Wireless Network

Wireless networking basics Wireless networks are based on the IEEE 802.11 standards. A basic wireless network consists of multiple stations communicating with radios that broadcast in either the 2.4GHz or 5GHz band (though this varies according to the locale and is also changing to enable communication in the 2.3Ghz and 4.9Ghz ranges). 802.11 networks are organized in two ways: in a BSS one station acts as a master with all the other stations associating to it; this is termed infrastructure mode and the master station is termed an access point (AP). In BSS mode all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly know as an adhoc network. 802.11 networks were first created in the 2.4GHz band using protocols defined by the IEEE 802.11b standard. These specifications include the operating frequencies, MAC layer characteristics including framing and transmission rates (communication can be done at various rates). Later the 802.11a standard defined operation in the 5GHz band, including different signalling mechanisms and higher transmission rates. Still later the 802.11g standard was defined to enable use of 802.11a signalling and transmission mechanisms in the 2.4GHz band in such a way as to be backwards compatible with 802.11b networks. Separate from the underlying transmission techniques 802.11 networks have a variety of security mechanisms. The original 802.11 specifications defined a simple security protocol called WEP. This protocol uses a fixed pre-shared key and the RC4 cryptographic cipher to encode data transmitted on a network. Stations must all agree on the identity of the fixed key in order to communmicate. This scheme was shown to be easily broken and is now rarely used except to discourage transient users from joining networks. Current security practice is given by the IEEE 802.11i specification which defines new cryptographic ciphers and an additional protocol to authenticate stations to an access point and exchange keys for doing data communication. Further, cryptographic keys are periodically refreshed and there are mechanisms for detecting intrusion attempts (and for countering intrusion attempts). Another security protocol specification commonly used in wireless networks is termed WPA. This was a precursor to 802.11i defined by an industry group as an interim measure while waiting for 802.11i to be ratified. WPA specifies a subset of the requirements found in 802.11i and is designed for implementation on legacy hardware. Specifically WPA defines the TKIP protocol that is derived from the original WEP protocol. 802.11i permits use of TKIP but most stations will instead use the AES cipher for encrypting data; a cipher that is too computationally costly to be implemented on legacy hardware. Other than the above protocol standards the other important standard to be aware of is 802.11e. This defines protocols for deploying multi-media applications such as streaming video and voice over IP (VoIP) in an 802.11 network. Like 802.11i, 802.11e

also has a precursor specification termed WME (and now WMM) that has been defined by an industry group as a subset of 802.11e that can be implemented now to enable multimedia applications while waiting for the final ratification of 802.11e. The most important thing to understand about 802.11e and WME/WMM is that it enables prioritized traffic use of a wireless network through Quality of Service (QoS) protocols and enhanced media access protocols. Proper implementation of these protocols enable high speed bursting of data and prioritized traffic flow. FreeBSD 6.0 supports networks that operate using 802.11a, 80.211b, and 802.11g. The WPA and 802.11i security protocols are likewise supported (in conjunction with any of 11a, 11b, and 11g) and QoS and traffic prioritization required by the WME/WMM protocols are supported for a limited set of wireless devices.

Wireless LAN A wireless LAN (shortly WLAN) is a wireless local area network that links two or more computers or devices using spread-spectrum or OFDM modulation technology based to enable communication between devices in a limited area. This gives users the mobility to move around within a broad coverage area and still be connected to the network. For the home user, wireless has become popular due to ease of installation, and location freedom with the gaining popularity of laptops. Public businesses such as coffee shops or malls have begun to offer wireless access to their customers; some are even provided as a free service. Large wireless network projects are being put up in many major cities. Google is even providing a free service to Mountain View, California[1] and has entered a bid to do the same for San Francisco.[2] New York City has also begun a pilot program to cover all five boroughs of the city with wireless Internet access. In 1970 University of Hawaii, under the leadership of Norman Abramson, developed the world’s first computer communication network using low-cost ham-like radios, named ALOHAnet. The bi-directional star topology of the system included seven computers deployed over four islands to communicate with the central computer on the Oahu Island without using phone lines.[3] "In 1979, F.R. Gfeller and U. Bapst published a paper in the IEEE Proceedings reporting an experimental wireless local area network using diffused infrared communications. Shortly thereafter, in 1980, P. Ferrert reported on an experimental application of a single code spread spectrum radio for wireless terminal communications in the IEEE National Telecommunications Conference. In 1984, a comparison between Infrared and CDMA spread spectrum communications for wireless office information networks was published by Kaveh Pahlavan in IEEE Computer Networking Symposium which appeared later in the IEEE Communication Society Magazine. In May 1985, the efforts of Marcus led the FCC to announce experimental ISM bands for commercial application of spread spectrum technology. Later on, M. Kavehrad reported on an experimental wireless PBX system using code division multiple access. These efforts prompted significant industrial

activities in the development of a new generation of wireless local area networks and it updated several old discussions in the portable and mobile radio industry. The first generation of wireless data modems was developed in the early 1980s by amateur radio operators, who commonly referred to this as packet radio. They added a voice band data communication modem, with data rates below 9600-bit/s, to an existing short distance radio system, typically in the two meter amateur band. The second generation of wireless modems was developed immediately after the FCC announcement in the experimental bands for non-military use of the spread spectrum technology. These modems provided data rates on the order of hundreds of kbit/s. The third generation of wireless modem then aimed at compatibility with the existing LANs with data rates on the order of Mbit/s. Several companies developed the third generation products with data rates above 1 Mbit/s and a couple of products had already been announced by the time of the first IEEE Workshop on Wireless LANs."[4] "The first of the IEEE Workshops on Wireless LAN was held in 1991. At that time early wireless LAN products had just appeared in the market and the IEEE 802.11 committee had just started its activities to develop a standard for wireless LANs. The focus of that first workshop was evaluation of the alternative technologies. By 1996, the technology was relatively mature, a variety of applications had been identified and addressed and technologies that enable these applications were well understood. Chip sets aimed at wireless LAN implementations and applications, a key enabling technology for rapid market growth, were emerging in the market. Wireless LANs were being used in hospitals, stock exchanges, and other in building and campus settings for nomadic access, point-to-point LAN bridges, ad-hoc networking, and even larger applications through internetworking. The IEEE 802.11 standard and variants and alternatives, such as the wireless LAN interoperability forum and the European HiperLAN specification had made rapid progress, and the unlicensed PCS Unlicensed Personal Communications Services and the proposed SUPERNet, later on renamed as U-NII, bands also presented new opportunities."[5] Originally WLAN hardware was so expensive that it was only used as an alternative to cabled LAN in places where cabling was difficult or impossible. Early development included industry-specific solutions and proprietary protocols, but at the end of the 1990s these were replaced by standards, primarily the various versions of IEEE 802.11 (Wi-Fi). An alternative ATM-like 5 GHz standardized technology, HiperLAN/2, has so far not succeeded in the market, and with the release of the faster 54 Mbit/s 802.11a (5 GHz) and 802.11g (2.4 GHz) standards, almost certainly never will. In November 2007, the Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) won a legal battle in the US federal court of Texas against Buffalo Technology which found the US manufacturer had failed to pay royalties on a US WLAN patent CSIRO had filed in 1996. CSIRO are currently engaged in legal cases with computer companies including Microsoft, Intel, Dell, Hewlett-Packard and Netgear which argue that the patent is invalid and should negate any royalties paid to CSIRO for WLAN-based products.[6]

"The first of the IEEE Workshops on Wireless LAN was held in 1991. At that time early wireless LAN products had just appeared in the market and the IEEE 802.11 committee had just started its activities to develop a standard for wireless LANs. The focus of that first workshop was evaluation of the alternative technologies. By 1996, the technology was relatively mature, a variety of applications had been identified and addressed and technologies that enable these applications were well understood. Chip sets aimed at wireless LAN implementations and applications, a key enabling technology for rapid market growth, were emerging in the market. Wireless LANs were being used in hospitals, stock exchanges, and other in building and campus settings for nomadic access, point-to-point LAN bridges, ad-hoc networking, and even larger applications through internetworking. The IEEE 802.11 standard and variants and alternatives, such as the wireless LAN interoperability forum and the European HiperLAN specification had made rapid progress, and the unlicensed PCS Unlicensed Personal Communications Services and the proposed SUPERNet, later on renamed as U-NII, bands also presented new opportunities."[5] Originally WLAN hardware was so expensive that it was only used as an alternative to cabled LAN in places where cabling was difficult or impossible. Early development included industry-specific solutions and proprietary protocols, but at the end of the 1990s these were replaced by standards, primarily the various versions of IEEE 802.11 (Wi-Fi). An alternative ATM-like 5 GHz standardized technology, HiperLAN/2, has so far not succeeded in the market, and with the release of the faster 54 Mbit/s 802.11a (5 GHz) and 802.11g (2.4 GHz) standards, almost certainly never will. In November 2007, the Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) won a legal battle in the US federal court of Texas against Buffalo Technology which found the US manufacturer had failed to pay royalties on a US WLAN patent CSIRO had filed in 1996. CSIRO are currently engaged in legal cases with computer companies including Microsoft, Intel, Dell, Hewlett-Packard and Netgear which argue that the patent is invalid and should negate any royalties paid to CSIRO for WLAN-based products.[6]

Benefits The popularity of wireless LANs is a testament primarily to their convenience, cost efficiency, and ease of integration with other networks and network components. The majority of computers sold to consumers today come pre-equipped with all necessary wireless LAN technology. Benefits of wireless LANs include: Convenience The wireless nature of such networks allows users to access network resources from nearly any convenient location within their primary networking environment (home or office). With the increasing saturation of laptop-style computers, this is particularly relevant. Mobility

With the emergence of public wireless networks, users can access the internet even outside their normal work environment. Most chain coffee shops, for example, offer their customers a wireless connection to the internet at little or no cost. Productivity Users connected to a wireless network can maintain a nearly constant affiliation with their desired network as they move from place to place. For a business, this implies that an employee can potentially be more productive as his or her work can be accomplished from any convenient location. For example, a hospital or warehouse may implement Voice over WLAN applications that enable mobility and cost savings.[7] Deployment Initial setup of an infrastructure-based wireless network requires little more than a single access point. Wired networks, on the other hand, have the additional cost and complexity of actual physical cables being run to numerous locations (which can even be impossible for hard-to-reach locations within a building). Expandability Wireless networks can serve a suddenly-increased number of clients with the existing equipment. In a wired network, additional clients would require additional wiring. Cost Wireless networking hardware is at worst a modest increase from wired counterparts. This potentially increased cost is almost always more than outweighed by the savings in cost and labor associated to running physical cables.

Disadvantages: Wireless LAN technology, while replete with the conveniences and advantages described above, has its share of downfalls. For a given networking situation, wireless LANs may not be desirable for a number of reasons. Most of these have to do with the inherent limitations of the technology. Security Wireless LAN transceivers are designed to serve computers throughout a structure with uninterrupted service using radio frequencies. Because of space and cost, the antennas typically present on wireless networking cards in the end computers are generally relatively poor. In order to properly receive signals using such limited antennas throughout even a modest area, the wireless LAN transceiver utilizes a fairly considerable amount of power. What this means is that not only can the wireless packets be intercepted by a nearby adversary's poorly-equipped computer, but more importantly, a user willing to spend a small amount of money on a good quality antenna can pick up packets at a remarkable distance; perhaps hundreds of times the radius as the typical user. In fact, there are even computer users dedicated to locating and sometimes even cracking into wireless networks, known as wardrivers. On a wired network, any adversary would first have to overcome the physical limitation of tapping into the actual wires, but this is not an

issue with wireless packets. To combat this consideration, wireless networks users usually choose to utilize various encryption technologies available such as Wi-Fi Protected Access (WPA). Some of the older encryption methods, such as WEP are known to have weaknesses that a dedicated adversary can compromise. (See main article: Wireless security.) Range The typical range of a common 802.11g network with standard equipment is on the order of tens of metres. While sufficient for a typical home, it will be insufficient in a larger structure. To obtain additional range, repeaters or additional access points will have to be purchased. Costs for these items can add up quickly. Other technologies are in the development phase, however, which feature increased range, hoping to render this disadvantage irrelevant. (See WiMAX) Reliability Like any radio frequency transmission, wireless networking signals are subject to a wide variety of interference, as well as complex propagation effects (such as multipath, or especially in this case Rician fading) that are beyond the control of the network administrator. One of the most insidious problems that can affect the stability and reliability of a wireless LAN is the microwave oven.[8] In the case of typical networks, modulation is achieved by complicated forms of phase-shift keying (PSK) or quadrature amplitude modulation (QAM), making interference and propagation effects all the more disturbing. As a result, important network resources such as servers are rarely connected wirelessly. Speed The speed on most wireless networks (typically 1-108 Mbit/s) is reasonably slow compared to the slowest common wired networks (100 Mbit/s up to several Gbit/s). There are also performance issues caused by TCP and its built-in congestion avoidance. For most users, however, this observation is irrelevant since the speed bottleneck is not in the wireless routing but rather in the outside network connectivity itself. For example, the maximum ADSL throughput (usually 8 Mbit/s or less) offered by telecommunications companies to generalpurpose customers is already far slower than the slowest wireless network to which it is typically connected. That is to say, in most environments, a wireless network running at its slowest speed is still faster than the internet connection serving it in the first place. However, in specialized environments, higher throughput through a wired network might be necessary. Newer standards such as 802.11n are addressing this limitation and will support peak throughput in the range of 100-200 Mbit/s. Wireless LANs present a host of issues for network managers. Unauthorized access points, broadcasted Service set identifiers (SSIDs), unknown stations, and spoofed MAC addresses are just a few of the problems addressed in WLAN troubleshooting. Most network analysis vendors, such as Network Instruments, Network General, and Fluke, offer WLAN troubleshooting tools or functionalities as part of their product line.

Architecture Stations All components that can connect into a wireless medium in a network are referred to as stations. All stations are equipped with wireless network interface cards (WNICs). Wireless stations fall into one of two categories: access points, and clients. Access points (APs), normally routers, are base stations for the wireless network. They transmit and receive radio frequencies for wireless enabled devices to communicate with. Wireless clients can be mobile devices such as laptops, personal digital assistants, IP phones, or fixed devices such as desktops and workstations that are equipped with a wireless network interface.

Basic service set The basic service set (BSS) is a set of all stations that can communicate with each other. There are two types of BSS: Independent BSS (also referred to as IBSS), and infrastructure BSS. Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS. An independent BSS (IBSS) is an ad-hoc network that contains no access points, which means they can not connect to any other basic service set. An infrastructure can communicate with other stations not in the same basic service set by communicating through access points.

Extended service set An extended service set (ESS) is a set of connected BSSes. Access points in an ESS are connected by a distribution system. Each ESS has an ID called the SSID which is a 32byte (maximum) character string. For example, "linksys" is the default SSID for Linksys routers.

Distribution system A distribution system (DS) connects access points in an extended service set. The concept of a DS can be used to increase network coverage through roaming between cells

Types of wireless LANs Peer-to-peer Peer-to-Peer or ad-hoc wireless LAN An ad-hoc network is a network where stations communicate only peer to peer (P2P). There is no base and no one gives permission to talk. This is accomplished using the Independent Basic Service Set (IBSS). A peer-to-peer (P2P) network allows wireless devices to directly communicate with each other. Wireless devices within range of each other can discover and communicate directly without involving central access points. This method is typically used by two computers so that they can connect to each other to form a network. If a signal strength meter is used in this situation, it may not read the strength accurately and can be misleading, because it registers the strength of the strongest signal, which may be the closest computer. 802.11 specs define the physical layer (PHY) and MAC (Media Access Control) layers. However, unlike most other IEEE specs, 802.11 includes three alternative PHY standards: diffuse infrared operating at 1 Mbit/s in; frequency-hopping spread spectrum operating at 1 Mbit/s or 2 Mbit/s; and direct-sequence spread spectrum operating at 1 Mbit/s or 2 Mbit/s. A single 802.11 MAC standard is based on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). The 802.11 specification includes provisions designed to minimize collisions. Because two mobile units may both be in range of a common access point, but not in range of each other. The 802.11 has two basic modes of operation: Ad hoc mode enables peer-to-peer transmission between mobile units. Infrastructure mode in which mobile units communicate through an access point that serves as a bridge to a wired network infrastructure is the more common wireless LAN application the one being covered. Since wireless communication uses a more open medium for communication in comparison to wired LANs, the 802.11 designers also included shared-key encryption mechanisms: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA, WPA2), to secure wireless computer networks.

Bridge A bridge can be used to connect networks, typically of different types. A wireless Ethernet bridge allows the connection of devices on a wired Ethernet network to a wireless network. The bridge acts as the connection point to the Wireless LAN.

Wireless distribution system Main article: Wireless Distribution System

When it is difficult to connect all of the access points in a network by wires, it is also possible to put up access points as repeaters.

Roaming There are 2 definitions for wireless LAN roaming: •

Internal Roaming (1): The Mobile Station (MS) moves from one access point (AP) to another AP within a home network because the signal strength is too weak. An authentication server (RADIUS) assumes the re-authentication of MS via 802.1x (e.g. with PEAP). The billing of QoS is in the home network. A Mobile Station roaming from one access point to another often interrupts the flow of data between the Mobile Station and an application connected to the network. The Mobile Station, for instance, periodically monitors the presence of alternative access points (ones that will provide a better connection). At some point, based upon proprietary mechanisms, the Mobile Station decides to re-associate with an access point having a stronger wireless signal. The Mobile Station, however, may lose a connection with an access point before associating with another access point. In order to provide reliable connections with applications, the Mobile Station must generally include software that provides session persistence.[9]

•

External Roaming (2): The MS(client) moves into a WLAN of another Wireless Internet Service Provider (WISP) and takes their services (Hotspot). The user can independently of his home network use another foreign network, if this is open for visitors. There must be special authentication and billing systems for mobile services in a foreign network.[10]

(Not in syllabus)

2 Basic setup of wireless LAN 2.1 Kernel config To use wireless networking you need a wireless networking card and to configure the kernel with the appropriate wireless networking support. The latter is separated into multiple modules so that you need only configure the software you are actually going to use. The first thing you need is a wireless device. The most commonly used devices are those that use parts made by Atheros. These devices are supported by the ath driver and require the following modules: device ath driver

# Atheros IEEE 802.11 wireless network

device ath_hal

# Atheros Hardware Access Layer

device ath_rate_sample algorithm.

# John Bicket's SampleRate control

The Atheros driver is split up into three separate pieces: the driver proper (ath), the hardware support layer that handles chip-specific functions (ath_hal), and an algorithm for selecting which of several possible rates for transmitting frames (ath_rate_sample here). If instead of an Atheros device you had another device you would select the module for that device; e.g. device wi

for devices based on the Intersil Prism parts. With a device driver configured you need to also bring in the 802.11 networking support required by the driver. For the ath driver this is at least the wlan module: device wlan

# 802.11 support (Required)

Past this you will need the modules that implement cryptographic suport for the security protocols you intend to use. These are intended to be dynanmically loaded on demand by the wlan module but for now they must be statically configured. The following modules are available: device wlan_wep

# WEP crypto support for 802.11 devices

device wlan_ccmp devices

# AES-CCMP crypto support for 802.11

device wlan_tkip 802.11 devices

# TKIP and Michael crypto support for

wlan_ccmp and wlan_tkip are only needed if you intend to use the WPA and/or 802.11i security protocols. If your network is to run totally open (i.e. with no encryption) then you don't even need the wlan_wep support. Aside from the above modules there are two other modules that are needed only if you intend to operate an access point (AP) and plan to enable WPA/802.11i/802.1x. The wlan_xauth module is used to construct an authenticator based on the hostapd program; it delegates authentication requests for stations associating to an access point to an external agent (hostapd in this case). The wlan_acl module implements an access control mechanism whereby an AP can restrict the stations that associate based on their MAC address. Like WEP this is provided to discourage casual users from joining a network; in practice it provides little true security to a wireless network. In summary you might add one or both of the following to your configuration if you plan to build an access point: device wlan_xauth devices

# External authenticator support for 802.11

device wlan_acl

# MAC-based ACL support for 802.11 devices

With this information in the kernel configuration file, recompile the kernel and reboot your FreeBSD box (or load the modules using kldload in which case there is no need to reboot).

2.2 Load the wireless crypto support modules # vi /boot/loader.conf wlan_wep_load="YES" wlan_tkip_load="YES" wlan_ccmp_load="YES" wlan_xauth_load="YES" wlan_acl_load="YES"

Note: You may the choose the crypto services support you need: either to compile them in the kernel or to load the .ko modules. Please note that you need to configure those modules manually as the kernel is not yet able to dynamically load them on-demand. When the system is up, we could find some information about the device in the boot message, like this: ath0: mem 0xff9f0000-0xff9fffff irq 17 at device 2.0 on pci2 ath0: Ethernet address: 00:11:95:d5:43:62 ath0: mac 7.9 phy 4.5 radio 5.6

3 Infrastructure Mode 3.1 FreeBSD Clients 3.1.1 How to find the access points To scan for neighboring stations, use the ifconfig command. Only the super-user can initiate such a scan: # ifconfig ath0 up scan dlinkap

00:13:46:49:41:76

6

54M 29:0

100 EPS

WPA WME

freebsdap

00:11:95:c3:0d:ac

1

54M 22:0

100 EPS

WPA

Depending on the capabilities of the APs, the following flags can be included in the output: E Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network). I IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network). P Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others. S Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode). s Short slot time. Indicates that the network is using a short slot time.

list scan: Display the access points and/or ad-hoc neighbors located in the vicinity. This information may be updated automatically by the adaptor and/or with a ``scan'' request. ``list ap'' is another 3.1.2 Basic Settings This section provides a simple example of how to make the wireless network adapter work in FreeBSD without encryption. After you are familiar with these concepts, we strongly recommand using WPA to setup your wireless network. 3.1.2.1 DHCP

simply edit /etc/rc.conf and add: ifconfig_ath0="DHCP"

If there are multiple access points, you must set an ssid to locate one by name. ifconfig_ath0="ssid your_ssid_here DHCP"

Bring up the interface after the system is up: # /etc/rc.d/netif start 3.1.2.2 Static IP Address

try to set an IP address, if there's more than one wireless network, we need to specify the ssid # ifconfig ath0 inet 192.168.1.100 netmask 255.255.255.0 ssid your_ssid_here

Now, run ifconfig again to see the status of the interface ath0 # ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) status: associated

ssid dlinkap channel 6 bssid 00:13:46:49:41:76 authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

3.1.3 WPA WPA (Wi-Fi Protected Access) is basically TKIP + 802.1X. TKIP (Temporary Key Integrity Protocol) the part of 802.11i standard which is designed to fix the weakness of WEP and it can be used with the old 802.11 standard. RSN (WPA2) uses CCMP (Counter Mode with CBC-MAC Protocol) instead of TKIP. 3.1.3.1 WPA-PSK

A pre-shared key (PSK) will be generated from a given password and will be used as the master key in the wireless network. Warning: Always use strong passwords that are sufficiently long and made from a rich alphabet so they won't be guessed and/or attacked. # vi /etc/wpa_supplicant.conf

network={ ssid="freebsdap" psk="freebsdmall" } # vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ...

Then, let's bring up the interface: # /etc/rc.d/netif start Starting wpa_supplicant. DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 5

DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 6 DHCPOFFER from 192.168.0.1 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.1 bound to 192.168.0.254 -- renewal in 300 seconds. ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

Or you can try to configure it manually: Using the same /etc/wpa_supplicant.conf above, and run: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz) Associated with 00:11:95:c3:0d:ac WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=TKIP GTK=TKIP]

And run the dhclient command: # dhclient ath0 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.1 bound to 192.168.0.254 -- renewal in 300 seconds.

# ifconfig ath0

ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/48Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

Note: If the /etc/rc.conf is setup with: ifconfig_ath0="DHCP"

then it's no need to run the dhclient command manually, dhclient will be launched after wpa_supplicant plumbs the keys. And also, you can set an static IP address: # ifconfig ath0 inet 192.168.0.100 netmask 255.255.255.0

# ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

# route add default your_default_routeer

# echo "nameserver your_DNS_server" >> /etc/resolv.conf 3.1.3.2 EAP-TLS # vi /etc/wpa_supplicant.conf

network={ ssid="freebsdap" proto=RSN key_mgmt=WPA-EAP eap=TLS identity="loader" ca_cert="/etc/certs/cacert.pem" client_cert="/etc/certs/clientcert.pem" private_key="/etc/certs/clientkey.pem" private_key_passwd="freebsdmallclient" } # vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ... # /etc/rc.d/netif start Starting wpa_supplicant. DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.20 bound to 192.168.0.254 -- renewal in 300 seconds. ath0: flags=8843 mtu 1500

inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

We also can bring up the interface manually: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz) Associated with 00:11:95:c3:0d:ac WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP] # ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 # ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac bit

authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.1.3.3 EAP-TTLS # vi /etc/wpa_supplicant.conf

network={ ssid="freebsdap" proto=RSN key_mgmt=WPA-EAP eap=TTLS identity="test" password="test" ca_cert="/etc/certs/cacert.pem" phase2="auth=MD5" } # vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ... # /etc/rc.d/netif start Starting wpa_supplicant. DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.20 bound to 192.168.0.254 -- renewal in 300 seconds. ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac

bit

authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128txpowmax 36 protmode CTS roaming MANUAL bintval 100

We also can bring up the interface manually: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz) Associated with 00:11:95:c3:0d:ac WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP] # ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 # ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128bit txpowmax 36 protmode CTS roaming MANUAL bintval 100 3.1.3.4 EAP-PEAP # vi /etc/wpa_supplicant.conf

network={ ssid="freebsdap" proto=RSN key_mgmt=WPA-EAP eap=PEAP identity="test" password="test"

ca_cert="/etc/certs/cacert.pem" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } # vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ... # /etc/rc.d/netif start Starting wpa_supplicant. DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.20 bound to 192.168.0.254 -- renewal in 300 seconds. ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac bit

authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128txpowmax 36 protmode CTS roaming MANUAL bintval 100

We also can bring up the interface manually: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)

Associated with 00:11:95:c3:0d:ac EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP] # ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 # ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.1.4 WEP WEP (Wired Equivalent Privacy) is part of the original 802.11 standard. There is no authentication mechanism, only a weak form of access control, and it's easily to be cracked. First, please make sure “device wlan_wep” is compiled in the kernel or module “wlan_wep.ko” is loaded # ifconfig ath0 inet 192.168.1.100 netmask 255.255.255.0 ssid dlinkap \ wepmode on weptxkey 3 wepkey 3:0x3456789012 # ifconfig ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:11:95:d5:43:62

media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) status: associated ssid dlinkap channel 6 bssid 00:13:46:49:41:76 authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax

36

protmode CTS bintval 100 • The

“weptxkey” means which WEP key will be used in the transmission. Here we used the third key. • The “wepkey” means setting the selected WEP key. It should in the index:key format, If the index is not give, key 1 is set. That is to say we need to set the index if we use other keys rather than the first key. And wpa_supplicant also can be used to locate and configure access points which configured with WEP. Set it working like the example above: # vi /etc/wpa_supplicant.conf

network={ ssid="dlinkap" key_mgmt=NONE wep_key2=3456789012 wep_tx_keyidx=2 } # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf Trying to associate with 00:13:46:49:41:76 (SSID='dlinkap' freq=2437 MHz) Associated with 00:13:46:49:41:76

3.2 FreeBSD Host Access Points FreeBSD also can function as an Access Point, and now it supports WPA with the hostapd. 3.2.1 host-based access point:

The host side: # ifconfig ath0 inet 192.168.0.120 netmask 255.255.255.0 ssid freebsdap mode 11g mediaopt hostap # ifconfig ath0 ath0: flags=8843 mtu 1500 inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 ether 00:11:95:c3:0d:ac media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode OPEN privacy OFF txpowmax 36 protmode CTS dtimperiod 1 bintval 100

The client side: # ifconfig ath0 up scan SSID

BSSID

CHAN RATE

S:N

INT CAPS

freebsdap

00:11:95:c3:0d:ac

1

54M 19:0

100 ES

dlinkap WPA WME

00:13:46:49:41:76

6

54M 30:0

100 EPS

# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 ssid freebsdap # ifconfig -v ath0 ath0: flags=8843 mtu 1500 inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)

status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

3.2.2 WEP: The host side: # ifconfig ath0 inet 192.168.0.120 freebsdap \

netmask 255.255.255.0 ssid

wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap # ifconfig ath0 ath0: flags=8843 mtu 1500 inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 ether 00:11:95:c3:0d:ac media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100

The client side: # ifconfig ath0 up scan SSID

BSSID

CHAN RATE

S:N

INT CAPS

freebsdap

00:11:95:c3:0d:ac

1

54M 20:0

100 EPS

dlinkap WPA WME

00:13:46:49:41:76

6

54M 30:0

100 EPS

# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 ssid freebsdap \ wepmode on weptxkey 3 wepkey 1:0x3456789012

# ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36 protmode CTS roaming DEVICE bintval 100

3.2.3 WPA-PSK The host side: # vi /etc/hostapd.conf

interface=ath0 driver=bsd logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 debug=4 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=freebsdap wpa=1 wpa_passphrase=freebsdmall wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

And run: # /usr/sbin/hostapd /etc/hostapd.conf # ifconfig ath0 mediaopt hostap

The client side: # ifconfig ath0 up scan dlinkap WPA WME

00:13:46:49:41:76

6

54M 29:0

100 EPS

freebsdap WPA

00:11:95:c3:0d:ac

1

54M 22:0

100 EPS

# vi /etc/wpa_supplicant

network={ ssid="freebsdap" psk="freebsdmall" }

And run: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf

# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 # ifconfig -v ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac

authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 3:128-bit txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.2.4 EAP-TLS: ------ Should I add a section about generating the SSL keys/certificates? ----# vi /etc/hostapd.conf

interface=ath0 driver=bsd logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 debug=4 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=freebsdap ieee8021x=1 own_ip_addr=127.0.0.1 auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=freebsdmallradius wpa=2 wpa_key_mgmt=WPA-EAP wpa_pairwise=CCMP TKIP

I installed net/freeradius and it's running on the same host. # vi /usr/local/etc/raddb/clients.conf

client 127.0.0.1 {

secret= freebsdmallradius shortname= localhost } # vi /usr/local/etc/raddb/users

"loader"

Auth-Type := EAP

# vi /usr/local/etc/raddb/eap.conf

eap { default_eap_type = tls timer_expire

= 60

ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = freebsdmallserver private_key_file = /home/loader/radius/serverkey.pem certificate_file = /home/loader/radius/servercert.pem CA_file = /home/loader/radius/CA_nlab/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 } mschapv2 { } }

# /usr/local/etc/rc.d/radiusd.sh start # hostapd /etc/hostapd-eap-tls.conf

# ifconfig ath0 mediaopt hostap # ifconfig ath0 ath0: flags=8843 mtu 2290 inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:c3:0d:ac media: IEEE 802.11 Wireless Ethernet autoselect <:hostap> (autoselect ) status: associated ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit txpowmax 0 protmode CTS dtimperiod 1 bintval 100

On the client side: # wpa_supplicant -d -K -i ath0 -c /etc/wpa_supplicant.conf

3.2.5 EAP-TTLS Using the same /etc/hostapd.conf in the EPA-TLS section. # vi /usr/local/etc/raddb/eap.conf

eap { default_eap_type = ttls timer_expire

= 60

ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 {

} leap { } gtc { auth_type = PAP } tls { private_key_password = freebsdmallserver private_key_file = /home/loader/radius/serverkey.pem certificate_file = /home/loader/radius/servercert.pem CA_file = /home/loader/radius/CA_nlab/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 } ttls { default_eap_type = md5

} mschapv2 { } } # vi /usr/local/etc/raddb/users

"test" User-Password == "test" # hostapd /etc/hostapd.conf

The client side: # wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf

3.2.6 EAP-PEAP The host side:

Using the same /etc/hostapd.conf in the EPA-TLS section. # vi /usr/local/etc/raddb/eap.conf

eap { default_eap_type = peap timer_expire

= 60

ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = freebsdmallserver private_key_file = /home/loader/radius/serverkey.pem certificate_file = /home/loader/radius/servercert.pem CA_file = /home/loader/radius/CA_nlab/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 }

peap { default_eap_type = mschapv2 } mschapv2 { } }

/usr/local/etc/raddb/users: # vi /usr/local/etc/raddb/users

"test" User-Password == "test" # hostapd /etc/hostapd.conf

The client side: # wpa_supplicant -d -i ath0 -c /etc/wpa_supplicant.conf

4 Ad-hoc mode On the box A: # ifconfig ath0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc

# ifconfig ath0 ath0: flags=8843 mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 ether 00:11:95:c3:0d:ac media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) status: associated ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

On the box B: # ifconfig ath0 up scan SSID

BSSID

dlinkap WME

00:13:46:49:41:76

CHAN RATE 6

S:N

54M 30:0

INT CAPS 100 EPS

freebsdap

02:11:95:c3:0d:ac

2

54M 19:0

100 IS

# ifconfig ath0 inet 192.168.0.2 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc

# ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:11:95:d5:43:62 media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) status: associated ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

5 Troubleshooting If you are having trouble with wireless networking, there are a number of steps you can take to help troubleshoot the problem. • First,

try running wpa_supplicant and/or hostapd with the “-dd” option. • You can also try running the 80211debug and 80211stats tools in /usr/src/tools/tools/ath. For example: • # ./80211debug +state +auth +debug +assoc +xrate +power +scan +wme • net.wlan.0.debug: 0xc80000 => 0x44ec0400<debug,xrate,assoc,auth,scan,state,power, wme>

If the above information does not help clarify the problem, please submit a problem report and include output from the above tools.