Heh, no, not really. It’d be nice though, the iPhone’s not that good.
So I’ve finally go around to playing with wireless on the server at home, and there doesn’t seem to be much info on the web relating to NetBSD and wireless APs, especially using WPA.
(What? Not even an introduction? Your first post and you’re going to just jump right in?)
Firstly, I’d rather avoid wireless, it’s just to… well… wirelessy… I’d rather I knew who had access to my network (especially as I live in Student Central!) and wireless is kind of easy to packet sniff. (STOP SMELLING MY DATA!) But the prolieration of small and handy wifi enabled things (and mythtv frontend on a laptop with wireless) means I couldn’t resist it anymore. :)
Thing is, I use NetBSD on my home server, (don’t ask, it’s been a long time, and I’m kind of used to it now, and it does tend to just work. :) ) and there doesn’t seem to be a lot of info on setting up an access point configured for WPA (or to put it another way, I was trying to get hostapd to compile before I found ‘man hostapd’, which has been there since 4.0) so without further ado…
Configuring a WEP AP is easy, so long as your wireless card driver supports all the necessary thingymbobs (like access point mode), I use an Edermax PCI wireless 11b/g card, based on an RALink chipset, which means I’m using the ral(4) driver.
To set up the interface in WEP ap mode is simply a matter of issuing the following ifconfig command (where ‘ral0’ is the interface I’m configuring):
ifconfig ral0 192.168.45.254 netmask 0xffffff00 nwid mynet nwkey 1234567899abc mediaopt hostap mode 11g
This sets the interface into 11g mode, with an IP address of 192.168.45.254/255.255.255.0, with the ssid of ‘mynet’ and the WEP key of 1234567890abc
Once this is issued you should be able to view the network and connect, using the above passphrase.
If this works, you should add the following to /etc/ifconfig.ral0 (renamed for your interface as apropriate):
192.168.45.254 netmask 0xffffff00 nwid mynet nwkey 1234567899abc mediaopt hostap mode 11g
This will ensure the interface is configured on boot.
The next task is to set up dhcpd to assign an IP address to the wireless devices, I use dhcpd on my wired network (wm0), it was an easy task to extend this to the wireless subnet, add something like the following to /etc/rc.conf
dhcpd=YES dhcpd_flags="wm0 ral0"
This configures dhcpd to listen on wm0 (my internal wired interface) and ral0, my wireless interface.
A lot of people will want to bridge these two interfaces, I’m not going into that here though, as I prefer to keep my wireless network seperate, however, if you did you would use the bridge interface in the dhcpd_flags setting.
You also need to tell dhcpd the addresses you would like to assign, so add the following (or something like it) to /etc/dhcpd.conf
subnet 192.168.45.0 netmask 255.255.255.0 {
range 192.168.45.100 192.168.45.110;
option domain-name-servers 192.168.45.254;
option domain-name "myhost.example.com";
option routers 192.168.45.254;
}
This configures any wireless clients with an IP in the range 192.168.45.100-110 and assignes a nameserver and a gateway of my server.
You will need to restart dhcpd for these changes to take effect.
/etc/rc.d/dhcpd restart
Once I’d actually found out how to do it WPA using a preshared passphrase turned out to be suprisingly easy to set up.
To use WPA you have to run the hostapd daemon program. This handles all the fancy encryption goodness needed by WPA and it’s other forms.
The hostapd daemon is very versatile and supports many different authentication schemes, the man page is a good place to start if you like reading acronyms.
Anywhoo, for simple WPA, with a shared passphrase, you simply need to enable hostapd in /etc/rc.conf (hostapd=YES), and create /etc/hostapd.conf. A basic example is shown below, this enables WPA using a shared passphrase…
interface=ral0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=mynet
macaddr_acl=0
auth_algs=1
#use 1 for WPA, 2 for WPA2 and 3 for both
wpa=1
wpa_passphrase=SuperSecret12
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
The interface parameter, the ssid and wpa_passphrase should be changed for your requirements, and also note the macaddr_acl=0, you can filter clients based on their MAC addresses for extra security, see the man pages for hostapd and hostapd.conf for more information.
Note: To get my XP laptop (intel 2100 11b network card) to connect I had to ensure the passphrase was exactly 13 chars long, windows refused to accept anything else. (My phone however had no problem, annoying.)
Now you just need to:
/etc/rc.d/hostapd start
and you should be away.
Oh… and today I ate some curry… is that bloggy enough for you. :)
