From owner-freebsd-doc Wed Oct 16 8: 0:20 2002 Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8358D37B401 for ; Wed, 16 Oct 2002 08:00:11 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E268C43EA9 for ; Wed, 16 Oct 2002 08:00:09 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9GF09x3023409 for ; Wed, 16 Oct 2002 08:00:09 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9GF092t023408; Wed, 16 Oct 2002 08:00:09 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0500937B404 for ; Wed, 16 Oct 2002 07:54:41 -0700 (PDT) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 239A943EA9 for ; Wed, 16 Oct 2002 07:54:40 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from root@localhost) by otter3.centtech.com (8.12.3/8.12.3) id g9GEsdL0096190 for freebsd-gnats-submit@freebsd.org; Wed, 16 Oct 2002 09:54:39 -0500 (CDT) (envelope-from anderson) Received: (from anderson@localhost) by otter3.centtech.com (8.12.3/8.12.3) id g9GEsbqZ096182; Wed, 16 Oct 2002 09:54:37 -0500 (CDT) (envelope-from anderson) Message-Id: <200210161454.g9GEsbqZ096182@otter3.centtech.com> Date: Wed, 16 Oct 2002 09:54:37 -0500 (CDT) From: Eric Anderson Reply-To: Eric Anderson To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/44143: [PATCH] Add wireless chapter to the Handbook Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44143 >Category: docs >Synopsis: [PATCH] Add wireless chapter to the Handbook >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Oct 16 08:00:09 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Eric Anderson >Release: FreeBSD 4.7-RELEASE i386 >Organization: >Environment: System: FreeBSD electron.domain.com 4.7-RELEASE FreeBSD 4.7-RELEASE #4: Fri Oct 11 11:30:28 CDT 2002 root@electron.domain.com:/usr/obj/usr/src/sys/ELECTRON i386 >Description: This is a new submission for the handbook (advanced networking section) to cover wireless networking and access points. >How-To-Repeat: >Fix: --- chapter.sgml Tue Oct 8 02:41:18 2002 +++ chapter.sgml-patch Wed Oct 16 08:41:08 2002 @@ -470,6 +470,299 @@ + + + + + Eric + Anderson + Written by + + + + Wireless + + + Introduction + It can be very useful to be able to use a computer without the + annoyance of having a network cable attached at all times. FreeBSD can + be used as a wireless client, and even as a wireless access + point. + + + + Wireless Devices + There are two main types of wireless devices: access points, and clients. + + + Access Points + Access points are wireless networking devices that allow one or more wireless + clients to use the device as a central hub. When using an access point, all + clients communicate through the access point. Multiple access points are often + used to cover a complete area such as a house, business, or park with a wireless + network. + + Access points typically have multiple network connections: the wireless card, + and one or more wired ethernet adapters for connection to the rest of the network. + + + Access points can either be purchased prebuilt, or you can build + your own with FreeBSD and a supported wireless card. Several vendors make + wireless access points and wireless cards with various features. + + + + Building a FreeBSD Access Point + + Requirements + In order to set up a wireless access point with FreeBSD, you need to have + a compatible wireless card. Currently, only cards with the Prism chipset are + supported. You'll also need a wired network card that is also supported by FreeBSD + (this shouldn't be difficult to find, FreeBSD supports a lot of different + devices). For this guide, we'll assume you want to &man.bridge.4; all traffic between + the wireless device and the network attached to the wired network card. + + + + Setting it up + First, make sure your system can see the wireless card: + &prompt.root; ifconfig -a +wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7 + inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 + ether 00:09:2d:2d:c9:50 + media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps) + status: no carrier + ssid "" + stationname "FreeBSD Wireless node" + channel 10 authmode OPEN powersavemode OFF powersavesleep 100 + wepmode OFF weptxkey 1 + + Don't worry about the details now, just make sure it shows you + something to indicate you have a wireless card installed. + + Next, you'll need to load a module in order to get the bridging part + of FreeBSD ready for the access point. In order to load the &man.bridge.4; module, + simply run the following command: + + &prompt.root; kldload bridge + + It should not have produced any errors when loading the module. If it + did, you may need to compile the &man.bridge.4; code into your kernel. The + () Handbook should be able + to help you accomplish that task. + + Now that you have the bridging stuff done, we need to tell the FreeBSD + kernel which interfaces to bridge together. We do that by using sysctl: + + &prompt.root; sysctl net.link.ether.bridge=1 + &prompt.root; sysctl net.link.ether.bridge_cfg="wi0 xl0" + &prompt.root; sysctl net.inet.ip.forwarding=1 + + Now it's time for the wireless card setup. + The following commands will set the card into BSS mode (turning it + into an access point): + + &prompt.root; wicontrol -s "FreeBSD AP" -t 3 -n "my_net" + &prompt.root; ifconfig wi0 inet up ssid my_net mediaopt hostap + &prompt.root; wicontrol -p 6 + + The first &man.wicontrol.8; command tells FreeBSD that the name of this access point + is FreeBSD AP by using the -s FreeBSD AP flags, to use auto rate selection at the + highest rate (11Mbps) with the -t 3 flags, and the SSID (station ID) is set to + my_net with the -n flag. Check out &man.wicontrol.8; for more information. + + The &man.ifconfig.8; line brings the wi0 interface up, and sets its SSID to my_net. + This is a little redundant, but it's shown here to emphasize that you can do + these settings in either place. You'll also notice a mediaopt hostap setting; + this setting is to tell &man.ifconfig.8; to put the interface into access point mode. + + The second &man.wicontrol.8; line turns the interface into access point mode, instead + of the default IBSS (ad-hoc) mode. + + Now you should have a complete functioning access point up and running. You + are encouraged to read &man.wicontrol.8;, &man.ifconfig.8;, and &man.wi.4; for further information. + + + It is also suggested that you read the section on encryption that follows. + + + + + Clients + A wireless client is a system that accesses an access point or another client + directly. + + Typically, wireless clients only have one network device, the wireless + networking card. + + There are a few different ways to configure a wireless client. These are based + on the different wireless modes, generally BSS (infrastructure mode, which requires an + access point), and IBSS (ad-hoc, or peer-to-peer mode). In our example, we'll use the + most popular of the two, BSS mode, to talk to an access point. + + + Requirements + There is only one real requirement for setting up FreeBSD as a wireless client. + You'll need a wireless card that is supported by FreeBSD. + + + + Setting Up A Wireless FreeBSD Client + You'll need to know a few things about the wireless network you are joining before + you start. In this example, we are joining a network that has a name of my_net, and + encryption turned off. + + Note: In this example, we are not using encryption, which is a dangerous situation. + In the next section, you'll learn how to turn on encryption, and why it is important to + do so, and why some encryption technologies still don't completely protect you. + + Make sure your card is recognized by FreeBSD: + + &prompt.root; ifconfig -a +wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7 + inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 + ether 00:09:2d:2d:c9:50 + media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps) + status: no carrier + ssid "" + stationname "FreeBSD Wireless node" + channel 10 authmode OPEN powersavemode OFF powersavesleep 100 + wepmode OFF weptxkey 1 + + Now, we'll set the card to the correct settings for our network: + + &prompt.root; ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_net + + Replace 192.168.0.20 and 255.255.255.0 with a valid IP address and netmask on + your wired network. Remember, our access point is bridging the data between the + wireless network, and the wired network, so it will appear to the other devices on + your network that you are on the wired network just as they are. + + Once you have done that, you should be able to ping hosts on the wired network + just as if you were connected using a standard wired connection. + + If you are experiencing problems with your wireless connection, check to make + sure that your are associated (connected) to the access point: + + &prompt.root; ifconfig wi0 + + should return some information, and you should see: + status: associated + + If it does not show associated, then you may be out of range of the access point, don't have + encryption on, or possibly have a configuration problem. + + + + + + Encryption + + Encryption on a wireless network is important because you no longer have the + ability to keep the network contained in a well protected area. Your wireless data + will be broadcast across your entire neighborhood, so anyone who cares to read it + can. This is where encryption comes in. By encrypting the data that is sent over + the airwaves, you make it much more difficult for any interested party to grab your + data right out of the air. + + The two most common ways to encrypt the data between your client and the access + point, are WEP, and &man.ipsec.4;. + + + WEP + WEP is an abbreviation for Wired Equivalency Protocol. WEP is an attempt to + make wireless networks as safe and secure as a wired network. Unfortunately, it + has been cracked, and is fairly trivial to break. This also means it isn't something + to rely on when it comes to encrypting sensitive data. + + It's better than nothing, so here's how to turn on WEP on your new FreeBSD + access point: + + &prompt.root; ifconfig wi0 inet up ssid my_net wepkey 0x1234567890 mediaopt hostap + + And here's how you turn on WEP on a client: + + &prompt.root; ifconfig wi0 inet 192.168.0.20 netmask 255.255.255.0 ssid my_net wepkey 0x1234567890 + + Note that you should replace the 0x1234567890 with a more unique key. + + + + + IPsec + &man.ipsec.4; is a much more robust and powerful tool for encrypting data across a + network. This is definitely the preferred way to encrypt wireless data over a + network. You can read more about &man.ipsec.4; security and how to implement it in the + () handbook. + + + + + Tools + There are a small number of tools available for use in debugging and setting + up your wireless network, and here we'll attempt to describe some of them and what + they do. + + + bsd-airtools + bsd-airtools is a package that includes wireless auditing tools for wep key + cracking, access point detection, etc. + + bsd-airtools can be installed from the ports collection. Information on + installing ports can be found in () the handbook. + + dstumbler is the packaged tool that allows for access point discovery and + signal to noise ratio graphing. If you are having a hard time getting your access + point up and running, dstumbler may help you get started. + + To test your wireless network security, you may choose to use dweputils to + help you determine if wep is the right solution to your wireless security needs. + + + + + wicontrol, ancontrol, raycontrol + These are the tools you use to control how your wireless card behaves on the + wireless network. In the examples above, we've chosen to use &man.wicontrol.8;, since our + wireless card is a wi0 interface. If you had a Cisco wireless device, it would come + up as an0, and therefore you would use &man.ancontrol.8;. + + + + + ifconfig + &man.ifconfig.8; can be used to do many of the same options as &man.wicontrol.8;, however it + does lack a few options. Check &man.ifconfig.8; for command line parameters and options. + + + + + + + Supported Cards + + Access Points + The only cards that are currently supported for BSS (as an access point) mode are + devices based on the Prism (or Prism 2, 2.5) chipset. For a complete list, look + at &man.wi.4;. + + + + + Clients + Almost all 802.11b wireless cards are currently supported under FreeBSD. Most + cards based on Prism, Spectrum24, Hermes, Aironet, and Raylink will work as a wireless + network card in IBSS (ad-hoc, peer-to-peer, and BSS) mode. + + + + + + + + >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message