Difference between revisions of "Access Point"

From LinuxMCE
Jump to: navigation, search
m
m (Security/Encryption)
Line 104: Line 104:
 
== Security/Encryption ==
 
== Security/Encryption ==
 
All security/encryption related settings are in /etc/hostapd/hostapd.conf.  Edit this file as needed.
 
All security/encryption related settings are in /etc/hostapd/hostapd.conf.  Edit this file as needed.
 +
A good starting point for a wpa & wpa2 enabled access point is:
 +
 +
macaddr_acl=0
 +
auth_algs=1
 +
ignore_broadcast_ssid=0
 +
wpa=3
 +
wpa_passphrase=YourPassPhrase
 +
wpa_key_mgmt=WPA-PSK
 +
wpa_pairwise=TKIP
 +
rsn_pairwise=CCMP
 +
 +
(from: http://linuxwireless.org/en/users/Documentation/hostapd#Authentication_and_Encryption )
  
 
== Restart Networking ==
 
== Restart Networking ==

Revision as of 17:37, 12 April 2011

Version Status Date Updated Updated By
710 Unknown N/A N/A
810 relevant 20th Sept 2010 phenigma
1004 Unknown N/A N/A
1204 Unknown N/A N/A
1404 Unknown N/A N/A
Usage Information

Introduction

This tutorial describes how to add Access Point functionality to your LinuxMCE Core/Hybrid. The Core/Hybrid will then act as a WiFi access point permitting wireless devices to connect to the core, the internal network and the Internet. The drivers you choose will depend on your specific hardware. Setting up an Access Point on your core allows you to use wireless orbiters such as the WebDT 366 or Nokia N800/N900 without installing a separate wireless access point on your network.

Using nl80211 drivers (from back-ports)

Hardware

A lot of modern hardware works. Look up your device at http://wireless.kernel.org/en/users/Devices to determine which driver your card uses. The driver needs to support AP, you can check that the driver has this support at http://wireless.kernel.org/en/users/Drivers/. If the driver does not have AP support then you will not be able to operate the card as an Access Point.

Two Wireless-N adaptors that are known to work:

  • Atheros Communications Inc. AR928X Wireless Network Adaptor (PCI-Express) (rev 01)
    • This was pre-installed on a Zotac IONITX-A-U Atom N330 1.6 Ghz
    • Uses the ath9k driver
  • Atheros AR9280 MAC/BB Rev:2 AR5133 RF Rev:d0
    • This is a D-Link DWA-522 Extreme N PCI Adaptor
    • Uses the ath9k driver
  • LinuxMCE 0810 BETA - Snapshot DVD 25289

Overview

  • -> eth0 connects to internal network LMCE
  • -> eth1 connects to the internet
  • -> wlan0 is the wireless card

Required packages

Add the intrepid-backports repository

Adding the intrepid-backports repo gives us access to newer wireless drivers.

$ echo 'deb http://archive.ubuntu.com/ubuntu intrepid-backports main universe' | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update

Install required packages

Install compat-wireless drivers including the mac80211/cfg80211 modules and the network bridge utilities.

$ sudo apt-get install linux-backports-modules-intrepid bridge-utils

Download, build and install hostapd

The hostapd package that ships with intrepid (0.5.10) is outdated, newer functionality is required. Grab the most recent version that works with the compat-wireless drivers that we installed. 0.6.10 is the newest in the 0.6.x tree but it has a bug that causes it to fail with some cards, use 0.6.9.

Install build dependencies for hostapd

$ sudo apt-get install libnl-dev libssl-dev

Get hostapd 0.6.9

$ wget http://w1.fi/releases/hostapd-0.6.9.tar.gz
$ tar xvf hostapd-0.6.9.tar.gz
$ cd hostapd-0.6.9/hostapd
$ cp defconfig ./.config

Edit the .config file to enable the proper drivers:

  • Enable nl80211 driver
CONFIG_DRIVER_NL80211=y
  • Enable IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y

Build and Install hostapd

$ make
$ sudo make install

Copy the config file to /etc/hostapd

$ sudo mkdir -p /etc/hostapd
$ sudo cp hostapd.conf /etc/hostapd

Config Files

/etc/network/interfaces

Make a backup of your original interfaces file:

$ sudo mv /etc/network/interfaces /etc/network/interfaces.bak

The interfaces file shown here is based on the setup described in the overview above.

auto lo eth1 br0 eth0
# Loopback Interface
iface lo inet loopback
# Internet Interface
iface eth1 inet dhcp
# LAN Interface
iface eth0 inet manual
	up /sbin/ifconfig eth0 up
	down /sbin/ifconfig eth0 down
# Wireless Interface
iface wlan0 inet manual
# Wireless/LAN Bridge
iface br0 inet static
	address 192.168.80.1
	network 192.168.80.0
	netmask 255.255.255.0
	broadcast 192.168.80.255
	pre-up /usr/sbin/brctl addbr br0
	pre-up /usr/sbin/brctl addif br0 eth0
	pre-up /usr/local/bin/hostapd -B /etc/hostapd/hostapd.conf
	pre-up /usr/sbin/brctl addif br0 wlan0
	up /sbin/ifconfig br0 up
	post-down /usr/sbin/brctl delif br0 eth0
	post-down /usr/sbin/brctl delif br0 wlan0
	post-down /usr/sbin/brctl delbr br0

/etc/hostapd/hostapd.conf

Edit /etc/hostapd/hostapd.conf and verify/change the following:

interface=wlan0
driver=nl80211
ssid=yourssidhere
hw_mode=g
ieee80211n=1

/etc/default/dhcp3-server

Configure the dhcp server to respond to request from devices on the bridge instead of the wired connection alone.

$ echo 'INTERFACES="br0"' | sudo tee /etc/default/dhcp3-server

Security/Encryption

All security/encryption related settings are in /etc/hostapd/hostapd.conf. Edit this file as needed. A good starting point for a wpa & wpa2 enabled access point is:

macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=YourPassPhrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

(from: http://linuxwireless.org/en/users/Documentation/hostapd#Authentication_and_Encryption )

Restart Networking

Restart the networking engine, or reboot.

$ sudo service networking restart

Using madwifi drivers

WORK IN PROGRESS

Hardware setup

  • Dell Optiplex Gx620
  • WiFi card with Atheros chipset (using madwifi drivers)
  • Linux MCE 810 alpha2

If you install LMCE from scratch make sure that your wifi card is NOT inserted prior to installation so that LMCE doesn't use it as the internal network interface. After LCME installation has finished, insert the wifi card.

Overview

the idea is to combine or bridge eth1 and ath0 to a new virtual interface called br0.

  • -> eth0 connects to my ADSL modem (192.168.1.0)
  • -> eth1 connects to my internal LAN switch (192.168.80.0)
  • -> ath0 connects the wireless part of my internal network (192.168.80.0)

Needed packages

  • hostapd
  • bridge


Config files

/etc/network/interfaces

We'll make a copy of /etc/network/interfaces in case something goes wrong before we edit it.

mv /etc/network/interfaces /etc/network/interfaces.bck
joe /etc/network/interfaces
auto lo eth0 eth1 br0

automatically initialise eth0 (external interface) eth1 (internal LAN) and br0 (our bridge interface). Keep ath0 out of this for now, we'll initialise it separately.

iface lo inet loopback
# Internet Interface
iface eth0 inet static
       address 192.168.1.2
       netmask 255.255.255.0
       gateway 192.168.1.1
       dns-nameservers 192.168.1.1

Fill in your own settings here, in my case 192.168.1.1 is the ADSL modem. Alternatively you can use dhcp to get the adress details from your ADSL modem.

# LAN interface
iface eth1 inet manual
  up /sbin/ifconfig eth0 up
  down /sbin/ifconfig eth0 down

The internal interface, note that it doesn't get an adress assigned.

# Wireless interface
auto ath0
iface ath0 inet manual
  up /sbin/ifconfig ath0 up

The wireless interface, again no adress details here.

iface br0 inet static
   address 192.168.80.1
   network 192.168.80.0
   netmask 255.255.255.0
   broadcast 192.168.80.255
   pre-up /usr/sbin/brctl addbr br0
   pre-up /usr/sbin/brctl addif br0 eth1

The fun part. Finally we assign the adress for the internal LAN to the bridge interace br0 (I'm sticking here with the standard LMCE network 80.0). The pre-up will create a bridge and add the eth1 interface to it.

   pre-up /sbin/wlanconfig ath0 destroy
   pre-up /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode ap
   pre-up /sbin/iwconfig ath0 channel 3

This part is necessary as the atheros interface has some issues to switch ino access point mode (master mode)

   pre-up /usr/sbin/brctl addif br0 ath0

After firing up the wireless interface we add it to the bridge as well.

   post-down /usr/sbin/brctl delif br0 eth1
   post-down /usr/sbin/brctl delif br0 ath0
   post-down /usr/sbin/brctl delbr br0

Just some lines to define how to cleanly shut down the bridge: remove both interfaces and then remove the bridge interace itself


We need to set the bridge (which contains eth1 and ath0) as the new interface for the dhcpd server. Edit /etc/default/dhcp.conf as followed:

   INTERFACES="br0"

/etc/default/dhcpd3/dhcpd.conf

wireless configuration

We'll use hostapd to manage the wireless part as it provides WPA encryption. I suggest that you first try to setup your network without encryption, make sure it works and then enable encryption.

Enable WPA encryption

  • edit the /etc/hostapd

Set static IP adresses

It is possible to set static ip adresses manually instead of using LMCE.