1# wpa_supplicant configuration file.
2
3# Whether to allow wpa_supplicant to update (overwrite) configuration
4#
5# This option can be used to allow wpa_supplicant to overwrite configuration
6# file whenever configuration is changed (e.g., new network block is added with
7# wpa_cli or wpa_gui, or a password is changed). This is required for
8# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
9# Please note that overwriting configuration file will remove the comments from
10# it.
11update_config=1
12
13# global configuration (shared by all network blocks)
14#
15# Parameters for the control interface. If this is specified, wpa_supplicant
16# will open a control interface that is available for external programs to
17# manage wpa_supplicant. The meaning of this string depends on which control
18# interface mechanism is used. For all cases, the existence of this parameter
19# in configuration is used to determine whether the control interface is
20# enabled.
21#
22# For UNIX domain sockets (default on Linux and BSD): This is a directory that
23# will be created for UNIX domain sockets for listening to requests from
24# external programs (CLI/GUI, etc.) for status information and configuration.
25# The socket file will be named based on the interface name, so multiple
26# wpa_supplicant processes can be run at the same time if more than one
27# interface is used.
28# /var/run/wpa_supplicant is the recommended directory for sockets and by
29# default, wpa_cli will use it when trying to connect with wpa_supplicant.
30#
31# Access control for the control interface can be configured by setting the
32# directory to allow only members of a group to use sockets. This way, it is
33# possible to run wpa_supplicant as root (since it needs to change network
34# configuration and open raw sockets) and still allow GUI/CLI components to be
35# run as non-root users. However, since the control interface can be used to
36# change the network configuration, this access needs to be protected in many
37# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
38# want to allow non-root users to use the control interface, add a new group
39# and change this value to match with that group. Add users that should have
40# control interface access to this group. If this variable is commented out or
41# not included in the configuration file, group will not be changed from the
42# value it got by default when the directory or socket was created.
43#
44# When configuring both the directory and group, use following format:
45# DIR=/var/run/wpa_supplicant GROUP=wheel
46# DIR=/var/run/wpa_supplicant GROUP=0
47# (group can be either group name or gid)
48#
49# For UDP connections (default on Windows): The value will be ignored. This
50# variable is just used to select that the control interface is to be created.
51# The value can be set to, e.g., udp (ctrl_interface=udp)
52#
53# For Windows Named Pipe: This value can be used to set the security descriptor
54# for controlling access to the control interface. Security descriptor can be
55# set using Security Descriptor String Format (see http://msdn.microsoft.com/
56# library/default.asp?url=/library/en-us/secauthz/security/
57# security_descriptor_string_format.asp). The descriptor string needs to be
58# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
59# DACL (which will reject all connections). See README-Windows.txt for more
60# information about SDDL string format.
61#
62ctrl_interface=wlan0
63
64# IEEE 802.1X/EAPOL version
65# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
66# EAPOL version 2. However, there are many APs that do not handle the new
67# version number correctly (they seem to drop the frames completely). In order
68# to make wpa_supplicant interoperate with these APs, the version number is set
69# to 1 by default. This configuration value can be used to set it to the new
70# version (2).
71eapol_version=1
72
73# AP scanning/selection
74# By default, wpa_supplicant requests driver to perform AP scanning and then
75# uses the scan results to select a suitable AP. Another alternative is to
76# allow the driver to take care of AP scanning and selection and use
77# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
78# information from the driver.
79# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to
80#    the currently enabled networks are found, a new network (IBSS or AP mode
81#    operation) may be initialized (if configured) (default)
82# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
83#    parameters (e.g., WPA IE generation); this mode can also be used with
84#    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
85#    APs (i.e., external program needs to control association). This mode must
86#    also be used when using wired Ethernet drivers.
87# 2: like 0, but associate with APs using security policy and SSID (but not
88#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
89#    enable operation with hidden SSIDs and optimized roaming; in this mode,
90#    the network blocks in the configuration file are tried one by one until
91#    the driver reports successful association; each network block should have
92#    explicit security policy (i.e., only one option in the lists) for
93#    key_mgmt, pairwise, group, proto variables
94# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
95# created immediately regardless of scan results. ap_scan=1 mode will first try
96# to scan for existing networks and only if no matches with the enabled
97# networks are found, a new IBSS or AP mode network is created.
98ap_scan=1
99
100# EAP fast re-authentication
101# By default, fast re-authentication is enabled for all EAP methods that
102# support it. This variable can be used to disable fast re-authentication.
103# Normally, there is no need to disable this.
104fast_reauth=1
105