Client infrastructure mode

Digi Embedded Yocto uses the NetworkManager software package to manage any kind of Wi-Fi configuration on a Wi-Fi network. When the Wi-Fi interface is brought up NetworkManager will read the /etc/NetworkManager/system-connections/nm-wlan0 configuration file and will apply the corresponding actions for the Wi-Fi interface. The NetworkManager configuration is kept in /etc/NetworkManager/NetworkManager.conf, and the interface configuration is kept at /etc/NetworkManager/system-connections

By default Digi Embedded Yocto configures NetworkManager to use the Wi-Fi interface in client infrastructure mode without open authentication, no encryption and no SSID. In this mode NetworkManager will not connect to any access point (AP).

Digi Embedded Yocto provides a default nm-wlan0 file which is part of the networkmanager package. This file can be customized and overridden on a custom Yocto layer or during system run time.

Configuring the NetworkManager

The nmcli is a command line tool which allows the user to interact with NetworkManager. You can use the nmcli tool to establish a manual connection for different authentication and encryption configurations.

To show information on the command line tool parameters, call nmcli without a parameter. 

You can use nmcli's edit or modify sub-commands to do any configuration or else change the configuration file itself and then restart the interface to use the new setup. The following examples show different configurations of the Wi-Fi interface using either the configuration file or the command line interface.

Open authentication and no encryption

Via configuration file

[connection]
...
 
[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=
 
[ipv4]
dns-search=
method=auto
...

Via command line interface

~# nmcli con edit wlan0
 
===| nmcli interactive connection editor |===
 
Editing existing '802-11-wireless' connection: 'wlan0'
 
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
~# nmcli dev disconnect wlan0
~# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP. 

WPA2-PSK authentication with AES-CCMP encryption

Via configuration file

[connection]
...
 
[wifi]
ssid=<AP_name>
mac-address-blacklist=
seen-bssids=
 
[wifi-security]
key-mgmt=wpa-psk
group=
pairwise=
proto=
psk=<AP_passphrase>
...

Via command line interface

~# nmcli con edit wlan0
 
===| nmcli interactive connection editor |===
 
Editing existing '802-11-wireless' connection: 'wlan0'
 
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6
nmcli> set wifi.ssid <AP_name>
nmcli> set wifi-sec.key-mgmt wpa-psk
nmcli> set wifi-sec.psk <AP_passphrase>
nmcli> remove wifi-sec.group
nmcli> remove wifi-sec.proto
nmcli> remove wifi-sec.pairwise
nmcli> save
nmcli> quit

In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.

~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0
~# nmcli dev disconnect wlan0
~# nmcli dev connect wlan0

The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.

By keeping the proto and the pairwise parameters empty, NetworkManager is able to resolve the authentication and encryption combination used by the access point. This way, you can use the same configuration to connect to an access point with any of the following encryption combinations:

  • WPA-PSK authentication with TKIP encryption

  • WPA-PSK authentication with CCMP/AES encryption

  • WPA2-PSK authentication with TKIP encryption

Fast roaming (802.11r)

Roaming in the context of 802.11 Wi-Fi networks occurs when a client with an established association to an access point (AP) migrates the connection within the same Extended Service Set (ESS) to another AP within an area of overlapping coverage. The fast roaming (802.11r) standard introduces a fast transition mechanism which performs the handshake with the new access point before the roaming starts, allowing the client and AP to perform the Pairwise Transient Key (PTK) calculation in advance. This allows fast transitions without reauthentication, and reduces handshaking overheads while providing security and quality of service.

The Wi-Fi chip on the ConnectCore 6UL supports the fast roaming standard. To use it, you need a group of access points that support the 802.11r mechanisms for fast roaming. You also need to configure them as a mobility domain so they can exchange client station details and perform client pre-authentication prior to the roam.

Since the 802.11r protocol is not yet implemented in NetworkManager, you must use wpa_supplicant to manage connectivity with fast roaming networks. To do so, build images enabling 802.11r support for wpa_supplicant by uncommenting the following setting in the defconfig file:

ConnectCore 6UL SBC Pro wpa_supplicant configuration file
--- a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
+++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
@@ -429,7 +429,7 @@ CONFIG_CTRL_IFACE_DBUS_NEW=y
 #CONFIG_DYNAMIC_EAP_METHODS=y

 # IEEE Std 802.11r-2008 (Fast BSS Transition)
-#CONFIG_IEEE80211R=y
+CONFIG_IEEE80211R=y

Once you have support for 802.11r in your images, boot your device and add the wireless interface to the unmanaged interfaces by NetworkManager.

/etc/NetworkManager/NetworkManager.conf
[keyfile]
unmanaged-devices=interface-name:p2p*;interface-name:wlan*

[...]

Configure the wireless interface in the ifupdown service to enable it automatically on boot:

/etc/network/interfaces
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet dhcp
        wpa-driver nl80211
        wpa-conf /etc/wpa_supplicant.conf

[...]

To connect with a fast roaming network, you must specify the FT-PSK network setting in the /etc/wpa_supplicant.conf file:

/etc/wpa_supplicant.conf
[...]

 network={
        scan_ssid=1
        ssid="myFastRoamingSSID"
        # Fast BSS Transition (IEEE 802.11r) with pre-shared key
        key_mgmt=FT-PSK
        psk="password"
 }

After these configuration steps, you can manage your wireless interface with the wpa_cli daemon and verify the connectivity status:

~# wpa_cli status
Selected interface 'wlan0'
bssid=xx:xx:xx:xx:xx:xx
freq=5180
ssid=myFastRoamingSSID
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=FT-PSK
wpa_state=COMPLETED
[...]
~#

You can customize the transition between the different access points that compound the Wi-Fi infrastructure by tweaking the transition threshold values. These threshold values are saved in the configuration file /lib/firmware/wlan/qcom_cfg.ini:

  • gNeighborLookupThreshold: When the signal of the current Wi-Fi connection is weaker than this dBm value, the Wi-Fi chip performs a background scan to see if there are access points with a better signal.

  • gNeighborReassocThreshold: When the signal of the current Wi-Fi connection is weaker than this dBm value and there is another access point with a better signal, the Wi-Fi chip connects to that alternate access point.

The dBm values in the config files are represented without sign.
gNeighborLookupThreshold=66
gNeighborReassocThreshold=71