID and passwords are changed or just explained):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

        psk=123ABC  ##here comes the passphrase in hexadecimal code!!
#       psk="password_in_ascii"   ##I do not use that

        disabled=1   ## no automatic connection, one needs wpa_cli or wpa_gui

With "disabled=1" you will not be automatically connected to a defined network block (here: open WLANs), you have to initiate roaming through wpa_gui or wpa_cli. For automatic roaming don't use that option at all or comment the line with the "disabled" option using a #.

WEP encryption

If you want to add WEP encrypted networks to your wpa_supplicant.conf permanently, the syntax is:

        ssid="example wep network"


1. Easy to reuse

Once set up, you can easily reuse your setup on other laptops or desktops with WLAN cards. Just copy /etc/network/interfaces (adjust the name of the interface if needed) and /etc/wpa_supplicant/wpa_supplicant.conf to your new box. There is no need of "installing" anything after that. It is "wash & go" (TM).

2. Backup

It is good to backup /etc/network/interfaces and /etc/wpa_supplicant/wpa_supplicant.conf, but encrypt your backup because it contains sensitive information. An easy way is a password protected archive like 7zip, zip, rar or others.

3. Desktop button

To create a desktop icon, rightclick on kmenu>internet>wpa_gui and choose to send it to the desktop.

4. Hidden SSIDs

Hidden SSIDs are detected when "scan_ssid=1" is defined in the network block.

5. Authentification algorithms

For WPA/WPA2 encryption you need

For static WEP encryption you might need

That's about it, have fun, it is really great.