*NIX

May 10, 2007, 9:59 a.m.
posted by whitehat

Networking with Linux-WLAN



Networking with Linux-WLAN

Linux-WLAN is one of the original wireless LAN products developed for Linux. It is generally more difficult to install than Wireless Tools and has fewer troubleshooting tools, but it does have wide ranging hardware support, making it a desirable alternative based on the NIC card you have available. You'll notice that Linux-WLAN uses the term SSID instead of ESSID in its configuration files.

Linux-WLAN Preparation

Here are some pointers you'll need to remember prior to using the Linux-WLAN product:

  • All devices on a wireless network must use the same Network Identifier or SSID to communicate with each other: The default SSID for Linux-WLAN is linux-wlan, the default SSID for your windows NICs may be different. It's a good idea to decide on a common SSID and stick with it.

  • Once configured, Linux-WLAN doesn't identify the wireless NIC as an Ethernet eth device, but as a wlan device: This is good to know in order to avoid confusion when troubleshooting.

  • Always be prepared to check your syslog /var/log/messages file for errors if things don't work: It is a good source of information. Chapter 5, "Troubleshooting Linux with syslog," shows you how to set up syslog error logging to be more sensitive to errors.

  • You may get "device unknown" or "no such device" errors related to the wlan device in the /var/log/messages file if you use older unpatched versions of the Linux-WLAN software: Always use the most recent versions to make the installation smoother.

    Before installing the Linux-WLAN software for PCMCIA cards such as the Linksys WPC11 you will need to install the RPM packages that support PCMCIA: This step isn't necessary for such true PCI cards as the Linksys WMP11.

    In Fedora Core, the package name is pcmcia-cs and in Red Hat 9 and earlier it is kernel-pcmcia-cs. When searching for the RPMs, remember that the filename usually starts with the software package name and a version number, as in kernel-pcmcia-cs-3.1.31-13.i386.rpm.

Identifying the Correct RPMs

You can find RPM versions of the driver files at http://prism2.unixguru.raleigh.nc.us. Remember to download the files for the correct kernel type, OS version, and kernel version. Downloading and installing RPMs isn't hard. If you need a refresher, Chapter 6, "Installing RPM Software," covers how to do this in detail.

Determine the Kernel Type

Use the uname -p command. The Bigboy server discussed in Chapter 1, "Why Host Your Own Site," is running an i686 version of Linux. The Linux version may not match the CPU you have installed, always use the uname version:

     [root@bigboy tmp]# uname -p
     i686
     [root@bigboy tmp]#

Determine the OS Version

One of the easiest ways to determine the OS version is to view the /etc/ redhat-release or the /etc/fedora-release file. In this case, server Bigboy is running Red Hat version 9.0, while Zero is running Fedora Core 1. You can also look at the /etc/issue file for other versions of Linux.

     [root@bigboy tmp]# cat /etc/redhat-release
     Red Hat Linux release 9 (Shrike)
     [root@bigboy tmp]#

     [root@zero root]# cat /etc/fedora-release
     Fedora Core release 1 (Yarrow)
     [root@zero root]#

Determine the Kernel Version

You can use the uname -r command to figure out the kernel version. In this case, Bigboy is running version 2.4.20-8:

     [root@bigboy tmp]# uname -r
     2.4.20-8
     [root@bigboy tmp]#

Installing the RPMs

After you have all this Linux information, you need to download and install the base, module, and interface packages. When searching for the RPMs, remember that the filename usually starts with the software package name by a version number:

     kernel-wlan-ng-0.2.1-pre14.i686.rpm
     kernel-wlan-ng-modules-fc1.1.2115-0.2.1-pre14.i686.rpm
     kernel-wlan-ng-pci-0.2.1-pre14.i686.rpm
     kernel-wlan-ng-pcmcia-0.2.1-pre14.i686.rpm

Note

There are different RPMs for PCMCIA- and PCI-based NICs. The base and modules RPMs need to be installed in all cases.


Notice the sequence of installation in this sample output. Double-check your preparation steps and the RPM versions if the very last line of the installation gives a result code that is not success.

     [root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-0.2.1-pre14.i686.rpm
     Preparing...                #####################################
     [100%]
        1:kernel-wlan-ng         #####################################
     [100%]
     [root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-modules-fc1.1.2115-0.2.1-
     pre14.i686.rpm
     Preparing...                #####################################
     [100%]
        1:kernel-wlan-ng-modules-#####################################
     [100%]
     [root@bigboy tmp]#

     [root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-pcmcia-0.2.1-pre14.i686.rpm
     Preparing...                #####################################
     [100%]
        1:kernel-wlan-ng-pci     #####################################
     [100%]
     Adding prism2_pci alias to /etc/modprobe.conf file...
     ***NOTE***  YOU MUST CHANGE THIS IF YOU HAVE A PLX CARD!!!
     The default wlan0 network configuration is DHCP.  Adjust accordingly.

