Date: Thu, 2 Jul 2015 00:14:31 +0000 (UTC) From: Warren Block <wblock@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46911 - head/en_US.ISO8859-1/books/handbook/advanced-networking Message-ID: <201507020014.t620EVCF054674@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wblock Date: Thu Jul 2 00:14:31 2015 New Revision: 46911 URL: https://svnweb.freebsd.org/changeset/doc/46911 Log: Update the WPA-PSK access point section at Mark Felder's request, who supplied the ifconfig output. Also update some of the defaults and suggestions for the current era: WPA2 and CCMP/AES. Submitted by: Mark Felder <feld@FreeBSD.org> Reviewed by: adrian Differential Revision: Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Wed Jul 1 13:35:19 2015 (r46910) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Thu Jul 2 00:14:31 2015 (r46911) @@ -1935,11 +1935,11 @@ freebsdap 00:11:95:c3:0d:ac 1 roam:rate 5 protmode CTS wme burst</screen> </sect3> - <sect3> - <title><acronym>WPA</acronym> Host-based Access Point</title> + <sect3 xml:id="network-wireless-ap-wpa"> + <title><acronym>WPA2</acronym> Host-based Access Point</title> <para>This section focuses on setting up a &os; - <acronym>AP</acronym> using the <acronym>WPA</acronym> + access point using the <acronym>WPA2</acronym> security protocol. More details regarding <acronym>WPA</acronym> and the configuration of <acronym>WPA</acronym>-based wireless clients can be found @@ -1947,13 +1947,13 @@ freebsdap 00:11:95:c3:0d:ac 1 <para>The &man.hostapd.8; daemon is used to deal with client authentication and key management on the - <acronym>WPA</acronym>-enabled <acronym>AP</acronym>.</para> + <acronym>WPA2</acronym>-enabled <acronym>AP</acronym>.</para> <para>The following configuration operations are performed on the &os; machine acting as the <acronym>AP</acronym>. Once the <acronym>AP</acronym> is correctly working, - &man.hostapd.8; should be automatically enabled at boot - with the following line in + &man.hostapd.8; can be automatically started at boot + with this line in <filename>/etc/rc.conf</filename>:</para> <programlisting>hostapd_enable="YES"</programlisting> @@ -1963,95 +1963,95 @@ freebsdap 00:11:95:c3:0d:ac 1 linkend="network-wireless-ap-basic"/>.</para> <sect4> - <title><acronym>WPA-PSK</acronym></title> + <title><acronym>WPA2-PSK</acronym></title> - <para><acronym>WPA-PSK</acronym> is intended for small + <para><acronym>WPA2-PSK</acronym> is intended for small networks where the use of a backend authentication server is not possible or desired.</para> <para>The configuration is done in <filename>/etc/hostapd.conf</filename>:</para> - <programlisting>interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/> -debug=1 <co xml:id="co-ap-wpapsk-dbug"/> -ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/> -ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/> -ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/> -wpa=1 <co xml:id="co-ap-wpapsk-wpa"/> -wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/> -wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/> -wpa_pairwise=CCMP TKIP <co xml:id="co-ap-wpapsk-pwise"/></programlisting> + <programlisting>interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/> +debug=1 <co xml:id="co-ap-wpapsk-dbug"/> +ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/> +ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/> +ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/> +wpa=2 <co xml:id="co-ap-wpapsk-wpa"/> +wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/> +wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/> +wpa_pairwise=CCMP <co xml:id="co-ap-wpapsk-pwise"/></programlisting> <calloutlist> <callout arearefs="co-ap-wpapsk-iface"> - <para>This field indicates the wireless interface used - for the <acronym>AP</acronym>.</para> + <para>Wireless interface used + for the access point.</para> </callout> <callout arearefs="co-ap-wpapsk-dbug"> - <para>This field sets the level of verbosity during the + <para>Level of verbosity used during the execution of &man.hostapd.8;. A value of <literal>1</literal> represents the minimal level.