Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a Wireless Access Point
Advanced Topics - Setting Up a Wireless Access Point | ||
---|---|---|
Prev | Bering-uClibc 4.x - User Guide | Next |
Contents
- 1 Setting up a wireless access point with WPA/WPA2
Setting up a wireless access point with WPA/WPA2
Objectives
We assume here that you want to create a wireless access point secured by WPA/WPA2. Instructions for using WEP will not be given.
For now, this only includes instructions for pci-cards supported by the hostap and kernel drivers (I use an Atheros WLAN NIC, supported by the ath5k driver). Feedback is welcome about what it takes to make other cards (other chipsets as well as PC-Card and USB models) to work.
Declare the packages
To build a wireless access point one needs the hostapd package hostapd.lrp and its dependencies libssl.lrp, libcrpto.lrp, libnl.lrp and libm.lrp.
The packages have to reside on your storage media and added to leaf.cfg
.
Check Basic Configuration - LEAF Packages to learn how to do that.
Declare the required modules
In order to build a wireless access point, you will first have to get the hardware to work, which means adding the proper modules and loading them in the right order, and then adding the configuration for hostapd.
Setup for cards supported by the ath5k driver
Adding the required modules
For setting up an AP with a pci card supported by the ath5k driver, you will need the following modules from the modules tarball available from the Bering-uClibc download area or:
2.x.y.x/kernel/crypto/arc4.ko 2.x.y.x/kernel/crypto/ecb.ko 2.x.y.x/kernel/net/mac80211/mac80211.ko 2.x.y.x/kernel/net/wireless/cfg80211.ko 2.x.y.x/kernel/net/rfkill/rfkill.ko 2.x.y.x/kernel/drivers/leds/led-class.ko 2.x.y.x/kernel/drivers/net/wireless/ath/ath.ko 2.x.y.x/kernel/drivers/net/wireless/ath/ath5k/ath5k.ko
Copy those files to /lib/modules/ on your Bering-uClibc installation and add the following to your /etc/modules file:
# wlan modules (example for ath5k) arc4 ecb mac80211 cfg80211 rfkill led-class ath ath5k
At this point, it's probably a good idea to save both the configuration and the modules (from the lrcfg menu). And reboot your router. During the
reboot (or afterwards, looking at the output of dmesg) you should see something like:
cfg80211: Calling CRDA to update world regulatory domain ath5k 0000:00:0c.0: registered as 'phy0' ath: EEPROM regdomain: 0x0 ath: EEPROM indicates default country code should be used ath: doing EEPROM country->regdmn map search ath: country maps to regdmn code: 0x3a ath: Country alpha2 being used: US ath: Regpair used: 0x3a phy0: Selected rate control algorithm 'minstrel' ath5k phy0: Atheros AR2413 chip found (MAC: 0x78, PHY: 0x45) cfg80211: Calling CRDA for country: US
Configuration
Declaring the interface in /etc/network/interfaces
Setup in /etc/network/interfaces is minimal, since all of the wlan specific settings will be done in the hostapd configuration. You will only need to declare the proper interface and IP address (since these instructions are for creating an access point, a static IP is assumed). Add the following to /etc/network/interfaces
auto wlan0 iface wlan0 inet static address 192.168.11.254 netmask 255.255.255.0 broadcast 192.168.11.255 wireless-channel 6
Replace the IP address and netmask with whatever you prefer, if you want to use a different net.
Configuring hostapd
First of all, open /etc/default/hostapd and uncomment the line
#RUN_DAEMON='yes'
If you forget to do that, hostapd will not start. Next, open /etc/hostapd/hostapd.conf and enter the following information:
interface=wlan0 driver=nl80211 logger_syslog=-1 logger_syslog_level=1 logger_stdout=-1 logger_stdout_level=2 debug=0 ctrl_interface=/var/run/hostapd hw_mode=g channel 6 #(should be the same as in /etc/network/interfaces) macaddr_acl=0 auth_algs=3 ignore_broadcast_ssid=0 wme_enabled=0 wpa=3 wpa_psk=your_strong_preshared_key wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP eap_server=0 eapol_key_index_workaround=0
The comments in that config file are actually very helpful, so you'll want to change the individual settings, rather than replacing the file with the content above. See this site for a nice tool to generate strong preshared keys. Use the string from the first box labeled "64 random hexadecimal characters (0-9 and A-F):" for wpa_psk.
Configuring shorewall
Add
wlan wlan0 detect dhcp
to /etc/shorewall/interfaces.
Add
wlan ipv4
to /etc/shorewall/zones.
Update /etc/shorewall/policy and/or /etc/shorewall/rules and/or /etc/shorewall/masq to allow traffic to/from wireless network
Configuring dnsmasq
Add
interface=wlan0
to /etc/dnsmasq.conf (unless you have dnsmasq listening on all devices anyway). Add an address range to serve by DHCP to /etc/dnsmasq.conf, something like:
dhcp-range=192.168.253.2,192.168.253.19,12h
Finishing up
Save the configuration and reboot - you should now have a working access point.
The WPA key you generated above and put into /etc/hostapd/hostapd.conf
needs to be entered on each client that connects to the AP - so you might want to put it onto a USB stick or something like that.
But since that key is the only thing that is keeping others from logging onto your net, you should still keep it in a safe place.
Considerations if using hostapd with IPv6 on managed interfaces
If you want to use managed IPv6 interfaces on your WLAN (e.g. if the LEAF Bering-uClibc router is used for router advertisement for the IPv6 network) you'll see the known problem, that hostapd destroys the IPv6 configuration (see hostapd destroys IPv6 configuration on managed interface).
A workaround is to disable autostart of hostapd via init script and to start it from /etc/network/interfaces
instead.
To disable autostart from init edit /etc/init.d/hostapd
and uncomment the lines 28 and 29:
# start-stop-daemon --start --oknodo --quiet \ # --exec $DAEMON --pidfile $PIDFILE -- $DAEMON_OPTS > /dev/null
To start hostapd from /etc/network/interfaces
add the following line to the wireless configuration:
up /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
So it may look like below:
auto wlan0 iface wlan0 inet static address 192.168.11.254 netmask 255.255.255.0 broadcast 192.168.11.255 wireless-channel 8 up /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
Prev | Up | Next |