     ACHTUNG! ATTENTION! WARNING!
        YOU MUST configure /etc/wlan/wlan.conf to define your SSID!
        YOU ALSO must configure /etc/wlan/wlancfg-SSID to match WAP
     settings!
            (---> replace SSID in filename with the value of your SSID)

     If you get an error after this point, there is either a problem with
     your drivers or you don't have the hardware installed! If the former,
     get help!

     Starting WLAN Devices:message=dot11req_mibset
       mibattribute=dot11PrivacyInvoked=false
       resultcode=success
     message=dot11req_mibset
       mibattribute=dot11ExcludeUnencrypted=false
       resultcode=success
     [root@bigboy tmp]#

Note

If you upgrade your Linux kernel, you'll have to reinstall Linux-WLAN all over again. This will also create new versions of your /etc/sysconfig/networkscripts/ifcfg-wlan0, /etc/wlan/wlan.conf, and /etc/pcmcia/wlan-ng.opts files. You may have to restore these from the automatically saved versions.


Linux-WLAN Post Installation Steps

After the RPMs are installed, you need to configure the new wlan0 wireless NIC to be compatible with your network.

Configure the New wlan0 Interface

Edit /etc/sysconfig/network-scripts/ifcfg-wlan0 to include these new lines:

     DHCP Version           Fixed IP Version
     ============           =================

     DEVICE=wlan0           DEVICE=wlan0
     USERCTL=yes            IPADDR=192.168.1.100
     ONBOOT=yes             NETMASK=255.255.255.0
     BOOTPROTO=dhcp         ONBOOT=yes
                            BOOTPROTO=static

In the fixed IP version you also need to substitute your selected IP, netmask, network, and broadcast address with those above. Plus, make sure you have the correct gateway statement in your /etc/sysconfig/network file, for example. GATEWAY[eq]192.168.1.1.

Disable Your Existing Ethernet NIC

You may want to disable your existing eth0 Ethernet interface after installing the drivers. Add an ONBOOT=no entry to the /etc/sysconfig/networkscripts/ifcfg-eth0 file. This disables the interface on reboot or when /etc/init.d/network is restarted.

Select the Wireless Mode and SSID

All the configuration files are located in the /etc/wlan directory. The package allows your server to be connected to up to three wireless LANs. You specify the SSIDs (LAN IDs) for each wireless LAN in the /etc/wlan/wlan.conf file. In the example, I make the wlan0 interface join the homenet WLAN, as well as instruct the WLAN driver to scan all wireless channels for SSIDs.

     #
     # Specify all the wlan interfaces on the server
     #
     WLAN_DEVICES="wlan0"

     #
     # Specify whether the server should scan the network channels
     # for valid SSIDs
     #
     WLAN_SCAN=y

     #
     # Specify expected SSIDs and the wlan0 interface to which it should
     # be tied
     #
     SSID_wlan0="homenet"
     ENABLE_wlan0=y

Each WLAN specified in the /etc/wlan/wlan.conf file has its own configuration file. Copy the /etc/wlan/wlancfg-DEFAULT file to a file named /etc/wlan/wlancfg-SSID (replace SSID with the actual SSID for your WAP). This line configures for the homenet SSID:

     [root@bigboy wlan]# cp wlancfg-DEFAULT wlancfg-homenet

Start Linux-WLAN

Start the wlan process and test for errors in the file /var/log/messages. All the result codes in the status messages should be success. You may receive the following error, however, which the WLAN RPM Web site claims is "harmless."

     Error for wireless request "Set Encode" (8B2A) :
         SET failed on device wlan0 ; Function not implemented.
     Error for wireless request "Set ESSID" (8B1A) :
         SET failed on device wlan0 ; Function not implemented.

With PCI cards, you can restart Linux-WLAN by restarting the WLAN daemon:

     [root@bigboy tmp]# service wlan restart
     [root@bigboy tmp]# ifup wlan0

With PCMCIA cards, you can start Linux-WLAN by restarting the Linux PCMCIA daemon:

     [root@bigboy tmp]# service pcmcia restart
     [root@bigboy tmp]# service network restart

Testing Linux-WLAN

Now check to see if the IP address of the wlan0 interface is okay. Refer to the upcoming troubleshooting section if you cannot ping the network's gateway.

     [root@bigboy tmp]# ifconfig -a
     [root@bigboy tmp]# ping <gateway-address>

Linux-WLAN Encryption for Security

One of the flaws of wireless networking is that all the wireless clients can detect the presence of all available network SSIDs and have the option of joining any of them. With encryption, the client must have a membership encryption password that can also be represented as a series of Wireless Encryption Protocol (WEP) keys. The wlan.conf file (Red Hat 8.0 RPMs), wlan-SSID file (Red Hat 9/Fedora Core 1 RPMs), or /etc/pcmcia/wlan-ng.opts file (PCMCIA-type NICs) is also used to activate this feature.

Tip

I strongly recommend that you first set up your network without encryption. Only migrate to an encrypted design after you are satisfied that the unencrypted design works correctly.


