"Absolute OpenBSD" courtesy of varmaden.

Introduction

If you’ve just started on OpenBSD, you’ll find that connecting to WiFi makes the Archlinux iso look like a walk in the park. In this guide, we’ll go through increasingly complex ways to connect to your network.

Drivers

The first thing you need are drivers for your WiFi card. Likely a wired connection will work (see below), if you still need to install these.

Check if you have them by identifying your WiFi interface’s name with ifconfig (likely iwm0), then:

$ dmesg | grep iwm
iwm0 at pci2 dev 0 function 0 "Intel AC 8260" rev 0x3a, msi
iwm0: could not read firmware iwm-8000C-36 (error 2)
iwm0: failed to load init firmware

If this is the case, run fw_update and reboot.

fw_update: add intel,inteldrm,iwm,uvideo,vmm; update none

Connecting to Networks

Wired Manual Connection

First we should identify the interface Expect the ethernet port to be called em0. enc0 is actually something for pf, not the real interface.

ifconfig
route show -inet

Set your IP, subnet, and gateway manually as follows:

ifconfig em0 inet 10.42.43.161/24
route add default 10.42.43.1

Wired DHCP Connections

Instead of setting the IP manually, you can manually enable DHCP on the interface:

ifconfig em0 inet autoconf
ifconfig em0 dhcp  # Pretty sure this is an alias

Wireless WPA Manual

First, let’s scan for networks:

ifconfig iwm0 scan

You should see your (home) WiFi network in that list. You can now connect using a password:

ifconfig iwm0 join "<ssid>" wpakey "<password>"
ifconfig iwm0 inet autoconf  # For dhcp. For manual, follow the wired section.

Wireless WPA Automatic

Make a file called /etc/hostname.iwm0, replacing iwm0 if needed, and put in:

join "<ssid>" wpakey "<password>"
join "<ssid2>" wpakey "<password2another_wifi>"
inet autoconf

You can reboot or run sh /etc/netstart. You MUST use sh (which is actually ksh on openbsd), don’t try bash!

Wireless WPA-EAP

If you need to connect on a university network with something strong like eduroam, they’ll be using PEAP authentication. For this, install the wpa_supplicant package. You probably don’t need the openssl one, unless your network is super old and insecure, the base version uses libressl.

Associating Manually

Enterprise networks often have multiple access points with the same ssid. We will need to find the strongest one by scanning and looking for the access point with the highest xx% (strongest signal). The scan results are sorted in order of strongest signal, so you just need to look at the first few results

ifconfig iwm0 scan | grep eduroam | head

Once you choose an access point, take note of the nwid (~=ssid), chan, and bssid. Associate with the access point:

ifconfig iwm0 nwid "<nwid>" chan <chan> bssid "<mac-bssid>" wpa wpaakms 802.1x up
 
# For example:
ifconfig iwm0 nwid eduroam chan1 xx:xx:xx:xx:xx:xx wpa wpaakms 802.1x up

Performing Authentication

In /etc/wpa_supplicant.conf put something like:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
# ap_scan must be 0 on openbsd! 1 is not supported by the kernel.
ap_scan=0

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP IEEE8021X
    eap=PEAP
    identity="<username>"
    password="<password>"
    phase2="auth=MSCHAPV2"
    anonymous_identity="anonymous"
}
# In my case for eduroam, my username is my entire university email, like
# user@uni.com. This is different from my university's internal network which
# would use just "user"

# You can add more networks too!

You can manually start authentication using:

wpa_supplicant -i iwn0 -c /etc/wpa_supplicant.conf

Associating and Authenticating Automatically

The only additional step for auto-joining is adding the network to your /etc/hostname.iwm0:

join "<ssid>" wpakey "<password>"
join "eduroam" wpa wpaakms 802.1x
inet autoconf

And start wpa_supplicant on boot:

rcctl enable wpa_supplicant
rcctl get wpa_supplicant flags  # To check what it's actually running
reboot

Resources

This largely follows the openbsd fqa. For wpa_supplicant quirks, I looked at the README in the ports tree, available online here. For connecting to eduroam, I followed the increasingly adequate blog.