This is a step-to-step guide for connecting to a WPA/WPA2 WiFi network via the Linux command line interface. The tools are:
iw is the basic tool for WiFi network-related tasks, such as finding the WiFi device name, and scanning access points. wpa_supplicant is the wireless tool for connecting to a WPA/WPA2 network. ip is used for enabling/disabling devices, and finding out general network interface information.
The steps for connecting to a WPA/WPA2 network are:
Find out the wireless device name.
$ /sbin/iw dev
Interface wlan0
ifindex 3
type managed
The above output showed that the system has 1 physical WiFi card, designated as phy#0. The device name is wlan0. The type specifies the operation mode of the wireless device. managed means the device is a WiFi station or client that connects to an access point.
Check that the wireless device is up.
$ ip link show wlan0
3: wlan0: (BROADCAST,MULTICAST) mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 74:e5:43:a1:ce:65 brd ff:ff:ff:ff:ff:ff
Look for the word "UP" inside the brackets in the first line of the output.
In the above example, wlan0 is not UP. Execute the following command to bring it up:
$ sudo ip link set wlan0 up
[sudo] password for peter:
Note: you need root privilege for the above operation.
If you run the show link command again, you can tell that wlan0 is now UP.
$ ip link show wlan0
3: wlan0: (NO-CARRIER,BROADCAST,MULTICAST,UP) mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
link/ether 74:e5:43:a1:ce:65 brd ff:ff:ff:ff:ff:ff
Check the connection status.
$ /sbin/iw wlan0 link
Not connected.
The above output shows that you are not connected to any network.
Scan to find out what WiFi network(s) are detected
$ sudo /sbin/iw wlan0 scan
BSS 00:14:d1:9c:1f:c8 (on wlan0)
... sniped ...
freq: 2412
SSID: stanford
RSN: * Version: 1
* Group cipher: CCMP
* Pairwise ciphers: CCMP
* Authentication suites: PSK
* Capabilities: (0x0000)
... sniped ...
The 2 important pieces of information from the above are the SSID and the security protocol (WPA/WPA2 vs WEP). The SSID from the above example is stanford. The security protocol is RSN, also commonly referred to as WPA2. The security protocol is important because it determines what tool you use to connect to the network.
Connect to WPA/WPA2 WiFi network.
This is a 2 step process. First, you generate a configuration file for wpa_supplicant that contains the pre-shared key ("passphrase") for the WiFi network.
$ sudo -s
[sudo] password for peter:
$ wpa_passphrase stanford >> /etc/wpa_supplicant.conf
...type in the passphrase and hit enter...
wpa_passphrase takes the SSID as the single argument. You must type in the passphrase for the WiFi network stanford after you run the command. Using that information, wpa_passphrase will output the necessary configuration statements to the standard output. Those statements are appended to the wpa_supplicant configuration file located at /etc/wpa_supplicant.conf.
Note: you need root privilege to write to /etc/wpa_supplicant.conf.
$ cat /etc/wpa_supplicant.conf
# reading passphrase from stdin
The second step is to run wpa_supplicant with the new configuration file.
$ sudo wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf
-B means run wpa_supplicant in the background.
-D specifies the wireless driver. wext is the generic driver.
-c specifies the path for the configuration file.
Use the iw command to verify that you are indeed connected to the SSID.
$ /sbin/iw wlan0 link
Connected to 00:14:d1:9c:1f:c8 (on wlan0)
SSID: stanford
freq: 2412
RX: 63825 bytes (471 packets)
TX: 1344 bytes (12 packets)
signal: -27 dBm
tx bitrate: 6.5 MBit/s MCS 0
bss flags: short-slot-time
dtim period: 0
beacon int: 100
Obtain IP address by DHCP
$ sudo dhclient wlan0
Use the ip command to verify the IP address assigned by DHCP. The IP address is from below.
$ ip addr show wlan0
3: wlan0: mtu 1500 qdisc mq state UP qlen 1000
link/ether 74:e5:43:a1:ce:65 brd ff:ff:ff:ff:ff:ff
inet brd scope global wlan0
inet6 fe80::76e5:43ff:fea1:ce65/64 scope link
valid_lft forever preferred_lft forever
Add default routing rule.
The last configuration step is to make sure that you have the proper routing rules.
$ ip route show dev wlan0 proto kernel scope link src
The above routing table contains only 1 rule which redirects all traffic destined for the local subnet (192.168.1.x) to the wlan0 interface. You may want to add a default routing rule to pass all other traffic through wlan0 as well.
$ sudo ip route add default via dev wlan0
$ ip route show
default via dev wlan0 dev wlan0 proto kernel scope link src
ping external ip address to test connectivity
$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=48 time=135 ms
64 bytes from icmp_req=2 ttl=48 time=135 ms
64 bytes from icmp_req=3 ttl=48 time=134 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 134.575/134.972/135.241/0.414 ms
The above series of steps is a very verbose explanation of how to connect a WPA/WPA2 WiFi network. Some steps can be skipped as you connect to the same access point for a second time. For instance, you already know the WiFi device name, and the configuration file is already set up for the network. The process needs to be tailored according to your situation.
Thoroughly followed the above tutorial, I failed to connect the wireless router.
(working as root)
#wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext
#iw wlan0 link
Not connected.
Even I disable the WPA authentication using,
iwconfig wlan0 essid XXXXXXXXXXXXX
of no avail.
But the GNOME wireless tray is functioning(can select, connect, disconnect etc.)
Thank you a lot in advance.