To invoke encryption, you have to set the dot11PrivacyInvoked parameter to TRue. You also must state which of the keys will be used as the default starting key via the dot11WEPDefaultKeyID parameter. You then have the option of either providing a key-generating string (simple password) or all four of the keys. In the example below, ketchup is the password used to automatically generate the keys.

     #=======WEP===========================================
     # [Dis/En]able WEP. Settings only matter if PrivacyInvoked is true
     lnxreq_hostWEPEncrypt=false # true|false
     lnxreq_hostWEPDecrypt=false # true|false
     dot11PrivacyInvoked=true
     dot11WEPDefaultKeyID=1
     dot11ExcludeUnencrypted=true # true|false, in AP this means WEP
     # is required for all STAs

     # If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate
     # keys (just a convenience)
     PRIV_GENERATOR=/sbin/nwepgen # nwepgen, Neesus compatible
     PRIV_KEY128=false # keylength to generate
     PRIV_GENSTR="ketchup"

     # or set them explicitly. Set genstr or keys, not both.
     dot11WEPDefaultKey0= # format: xx:xx:xx:xx:xx or

     dot11WEPDefaultKey1= # xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
     dot11WEPDefaultKey2= # e.g. 01:20:03:40:05 or
     dot11WEPDefaultKey3= # 01:02:03:04:05:06:07:08:09:0a:0b:0c:0d

Not all devices on your network will use the same algorithm method to generate the encryption keys. You may find the same generator string will not create the same keys, rendering intra-network communication impossible. If this is the case, you can use the /sbin/nwepgen program to generate the keys after you provide an easy to remember key generator string. Once you have the four sets of keys, you'll have to add them individually and in sequence to the wlan.conf, wlan-SSID or /etc/pcmcia/wlan-ng.opts file and set the PRIV_GENSTR parameter to a null string of "" (the quotes are important). Here is how you can use nwepgen to create the keys with a generator string of ketchup.

      [root@bigboy tmp]# /sbin/nwepgen ketchup
     64:c1:a1:cc:db
     2b:32:ed:37:16
     b6:cc:9e:1b:37
     d7:0e:51:3f:03
     [root@bigboy tmp]#

In this case, your wlan.conf or wlan-SSID file would look like this:

     PRIV_GENSTR=""

     # or set them explicitly. Set genstr or keys, not both.
     dot11WEPDefaultKey0= 64:c1:a1:cc:db
     dot11WEPDefaultKey1= 2b:32:ed:37:16
     dot11WEPDefaultKey2= b6:cc:9e:1b:37
     dot11WEPDefaultKey3= d7:0e:51:3f:03

Remember that all devices on your network, including all wireless NICs and WAPs, need to have the same keys and default key for this to work.

De-activating Encryption

In some cases, NICs without full Linux-WLAN compatibility freeze up after a number of hours of working with encryption. The steps to reverse encryption are:

1.
Set the configuration file parameter dot11PrivacyInvoked to false.

2.
Stop Linux-WLAN, and disable the wireless wlan0 interface.

[root@bigboy tmp]# service wlan stop
Shutting Down WLAN Devices:message=lnxreq_ifstate
  ifstate=disable
  resultcode=success
[root@bigboy tmp]# ifdown wlan0

3.
The driver is still loaded in memory with the old encryption parameters, even though it is not active. Linux frequently loads device driver software, such as those that govern the operation of NICs, as modules that the kernel, or Linux master program, uses in its regular operation. Use the lsmod command to display a list of loaded modules. You'll be most interested in the modules associated with 802.11 wireless protocols, which appear here as p80211 and prism2_pci:

[root@bigboy tmp]# lsmod
Module                    Size   Used by      Not tainted
...
...
prism2_pci                66672  1  (autoclean)
p80211                    20328  1  [prism2_pci]
...
...
[root@bigboy tmp]#

Sometimes your NIC may use the orinoco chip set drivers instead of the prism drivers:

[root@bigboy tmp]# lsmod
Module                     Size Used by
...
...

orinoco                   45517 1 orinoco_pci
hermes                     6721 2 orinoco_pci,orinoco
...
...
[root@bigboy tmp]#

4.
Now that you have identified the driver modules in memory, unload them with the rmmod command:

[root@bigboy tmp]# rmmod prism2_pci
[root@bigboy tmp]# rmmod p80211

5.
Restart Linux-WLAN, reactivate the wlan0 interface, and you should be functional again:

[root@bigboy tmp]# service wlan start
Starting WLAN Devices:message=lnxreq_hostwep
  resultcode=no_value
  decrypt=false
  encrypt=false
[root@bigboy tmp]# ifup wlan0

If you fail to reload the driver modules, you'll get errors in your /var/log/messages file and your NIC card will operate in an encrypted mode only:

     Jan 2 18:11:12 bigboy kernel: prism2sta_ifstate: hfa384x_drvr_start()
     failed,result=-110
     Jan 2 18:11:18 bigboy kernel: hfa384x_docmd_wait: hfa384x_cmd
     timeout(1), reg=0x8021.
     Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Initialize command
     failed.
     Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Failed, result=-110

     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows