From owner-freebsd-doc@FreeBSD.ORG Mon Aug 29 00:40:04 2011 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 598281065675 for ; Mon, 29 Aug 2011 00:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2FB428FC17 for ; Mon, 29 Aug 2011 00:40:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7T0e4or076162 for ; Mon, 29 Aug 2011 00:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p7T0e48u076161; Mon, 29 Aug 2011 00:40:04 GMT (envelope-from gnats) Resent-Date: Mon, 29 Aug 2011 00:40:04 GMT Resent-Message-Id: <201108290040.p7T0e48u076161@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Warren Block Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32A64106566B for ; Mon, 29 Aug 2011 00:38:45 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 21DEB8FC14 for ; Mon, 29 Aug 2011 00:38:44 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7T0cixM077925 for ; Mon, 29 Aug 2011 00:38:44 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p7T0ciSk077924; Mon, 29 Aug 2011 00:38:44 GMT (envelope-from nobody) Message-Id: <201108290038.p7T0ciSk077924@red.freebsd.org> Date: Mon, 29 Aug 2011 00:38:44 GMT From: Warren Block To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: docs/160269: [patch] Handbook wireless section: sand off some rough edges X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2011 00:40:04 -0000 >Number: 160269 >Category: docs >Synopsis: [patch] Handbook wireless section: sand off some rough edges >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 29 00:40:03 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Warren Block >Release: 8-STABLE >Organization: >Environment: FreeBSD lightning 8.2-STABLE FreeBSD 8.2-STABLE #0: Fri Aug 26 13:17:14 MDT 2011 root@lightning:/usr/obj/usr/src/sys/LIGHTNING i386 >Description: Fix some wording and punctuation in the advanced networking/wireless section of the Handbook. >How-To-Repeat: Read the later parts of the wireless section. >Fix: Apply patch. Patch attached with submission follows: --- en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml.orig 2011-08-28 17:57:28.000000000 -0600 +++ en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml 2011-08-28 18:35:33.000000000 -0600 @@ -1225,7 +1225,7 @@ the 802.1X authentication protocol and uses one of several ciphers instead of WEP for data integrity. The only cipher required by WPA is TKIP (Temporary Key Integrity - Protocol) which is a cipher that extends the basic RC4 + Protocol). TKIP is a cipher that extends the basic RC4 cipher used by WEP by adding integrity checking, tamper detection, and measures for responding to any detected intrusions. TKIP is designed to work on legacy hardware @@ -1243,7 +1243,7 @@ station and the access point using a pre-shared secret. The former is commonly termed WPA Enterprise with the latter known as WPA Personal. Since most people will not - set up a RADIUS backend server for wireless network, + set up a RADIUS backend server for their wireless network, WPA-PSK is by far the most commonly encountered configuration for WPA. @@ -1258,7 +1258,7 @@ WPA-PSK - WPA-PSK also known as WPA-Personal is based on a + WPA-PSK, also known as WPA-Personal, is based on a pre-shared key (PSK) generated from a given password and that will be used as the master key in the wireless network. This means every wireless user will share the @@ -1289,7 +1289,7 @@ wlans_ath0="wlan0" ifconfig_wlan0="WPA DHCP" - Then, we can bring up the interface: + Then we can bring up the interface: &prompt.root; /etc/rc.d/netif start Starting wpa_supplicant. @@ -1342,16 +1342,16 @@ wme burst roaming MANUAL - If the /etc/rc.conf is set up + If /etc/rc.conf is set up with the line ifconfig_wlan0="DHCP" - then it is no need to run the - dhclient command manually, + then it is not necessary to run the + dhclient command manually. dhclient will be launched after wpa_supplicant plumbs the keys. - In the case where the use of DHCP is not possible, + If DHCP is not possible or desired, you can set a static IP address after wpa_supplicant has authenticated the station: @@ -1370,7 +1370,7 @@ wme burst roaming MANUAL When DHCP is not used, you also have to manually set - up the default gateway and the nameserver: + the default gateway and the nameserver: &prompt.root; route add default your_default_router &prompt.root; echo "nameserver your_DNS_server" >> /etc/resolv.conf @@ -1380,16 +1380,16 @@ WPA with EAP-TLS The second way to use WPA is with an 802.1X backend - authentication server, in this case WPA is called - WPA-Enterprise to make difference with the less secure - WPA-Personal with its pre-shared key. The - authentication in WPA-Enterprise is based on EAP + authentication server. In this case WPA is called + WPA-Enterprise to differentiate it from the less secure + WPA-Personal with its pre-shared key. + Authentication in WPA-Enterprise is based on EAP (Extensible Authentication Protocol). EAP does not come with an encryption method, it was decided to embed EAP inside an encrypted tunnel. Many - types of EAP authentication methods have been designed, - the most common methods are EAP-TLS, EAP-TTLS and + types of EAP authentication methods have been designed. + The most common methods are EAP-TLS, EAP-TTLS and EAP-PEAP. EAP-TLS (EAP with Transport Layer Security) is a @@ -1555,7 +1555,7 @@ The ca_cert field indicates the pathname of the CA certificate file. This file - is needed to verify the server certificat. + is needed to verify the server certificate. @@ -1599,10 +1599,10 @@ PEAP (Protected EAP) has been designed as an alternative to EAP-TTLS. There are two types of PEAP - methods, the most common one is PEAPv0/EAP-MSCHAPv2. In + methods; the most common one is PEAPv0/EAP-MSCHAPv2. In the rest of this document, we will use the PEAP term to refer to that EAP method. PEAP is the most used EAP - standard after EAP-TLS, in other words if you have a + standard after EAP-TLS. In other words, if you have a network with mixed OSes, PEAP should be the most supported standard after EAP-TLS. @@ -1610,9 +1610,9 @@ certificate to authenticate clients by creating an encrypted TLS tunnel between the client and the authentication server, which protects the ensuing - exchange of authentication information. In term of + exchange of authentication information. In terms of security the difference between EAP-TTLS and PEAP is - that PEAP authentication broadcasts the username in + that PEAP authentication broadcasts the username in the clear, only the password is sent in the encrypted TLS tunnel. EAP-TTLS will use the TLS tunnel for both username and password. @@ -1661,7 +1661,7 @@ first phase of the authentication (the TLS tunnel). According to the authentication server used, you will have to specify a specific label - for the authentication. Most of time, the label + for the authentication. Most of the time, the label will be client EAP encryption which is set by using peaplabel=0. More information can be found in the @@ -1682,7 +1682,7 @@ wlans_ath0="wlan0" ifconfig_wlan0="WPA DHCP" - Then, we can bring up the interface: + Then we can bring up the interface: &prompt.root; /etc/rc.d/netif start Starting wpa_supplicant. @@ -1709,7 +1709,7 @@ WEP (Wired Equivalent Privacy) is part of the original 802.11 standard. There is no authentication mechanism, - only a weak form of access control, and it is easily to be + only a weak form of access control, and it is easily cracked. WEP can be set up with @@ -1724,18 +1724,18 @@ The weptxkey means which WEP key will be used in the transmission. Here we used the third key. This must match the setting in the access - point. If you do not have any idea of what is the key - used by the access point, you should try to use + point. If you do not have any idea of which key is + used by the access point, try 1 (i.e., the first key) for this value. - The wepkey means setting the - selected WEP key. It should in the format - index:key, if the index is - not given, key 1 is set. That is - to say we need to set the index if we use keys other + The wepkey selects one of the + WEP keys. It should be in the format + index:key. Key + 1 is used by default; the index + only needs to be set if we use a key other than the first key. @@ -1746,7 +1746,7 @@ - You are encouraged to read &man.ifconfig.8; manual + You are encouraged to read the &man.ifconfig.8; manual page for further information. The wpa_supplicant facility also @@ -1777,7 +1777,7 @@ IBSS mode, also called ad-hoc mode, is designed for point to point connections. For example, to establish an ad-hoc network between the machine A and the machine - B we will just need to choose two IP addresses + B, we will just need to choose two IP addresses and a SSID. On the box A: @@ -1822,7 +1822,7 @@ protmode CTS wme burst Both A and B are now - ready to exchange informations. + ready to exchange information. @@ -1839,19 +1839,19 @@ Before configuring your &os; machine as an AP, the kernel must be configured with the appropriate wireless networking support for your wireless card. You also have to - add the support for the security protocols you intend to + add support for the security protocols you intend to use. For more details, see . The use of the NDIS driver wrapper and the &windows; - drivers do not allow currently the AP operation. Only + drivers do not currently allow AP operation. Only native &os; wireless drivers support AP mode. - Once the wireless networking support is loaded, you can + Once wireless networking support is loaded, you can check if your wireless device supports the host-based access - point mode (also know as hostap mode): + point mode (also known as hostap mode): &prompt.root; ifconfig wlan0 create wlandev ath0 &prompt.root; ifconfig wlan0 list caps @@ -1861,8 +1861,8 @@ This output displays the card capabilities; the HOSTAP word confirms this wireless card can act as an Access Point. Various supported ciphers are - also mentioned: WEP, TKIP, AES, etc., these informations - are important to know what security protocols could be set + also mentioned: WEP, TKIP, AES, etc., this information + is important to know what security protocols could be set on the Access Point. The wireless device can only be put into hostap mode @@ -1877,7 +1877,7 @@ &prompt.root; ifconfig wlan0 create wlandev ath0 wlanmode hostap &prompt.root; ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1 - Use again ifconfig to see the status + Use ifconfig again to see the status of the wlan0 interface: &prompt.root; ifconfig wlan0 @@ -2150,7 +2150,7 @@ On &os;, it is possible to combine two or even more network interfaces together in a failover fashion, that is, to use the most preferred and available connection from a - group of network interfaces, and have the operating system to + group of network interfaces, and have the operating system switch automatically when the link state changes. We will cover link aggregation and failover in >Release-Note: >Audit-Trail: >Unformatted: