[Wolves] secure wireless network

Mon Oct 17 22:38:15 BST 2005

On Mon, 2005-10-17 at 18:40 +0100, Ade wrote:
> I was going to mention WPA but then I realised that there is
> practically no support in Linux for it unfortunatley (not sure why),
> certainly not that Im aware of - feel free to correct me
> 

There's wpa_supplicant, with which I've been able to connect to a
Linksys router using WPA. It isn't nearly at the point and click stage,
but the support is there - all the way up to EAP/802.11x/WPA2
authentication.

Here's a cut-n-paste of an email to SB from January
(NB The ipw2100 is probably no longer necessary)

Wifi isn't the most secure of technologies, currently for the home user 
WPA (Wifi Protected Access) is the least weak. It replaces the former 
and broken link layer encryption scheme. If you're willing to accept
the 
known flaws WEP can be used out the box with Ubuntu (and I presume most 
others) including simple GUI configuration.

Current Linux support for WPA is through wpa_supplicant[1]. SuSE 9.2 is 
the only distro if which I'm aware which integrates it and is would be 
functional out the box (configuration is through Yast. For the rest of 
us, it's compile and configure manually. Driver support is necessary, 
recent Prism, Centrino (aka ipw2100 [2], what I have), Ndis wrappers
and 
others have this.

WPA has multiple modes and algorithems WPA-PSK (WPA Pre Shared Key,  
aka  adhoc mode) is most common outside corporate environments,  each 
node is configured with a shared passphrase which is used to 
authenticate and setup encryption. WPA-PSK supports TKIP and AES 
encryption - TKIP is less secure and more widely supported (hence more 
common) AES should be secure and fairly rare. EAP is a 
corporate/enterprise alternative to WPA-PSK requiring additional 
authentication servers and client side auth/crypt facilities.

WPA-PSK with TKIP is the default for Windows XP and wpa_supplicant,
I've 
chosen these.

I won't rewrite the Ubuntu WPA Howto [3], but the basic steps I took
were:
Download the latest wpa_supplicant and wifi drivers + firmware 
(ipw2100-1.0.2, ipw2100-fw-1.3).
Unpack, compile and install the drivers (make; sudo make install)
Unpack the firmware (to /usr/lib/hotplug/firmware), unpack 
wpa_supplicant, create .config, run configure and make.
Copy the wpa_supplicant, wpa_cli executables /usr/local/bin
Create /etc/wpa_supplicant.conf to include wireless network name
(ESSID) 
and passphrase (WPA-PSK)
Run wpa_supplicant (/usr/local/vbin/wpa_supplicant -ieth1 
-c/etc/wpa_supplicant.conf -dd to connect and see any debug output
Run dhclient or configure an ip address manually

The trouble I ran into was failure during the encryption negotiation 
phase, caused by a bug in the latest ipw2100 drivers. A patch [4] is 
available on the project website which has resolved the problem and 
allows my laptop to complete a wireless connection with WPA.

One tip for anyone wishing to try this, before trying to setup crypto, 
check your drivers are functioning by scanning for access points with 
the command 'iwlist <interface> scan' where <interface> is the name of 
your wifi adaptor (eg eth1, wlan0).

Once wpa_supplicant is connected the wireless monitor applet that comes 
with Gnome 2.8/Ubuntu 4.10 displays signal strength right click the bar 
and open 'Add Applet'.

If anyone's interested, I'm happy to answer any questions, if I can.

Regards

Alex

[1] http://hostap.epitest.fi/wpa_supplicant/
[2] http://ipw2100.sourceforge.net
[3] http://www.ubuntulinux.org/wiki/WPAHowto
[4]
http://ipw2100.sourceforge.net/patches/ipw2100-1.0.2-set_security.patch