Monthly Archives: January 2010

WiFi configuration in FreeBSD (including WPA/WPA2)

Ok, once you have your drivers installed for your WiFi in FreeBSD, you’re ready to setup your WiFi.  I’m using an NDIS driver (see my post on Project Evil for more info) – so my wireless device is called ndis0.

I’m going to assume that you are using WPA/WPA2 and DHCP (the most common setup for WiFi) in this document.

To configure your wireless interface, add the following lines into /etc/rc.conf:

ifconfig_wlan0=”WPA DHCP”

Now we need to configure the WPA/WPA2 settings.  I will assume we have 2 wireless networks for this – “wifi1” and “wifi2” which have the WPA/WPA2 keys of “one” and “two” respectively.  We will prefer to connect to “wifi1” when possible.

To setup WPA/WPA, edit (or create) the file /etc/wpa_supplicant.conf and add the following:



Next time you restart your computer, you will have a ‘wlan0’ interface which will attempt to connect to the listed networks (in order of priority).  You can confirm it is associated with ifconfig wlan0 – in my case, i get:

wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether xx:xx:xx:xx:xx:xx
inet netmask 0xffffff00 broadcast
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
status: associated
ssid wlan1 channel 7 (2442 Mhz 11g) bssid yy:yy:yy:yy:yy:yy
country US authmode WPA2/802.11i privacy OFF txpower 0 bmiss 7
mcastrate 0.5 mgmtrate 0.5 scanvalid 60 protmode CTS roaming MANUAL
bintval 0

Now, although it says “11g”, it actually achieves 802.11n speeds so you can ignore this.

NDIS WiFi Drivers in FreeBSD (Project Evil)

Sooo… if you have a WiFi card that doesn’t have native FreeBSD drivers, you might be able to use ‘Project Evil’ to wrap around the Windows driver for the card.  I had to do this on my new netbook…

First, you should install libiconv if you haven’t already.  The easiest way is to do:

pkg_add -r libiconv

Next, you need to obtain the Windows driver for the network card (I find that windows 2000 drivers are generally the most reliable).  You need the .INF and .SYS files from the driver package.  Place these somewhere on your FreeBSD computer (I put mine into /drv/)

Now we need to convert them into an NDIS kernel module…  In my case, the files are called net8192se.inf and rtl8192se.sys (RealTek 8191SE 802.11n wireless).  To convert them, type (as root):

ndisgen /drv/net8192se.inf /drv/rtl8192se.sys

Press enter until you’re returned to the command prompt, and you will now see a .ko file with the kernel module in.  This is named after the .sys file – so in my case, it is called rtl8192se_sys.ko.  Copy this file to the /boot/modules/ folder like so:

mv rtl8192se_sys.ko /boot/modules/

and you can activate it by adding the following line to /boot/loader.conf:


You can also load the driver without rebooting by typing:

kldload rtl8192se_sys

This will give you some output to the console – e.g. on my netbook:

ndis0: <Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC> port 0x3000-0x30ff mem 0xfa000000-0xfa003fff irq 17 at device 0.0 on pci3
ndis0: [ITHREAD]
ndis0: NDIS API version: 5.1

If you get this far, you should be ready to go.  Check my other posts for how to configure WiFi in FreeBSD.

Encrypted swap space

This will enable you to use a memory-based one-time encryption key for your swap space.

First, you need to enable the geom_eli kernel module… to do this, add the following line to your /boot/loader.conf file:


Now, to enable the encrypted swap space, edit your /etc/rc.conf file, and add:

geli_swap_flags=”-e AES -l 128 -s 4096 -d”

And finally, add .eli to the device name in your /etc/fstab file for the line marked “swap”.  For example:

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/da0s1b.eli         none            swap    sw              0       0

Next time you reboot, your swap space will be encrypted with AES 128-bit encryption using a one-time key stored in memory.