Latest wpa_supplicant is able to do all the job itself.
The wpa_supplicant option you wrote seem to me ok.
But please, check the options in the file "/etc/wpa_supplicant.conf", if it readable and is well written (ssid,wpa,password correct....)


Reply on same network interface (UDP)

is it possible to reply all incoming packets/request on same network interface?
This is my setting: I have a headless Raspberry Pi (raspbian) with two network interfaces (eth0 and eth1). The fist interface (eth0) uses a public IP address, which is static. This interface is intended to provide access to the Pi (time- and web server, SSH) via the Internet. The second interface (eth1) uses the Raspberry Pi for general Internet connection (perform updates, sync own time or whatever) and uses a dynamic IP via DHCP. A general Internet connectivity over eth0 is not possible, so I have to use eth1 on the Pi.
My problem is that Internet (on the Pi) and the Internet access to the Pi are not working correctly.
first configuration (/etc/dhcpcd.conf):
interface eth0
static ip_address=
static routers=
after reboot 'ifconfig' shows the correct IP settings:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast
Internet on the Raspberry Pi (eth1): doesn't work
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): works fine
Apache web server (TCP): works fine
NTP time server (UDP): works fine
Now I tried to change the metric of the interfaces, hoping that the change of prioritization is successful
second configuration (/etc/dhcpcd.conf):
interface eth1
metric 200
interface eth0
static ip_address=
static routers=
metric 201
Internet on the Raspberry Pi (eth1): works fine
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): doesn't work
Apache web server (TCP): doesn't work
NTP time server (UDP): doesn't work
Ok. I think all traffic going out to eth1 at default. With the tool 'iptraf-ng' I was able to see the problem:
TCP Connections (Source Host:Port) Iface
-------------------------------------------------- eth0 eth0 eth1 eth1 eth0 eth0 eth1 eth1
UDP Connections
UDP (76 bytes) from to on eth0
UDP (76 bytes) from to on eth1
We see:
On TCP: some connections going out to the wrong interface (eth1).
On UDP: The request from came over eth0 and the response was sent over eth1.
Next, I defined the routing table to reply incoming packets on same network interface...
echo 100 public >> /etc/iproute2/rt_tables
ip rule add from table public
ip route add default via dev eth0 table public
Internet on the Raspberry Pi (eth1): works fine
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): works fine
Apache web server (TCP): works fine
NTP time server (UDP): doesn't work
and 'iptraf-ng' shows:
TCP Connections (Source Host:Port) Iface
-------------------------------------------------- eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0
UDP Connections
UDP (76 bytes) from to on eth0
UDP (76 bytes) from to on eth1
We see:
On TCP: now it works correctly
On UDP: same problem :(
What can I do to send UDP responses over the correct interface (eth0)? I have no idea why TCP works fine but UDP fails :(
Its very frustrating and I have no more ideas.
I hope someone can help.
best regards,

SSH on Raspberry Pi3

I install "ubuntu-17.04-desktop-amd64" and "qt-opensource-linux-x64-5.8.0" on on my laptop.
I wrote an application with Qt 5.8 for windows. It works fine in windows and Ubuntu.
IP address of raspberry ("hostname -I"):
Enable SSH:
In raspberry: from Preferences menu of Rasbian.
In Ubuntu:
sudo service ssh status
.... Starting OpenBSD Secure Shell server.
.... Server listening on port 22.
.... Server listening on :: port 22.
.... Started OpenBSD Secure Shell server.
I connect raspberry pi to laptop with Ethernet cable.
I create new device (Generic Linux Device) in "Tools -> Options…-> Devices tab"
Host name:
SSH port:22
Username: pi
Password: 1 (set by me)
Result test:
Device test: SSH connection: Network unreachable.
In Ubuntu:
ssh pi#
ssh: connect to host port 22: Network is unreachable
I edit the interface file to set the network configuration in raspberry:
sudo nano /etc/network/interfaces
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
allow-hotplug wlan0
iface wlan0 inet manual
But after reboot raspberry and execute "hostname -I", I have ""
You should configure a static IP in this way (see this link):
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
You've to move address, netmask, etc. below the line iface eth0 inet static.
Check if your correct IP address is correct and use command in terminal. Open the terminal use this command and find the exact ip address:
cd /var/misc
cat misc
Copy this IP address and use this command:
ssh pi#ip_address
change the order. put the settings under iface eth0 not the lo.
iface eth0 inet manual

why can't my vlan interface in linux network namespace ping the parent interface?