</para> </callout> <callout arearefs="co-ap-wpapsk-ciface"> - <para>The <literal>ctrl_interface</literal> field gives - the pathname of the directory used by &man.hostapd.8; - to store its domain socket files for the communication + <para>Pathname of the directory used by &man.hostapd.8; + to store domain socket files for communication with external programs such as &man.hostapd.cli.8;. The default value is used in this example.</para> </callout> <callout arearefs="co-ap-wpapsk-cifacegrp"> - <para>The <literal>ctrl_interface_group</literal> line - sets the group which is allowed to access the control + <para>The group allowed to access the control interface files.</para> </callout> <callout arearefs="co-ap-wpapsk-ssid"> - <para>This field sets the network name.</para> + <para>The wireless network name, or + <acronym>SSID</acronym>, that will appear in wireless + scans.</para> </callout> <callout arearefs="co-ap-wpapsk-wpa"> - <para>The <literal>wpa</literal> field enables - <acronym>WPA</acronym> and specifies which + <para>Enable + <acronym>WPA</acronym> and specify which <acronym>WPA</acronym> authentication protocol will - be required. A value of <literal>1</literal> + be required. A value of <literal>2</literal> configures the <acronym>AP</acronym> for - <acronym>WPA-PSK</acronym>.</para> + <acronym>WPA2</acronym> and is recommended. + Set to <literal>1</literal> only if the obsolete + <acronym>WPA</acronym> is required.</para> </callout> <callout arearefs="co-ap-wpapsk-pass"> - <para>The <literal>wpa_passphrase</literal> field - contains the ASCII passphrase for + <para>ASCII passphrase for <acronym>WPA</acronym> authentication.</para> <warning> - <para>Always use strong passwords that are - sufficiently long and made from a rich alphabet so + <para>Always use strong passwords that are at least + 8 characters long and made from a rich alphabet so that they will not be easily guessed or attacked.</para> </warning> </callout> <callout arearefs="co-ap-wpapsk-kmgmt"> - <para>The <literal>wpa_key_mgmt</literal> line refers - to the key management protocol to use. This example + <para>The + key management protocol to use. This example sets <acronym>WPA-PSK</acronym>.</para> </callout> <callout arearefs="co-ap-wpapsk-pwise"> - <para>The <literal>wpa_pairwise</literal> field - indicates the set of accepted encryption algorithms by - the <acronym>AP</acronym>. In this example, both - <acronym>TKIP</acronym> (<acronym>WPA</acronym>) and - <acronym>CCMP</acronym> (<acronym>WPA2</acronym>) - ciphers are accepted. The <acronym>CCMP</acronym> - cipher is an alternative to <acronym>TKIP</acronym> + <para>Encryption algorithms accepted by + the access point. In this example, only + the + <acronym>CCMP</acronym> (<acronym>AES</acronym>) + cipher is accepted. <acronym>CCMP</acronym> + is an alternative to <acronym>TKIP</acronym> and is strongly preferred when possible. - <acronym>TKIP</acronym> should be used solely for - stations incapable of doing + <acronym>TKIP</acronym> should be allowed only when + there are stations incapable of using <acronym>CCMP</acronym>.</para> </callout> </calloutlist> @@ -2061,14 +2061,18 @@ wpa_pairwise=CCMP TKIP <co xml:id="co-ap <screen>&prompt.root; <userinput>service hostapd forcestart</userinput></screen> <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput> - wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290 - inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 - inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 - ether 00:11:95:c3:0d:ac - media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> - status: associated - ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac - authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> +wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 + ether 04:f0:21:16:8e:10 + inet6 fe80::6f0:21ff:fe16:8e10%wlan0 prefixlen 64 scopeid 0x9 + nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> + media: IEEE 802.11 Wireless Ethernet autoselect mode 11na <hostap> + status: running + ssid No5ignal channel 36 (5180 MHz 11a ht/40+) bssid 04:f0:21:16:8e:10 + country US ecm authmode WPA2/802.11i privacy MIXED deftxkey 2 + AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 17 mcastrate 6 mgmtrate 6 + scanvalid 60 ampdulimit 64k ampdudensity 8 shortgi wme burst + dtimperiod 1 -dfs + groups: wlan</screen> <para>Once the <acronym>AP</acronym> is running, the clients can associate with it. See <xref
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507020014.t620EVCF054674>