129c5 wireless AP and WPA-PSK - The FreeBSD Forums
The FreeBSD Forums  

Go Back   The FreeBSD Forums > Server & Networking > Networking
Reload this Page wireless AP and WPA-PSK
Register FAQ Calendar Search Today's Posts Mark Forums Read

Networking Network related discussions (including general TCP/IP stuff, routing, etc).

Reply
 
Thread Tools Display Modes
  #1  
Old November 25th, 2008, 20:48
bluetick's Avatar
bluetick bluetick is offline
Member
  
Join Date: Nov 2008
Posts: 110
Thanks: 2
Thanked 4 Times in 4 Posts
Default wireless AP and WPA-PSK
Wanting to add a wireless ap option. I like the idea of bridge mode, no extra subnet. But I want some form of encryption/security.

In bridge mode is it possible to run WPA-PSK on the ath0 interface?
I've set bridge mode up as this.
ifconfig -a
ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MU LTICAST> metric 0 mtu 1500
ether 00:40:96:a9:c7:54
media: IEEE 802.11 Wireless Ethernet DS/11Mbps <hostap> (DS/11Mbps <hostap>)
status: associated
ssid my_ap channel 1 (2412 Mhz 11g) bssid 00:40:96:a9:c7:54
authmode OPEN privacy OFF txpower 31.5 scanvalid 60 bgscan
bgscanintvl 300 bgscanidle 250 roamssi11g 7 roamate11g 5
protmode CTS burst dtimperiod 1
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MU LTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 000:18:3e:d2:4f
inet 10.10.1.10 netmask 0xffffff00 broadcast 10.10.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 9eb:04:4f0:28
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: rl0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

Starting dhcpd it errored on ath0, I guess no inet/ip setting caused this.
Starting hostapd, no errors, but the ath0 shows in open mode.

P.S. The happy faces came from somewhere other than me.
Reply With Quote
  #2  
Old November 25th, 2008, 22:37
bluetick's Avatar
bluetick bluetick is offline
Member
  
Join Date: Nov 2008
Posts: 110
Thanks: 2
Thanked 4 Times in 4 Posts
Default Update
Updating my own thread, After fixing "whitespace" errors in the hostapd.config. I get the following debug message.

mars# hostapd -d -K /etc/hostapd.conf
Configuration file: /etc/hostapd.conf
ctrl_interface_group=0 (from group name 'wheel')
bsd_set_iface_flags: dev_up=0
BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits)
ath0: IEEE 802.11 Fetching hardware channel/rate support not supported.
Flushing old station entries
bsd_sta_deauth: addr=ff:ff:ff:ff:ff:ff reason_code=3
Deauthenticate all stations
bsd_set_privacy: enabled=0
bsd_del_key: addr=00:00:00:00:00:00 key_idx=0
bsd_del_key: addr=00:00:00:00:00:00 key_idx=1
bsd_del_key: addr=00:00:00:00:00:00 key_idx=2
bsd_del_key: addr=00:00:00:00:00:00 key_idx=3
bsd_get_ssid: ssid="myap"
Using interface ath0 with hwaddr and ssid 'myap'
SSID - hexdump_ascii(len=7):
myap
PSK (ASCII passphrase) - hexdump_ascii(len=21):
passphrase
passphrase
PSK (from passphrase) - hexdump(len=32):
bsd_set_ieee8021x: enabled=1
bsd_configure_wpa: group key cipher=TKIP (1)
bsd_configure_wpa: pairwise key ciphers=0x2
bsd_configure_wpa: key management algorithms=0x2
bsd_configure_wpa: rsn capabilities=0x0
bsd_configure_wpa: enable WPA= 0x1
ioctl[SIOCS80211]: Invalid argument
ath0: DRIVER Error enabling WPA/802.1X!
IEEE 802.1X initialization failed.
ath0: Unable to setup interface.
Flushing old station entries
bsd_sta_deauth: addr=ff:ff:ff:ff:ff:ff reason_code=3
Deauthenticate all stations
rmdir[ctrl_interface]: No such file or directory
bsd_set_ieee8021x: enabled=0
bsd_set_iface_flags: dev_up=0
### end
mars# ifconfig ath0 list caps
ath0=6783ed4f<WEP,TKIP,AES,AES_CCM,FF,IBSS,HOSTAP, AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,TKIPMIC,WP A1,WPA2,BURST,WME,BGSCAN,TXFRAG>

Cisco wireless card
>pciconf -lv
ath0@pci0:2:11:0: class=0x020000 card=0xcc2114b9 chip=0x0013168c rev=0x01 hdr=0x00
vendor = 'Atheros Communications Inc.'
device = 'AR5212, AR5213 802.11a/b/g Wireless Adapter'
class = network
subclass = ethernet
Reply With Quote
  #3  
Old November 26th, 2008, 08:49
SirDice's Avatar
SirDice SirDice is offline
Moderator
  
Join Date: Nov 2008
Location: Rotterdam, Netherlands
Posts: 13,694
Thanks: 47
Thanked 2,021 Times in 1,860 Posts
Default
You don't need to enable 802.1x for WPA-PSK. Post your hostapd.conf. I had mine running for a long time.
Reply With Quote
  #4  
Old November 26th, 2008, 16:42
bluetick's Avatar
bluetick bluetick is offline
Member
  