So I'm writing a program that isolates itself with namespaces, but I'm stuck on getting networking to work as I want it to. I plan to route my application over Tor, which is a Socks5 proxy that exposes a SocksPort on a network interface.
My application needs to work when it is already isolated with virtual machines and host only routing, with Tor on the host bound to say vboxnet1 (, eth0 inside of the VM is (, then I have a network namespace. Because of this, I can't simply use a veth pair and bind Tor to the veth on the parent namespace, because Tor is not even in the virtual machine. So ultimately, I need to get a connection to the SocksPort on, from a namespace, through eth0 ( in the parent namespace. However, the solution I use also should work when I'm not in a virtual machine, and when Tor is in the parent namespace (as opposed to the host of the VM with the parent namespace).
This is just some background as to why veth pairs and such will not work for me, and in general what I'm trying to do, my question is more specific;
I followed the guide at the following link:
on Linux 3.16
I will do it right now and show the exact commands I'm typing:
ip netns add blue
ip link add link eth0 name eth0.100 type vlan id 100
at this point "ip -d link", shows the following (with MAC edited out);
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether promiscuity 0
352: eth0.100#eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
promiscuity 0
vlan protocol 802.1Q id 100 <REORDER_HDR>
ip link set eth0.100 netns blue
I note that ip -d link from the blue namespace has the following output
ip netns exec blue ip -d link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
352: eth0.100#if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
promiscuity 0
vlan protocol 802.1Q id 100 <REORDER_HDR>
Notice that it is eth0.100#if2 now rather than #eth0, I'm not sure if this is relevant.
I bring up loopback, which is actually not in the guide I mentioned but I believe is required:
ip netns exec blue ip link set dev lo up
ip netns exec blue ip addr add dev eth0.100
ip netns exec blue ip link set eth0.100 up
ip netns exec blue ifconfig shows this now (slightly edited out)
eth0.100 Link encap:Ethernet
inet addr: Bcast: Mask:
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:5598 (5.5 KB)
from the parent namespace ifconfig shows
eth0 Link encap:Ethernet
inet addr: Bcast: Mask:
But then when I try to ping from the namespace, as per the guide;
ip netns exec blue ping -c 4
PING ( 56(84) bytes of data.
From icmp_seq=1 Destination Host Unreachable
It is always unreachable, the same if I try, which is ultimately what I want to get a connection to (it is the vboxnet on the host, which can be routed to from the eth0 in the vm, but I cannot even route to the eth0 from the namespace, even with the vlan interface added to the namespace).
thanks for any help I've been trying to do this for hours and I have pretty much exhausted every resource.

Why are UDP packets sent from default interface address instead of the address where the client packet is received?

For a long time I had troubles using several software (early versions of Teamspeak 3, netcat, openvpn) communicating using UDP protocol. Today I identified the problem.
The main goal for me was to use openvpn over udp which did not seem to work on my server which has multiple ip addresses (runs Ubuntu Server Kernel 3.2.0-35-generic).
Using following config:
# ifconfig -a
eth0 Link encap:Ethernet HWaddr 11:11:11:11:11:11
inet addr: Bcast: Mask:
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
up ip addr add dev eth0
down ip addr del dev eth0
up ip addr add dev eth0
down ip addr del dev eth0
up route add -net netmask gw eth0
# default route to access subnet
up route add -net netmask gw eth0
A simple tcpdump at the server reveals that udp packets (tested with netcat and openvpn) received at are replied from (client:
13:55:30.253472 IP > UDP, length 5
13:55:36.826658 IP > UDP, length 5
Is this problem due to wrong configuration of the network interface or the application itself (OpenVPN, netcat)?
Is it possible for the/an application to listen on multiple ip addresses and reply from the interface address where it received the packet on UDP like it's doing when using TCP.
I know that you can bind applications for specific ip but that would not be the way to go.
I cannot see that this behaviour is due to the UDP protocol itself, since the application is possible to determine at which interface address the packet was received.
Specifically, openvpn has the --multihome option for handling this scenario correctly.

signal strength adhoc mode ubuntu

Are there any possible ways to measure signal strength while two ubuntu machines are running in ad hoc mode. I have tried with iwspy command but it shows me error as follows.
root#dibya-notebook:~/Desktop# iwspy wlan0
wlan0 Interface doesn't support wireless statistic collection
root#dibya-notebook:~/Desktop# iwspy wlan0 wlan0 Interface doesn't support wireless
statistic collection
The above error is because your iwspy is not activated on your interface. If I remember correctly you can activate it specifying target IP address and NIC interface as,
sudo iwspy wlan0 <IP addr>
Also you can de-activate it by sudo iwspy wlan0 off.
