summaryrefslogtreecommitdiffstats
path: root/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/wpa/wpa_supplicant/wpa_supplicant.conf')
-rw-r--r--contrib/wpa/wpa_supplicant/wpa_supplicant.conf54
1 files changed, 51 insertions, 3 deletions
diff --git a/contrib/wpa/wpa_supplicant/wpa_supplicant.conf b/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
index f5143c8..1b175ad 100644
--- a/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
+++ b/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
@@ -78,7 +78,9 @@ eapol_version=1
# allow the driver to take care of AP scanning and selection and use
# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
# information from the driver.
-# 1: wpa_supplicant initiates scanning and AP selection
+# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to
+# the currently enabled networks are found, a new network (IBSS or AP mode
+# operation) may be initialized (if configured) (default)
# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
# parameters (e.g., WPA IE generation); this mode can also be used with
# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
@@ -93,6 +95,10 @@ eapol_version=1
# key_mgmt, pairwise, group, proto variables
#
# For use in FreeBSD with the wlan module ap_scan must be set to 1.
+# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
+# created immediately regardless of scan results. ap_scan=1 mode will first try
+# to scan for existing networks and only if no matches with the enabled
+# networks are found, a new IBSS or AP mode network is created.
ap_scan=1
# EAP fast re-authentication
@@ -181,6 +187,12 @@ fast_reauth=1
# 4-octet operating system version number (hex string)
#os_version=01020300
+# Config Methods
+# List of the supported configuration methods
+# Available methods: usba ethernet label display ext_nfc_token int_nfc_token
+# nfc_interface push_button keypad
+#config_methods=label display push_button keypad
+
# Credential processing
# 0 = process received credentials internally (default)
# 1 = do not process received credentials; just pass them over ctrl_iface to
@@ -189,6 +201,20 @@ fast_reauth=1
# to external program(s)
#wps_cred_processing=0
+# Maximum number of BSS entries to keep in memory
+# Default: 200
+# This can be used to limit memory use on the BSS entries (cached scan
+# results). A larger value may be needed in environments that have huge number
+# of APs when using ap_scan=1 mode.
+#bss_max_count=200
+
+
+# filter_ssids - SSID-based scan result filtering
+# 0 = do not filter scan results (default)
+# 1 = only include configured SSIDs in scan results/BSS table
+#filter_ssids=0
+
+
# network block
#
# Each network (usually AP's sharing the same SSID) is configured as a separate
@@ -233,9 +259,10 @@ fast_reauth=1
# mode: IEEE 802.11 operation mode
# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
# 1 = IBSS (ad-hoc, peer-to-peer)
+# 2 = AP (access point)
# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
-# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
-# to be set to 2 for IBSS. WPA-None requires following network block options:
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). WPA-None requires
+# following network block options:
# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
# both), and psk must also be set.
#
@@ -246,6 +273,17 @@ fast_reauth=1
# an IBSS network with the configured SSID is already present, the frequency of
# the network will be used instead of this configured value.
#
+# scan_freq: List of frequencies to scan
+# Space-separated list of frequencies in MHz to scan when searching for this
+# BSS. If the subset of channels used by the network is known, this option can
+# be used to optimize scanning to not occur on channels that the network does
+# not use. Example: scan_freq=2412 2437 2462
+#
+# freq_list: Array of allowed frequencies
+# Space-separated list of frequencies in MHz to allow for selecting the BSS. If
+# set, scan results that do not match any of the specified frequencies are not
+# considered when selecting a BSS.
+#
# proto: list of accepted protocols
# WPA = WPA/IEEE 802.11i/D3.0
# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
@@ -362,6 +400,16 @@ fast_reauth=1
# a trusted CA certificate should always be configured when using
# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
# change when wpa_supplicant is run in the background.
+#
+# Alternatively, this can be used to only perform matching of the server
+# certificate (SHA-256 hash of the DER encoded X.509 certificate). In
+# this case, the possible CA certificates in the server certificate chain
+# are ignored and only the server certificate is verified. This is
+# configured with the following format:
+# hash:://server/sha256/cert_hash_in_hex
+# For example: "hash://server/sha256/
+# 5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
+#
# On Windows, trusted CA certificates can be loaded from the system
# certificate store by setting this to cert_store://<name>, e.g.,
# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
OpenPOWER on IntegriCloud