Join Date: Nov 2008
Posts: 110
Thanks: 2
Thanked 4 Times in 4 Posts
Default
as requested hostapd.conf

interface=ath0
debug=4
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=myap
wpa=1
wpa_passphrase=my_passphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
Reply With Quote
  #5  
Old November 26th, 2008, 17:16
SirDice's Avatar
SirDice SirDice is offline
Moderator
  
Join Date: Nov 2008
Location: Rotterdam, Netherlands
Posts: 13,694
Thanks: 47
Thanked 2,021 Times in 1,860 Posts
Default
Is it already bridged?
You might want to first get it working as a separate network segment.
Reply With Quote
  #6  
Old November 29th, 2008, 07:19
Aic Aic is offline
Junior Member
  
Join Date: Nov 2008
Location: Rostov-na-Donu, Russia
Posts: 4
Thanks: 3
Thanked 0 Times in 0 Posts
Default
See
http://www.freebsd.org/doc/en_US.ISO...-wireless.html
and this #32.3.5.3.1 WPA-PSK
In my case (7.0 RELEASE) in /etc/rc.conf (without DHCP & bridge) is:

hostapd_enable="YES"
ifconfig_ath0="WPA inet <my_hostap_IP> netmask <my_mask> ssid freebsdap mode 11g mediaopt hostap"

It's work. Also you may use wpa_passphrase(8) and/or wpa_psk=64(hexd) in
hostapd.conf
Last edited by Aic; November 29th, 2008 at 07:35. Reason: addition
Reply With Quote
  #7  
Old December 5th, 2008, 16:54
bluetick's Avatar
bluetick bluetick is offline
Member
  
Join Date: Nov 2008
Posts: 110
Thanks: 2
Thanked 4 Times in 4 Posts
Default AP with WPA in Bridge Mode.
After searching and gathering bits from here and there. I have a working setup in bridge mode.
The only problem, on startup the kernel will not load the wlan_xauth, it must be hand loaded then start hostapd.
I have read about kernel panics with the wlan_xauth but have yet to have one.
YMMV

Kernel additions.
device wlan # 802.11 support
device wlan_wep # 802.11 WEP support
device wlan_ccmp # 802.11 CCMP support
device wlan_tkip # 802.11 TKIP support
device wlan_xauth # 802.11 WPA support
device wlan_acl_load # 802.11 support
device wlan_amrr # AMRR transmit rate control algorithm
device wlan_scan_ap # 802.11 AP mode scanning
device wlan_scan_sta # 802.11 STA mode scanning
device ath # Atheros pci/cardbus NIC's
device ath_hal # Atheros HAL (Hardware Access Layer)
device ath_rate_sample # SampleRate tx rate control for ath

rc.conf
ifconfig_rl0="inet 10.10.1.10 netmask 255.255.255.0"
hostapd_enable="YES"
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-m"
ifconfig_ath0="up ssid myap mode 11g mediaopt hostap"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm ath0 addm rl0 up"

sysctl.conf
net.inet.ip.check_interface=1

hostapd.conf
interface=ath0
debug=4
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=myap
wpa=1
wpa_passphrase=(pass)
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP

ifconfig -a
ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MU LTICAST> metric 0 mtu 2290
ether 00:40:96:a9:c7:54
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: associated
ssid myap channel 1 (2412 Mhz 11g) bssid 00:40:96:a9:c7:54
authmode WPA privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit
txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250
roam:rssi11g 7 roam:rate11g 5 protmode CTS burst dtimperiod 1
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MU LTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:e0:18:3e:d2:4f
inet 10.10.1.10 netmask 0xffffff00 broadcast 10.10.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether ce:15:dd:9b:7f:f8
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: rl0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
Reply With Quote
  #8  
Old December 5th, 2008, 17:07
richardpl richardpl is offline
Member
  
Join Date: Nov 2008
Location: Croatia
Posts: 841
Thanks: 6
Thanked 68 Times in 67 Posts
Default
Quote:
Originally Posted by bluetick View Post
The only problem, on startup the kernel will not load the wlan_xauth, it must be hand loaded then start hostapd.
Adding:
Quote:
Originally Posted by loader.conf
wlan_xauth_load="YES"
doesn't work?
Reply With Quote
  #9  
Old December 5th, 2008, 17:51
bluetick's Avatar
bluetick bluetick is offline
Member
  
Join Date: Nov 2008
Posts: 110
Thanks: 2
Thanked 4 Times in 4 Posts
Default
I have wlan_xauth compiled in the kernel.
FreeBSD 7.0-RELEASE-p5
dmesg error
ieee80211_load_module: load the wlan_xauth module by hand for now.

I'll reboot it tonight to test the loader.conf.
Reply With Quote
  #10  
Old December 5th, 2008, 18:11
richardpl richardpl is offline
Member
  
Join Date: Nov 2008
Location: Croatia
Posts: 841
Thanks: 6
Thanked 68 Times in 67 Posts
Default
There is no need to modify loader.conf if wlan_xauth is part of kernel.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Broadcom Wireless chips support SaveTheRbtz System Hardware 41 October 25th, 2010 14:37
punt or go for it? Belkin F5D7050 v. 5000 wireless kayvey Mobile Computing 1 November 21st, 2008 23:23


All times are GMT +1. The time now is 20:36.

Contact Us - FreeBSD - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
The mark FreeBSD is a registered trademark of The FreeBSD Foundation and is used by The FreeBSD Project with the permission of The FreeBSD Foundation.
Web protection and acceleration provided by CloudFlare
0