Update the WPA-PSK access point section at Mark Felder's request, who
supplied the ifconfig output. Also update some of the defaults and suggestions for the current era: WPA2 and CCMP/AES. Submitted by: Mark Felder <feld@FreeBSD.org> Reviewed by: adrian Differential Revision:
This commit is contained in:
Warren Block
parent
10f5081088
commit
fc3990a3b4
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=46911
1 changed files with 57 additions and 53 deletions
|
|
@ -1935,11 +1935,11 @@ freebsdap 00:11:95:c3:0d:ac 1 54M -66:-96 100 ES WME</screen>
|
|||
roam:rate 5 protmode CTS wme burst</screen>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title><acronym>WPA</acronym> Host-based Access Point</title>
|
||||
<sect3 xml:id="network-wireless-ap-wpa">
|
||||
<title><acronym>WPA2</acronym> Host-based Access Point</title>
|
||||
|
||||
<para>This section focuses on setting up a &os;
|
||||
<acronym>AP</acronym> using the <acronym>WPA</acronym>
|
||||
access point using the <acronym>WPA2</acronym>
|
||||
security protocol. More details regarding
|
||||
<acronym>WPA</acronym> and the configuration of
|
||||
<acronym>WPA</acronym>-based wireless clients can be found
|
||||
|
|
@ -1947,13 +1947,13 @@ freebsdap 00:11:95:c3:0d:ac 1 54M -66:-96 100 ES WME</screen>
|
|||
|
||||
<para>The &man.hostapd.8; daemon is used to deal with client
|
||||
authentication and key management on the
|
||||
<acronym>WPA</acronym>-enabled <acronym>AP</acronym>.</para>
|
||||
<acronym>WPA2</acronym>-enabled <acronym>AP</acronym>.</para>
|
||||
|
||||
<para>The following configuration operations are performed
|
||||
on the &os; machine acting as the <acronym>AP</acronym>.
|
||||
Once the <acronym>AP</acronym> is correctly working,
|
||||
&man.hostapd.8; should be automatically enabled at boot
|
||||
with the following line in
|
||||
&man.hostapd.8; can be automatically started at boot
|
||||
with this line in
|
||||
<filename>/etc/rc.conf</filename>:</para>
|
||||
|
||||
<programlisting>hostapd_enable="YES"</programlisting>
|
||||
|
|
@ -1963,95 +1963,95 @@ freebsdap 00:11:95:c3:0d:ac 1 54M -66:-96 100 ES WME</screen>
|
|||
linkend="network-wireless-ap-basic"/>.</para>
|
||||
|
||||
<sect4>
|
||||
<title><acronym>WPA-PSK</acronym></title>
|
||||
<title><acronym>WPA2-PSK</acronym></title>
|
||||
|
||||
<para><acronym>WPA-PSK</acronym> is intended for small
|
||||
<para><acronym>WPA2-PSK</acronym> is intended for small
|
||||
networks where the use of a backend authentication server
|
||||
is not possible or desired.</para>
|
||||
|
||||
<para>The configuration is done in
|
||||
<filename>/etc/hostapd.conf</filename>:</para>
|
||||
|
||||
<programlisting>interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/>
|
||||
debug=1 <co xml:id="co-ap-wpapsk-dbug"/>
|
||||
ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/>
|
||||
ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/>
|
||||
ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/>
|
||||
wpa=1 <co xml:id="co-ap-wpapsk-wpa"/>
|
||||
wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/>
|
||||
wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/>
|
||||
wpa_pairwise=CCMP TKIP <co xml:id="co-ap-wpapsk-pwise"/></programlisting>
|
||||
<programlisting>interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/>
|
||||
debug=1 <co xml:id="co-ap-wpapsk-dbug"/>
|
||||
ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/>
|
||||
ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/>
|
||||
ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/>
|
||||
wpa=2 <co xml:id="co-ap-wpapsk-wpa"/>
|
||||
wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/>
|
||||
wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/>
|
||||
wpa_pairwise=CCMP <co xml:id="co-ap-wpapsk-pwise"/></programlisting>
|
||||
|
||||
<calloutlist>
|
||||
<callout arearefs="co-ap-wpapsk-iface">
|
||||
<para>This field indicates the wireless interface used
|
||||
for the <acronym>AP</acronym>.</para>
|
||||
<para>Wireless interface used
|
||||
for the access point.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-dbug">
|
||||
<para>This field sets the level of verbosity during the
|
||||
<para>Level of verbosity used during the
|
||||
execution of &man.hostapd.8;. A value of
|
||||
<literal>1</literal> represents the minimal
|
||||
level.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-ciface">
|
||||
<para>The <literal>ctrl_interface</literal> field gives
|
||||
the pathname of the directory used by &man.hostapd.8;
|
||||
to store its domain socket files for the communication
|
||||
<para>Pathname of the directory used by &man.hostapd.8;
|
||||
to store domain socket files for communication
|
||||
with external programs such as &man.hostapd.cli.8;.
|
||||
The default value is used in this example.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-cifacegrp">
|
||||
<para>The <literal>ctrl_interface_group</literal> line
|
||||
sets the group which is allowed to access the control
|
||||
<para>The group allowed to access the control
|
||||
interface files.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-ssid">
|
||||
<para>This field sets the network name.</para>
|
||||
<para>The wireless network name, or
|
||||
<acronym>SSID</acronym>, that will appear in wireless
|
||||
scans.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-wpa">
|
||||
<para>The <literal>wpa</literal> field enables
|
||||
<acronym>WPA</acronym> and specifies which
|
||||
<para>Enable
|
||||
<acronym>WPA</acronym> and specify which
|
||||
<acronym>WPA</acronym> authentication protocol will
|
||||
be required. A value of <literal>1</literal>
|
||||
be required. A value of <literal>2</literal>
|
||||
configures the <acronym>AP</acronym> for
|
||||
<acronym>WPA-PSK</acronym>.</para>
|
||||
<acronym>WPA2</acronym> and is recommended.
|
||||
Set to <literal>1</literal> only if the obsolete
|
||||
<acronym>WPA</acronym> is required.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-pass">
|
||||
<para>The <literal>wpa_passphrase</literal> field
|
||||
contains the ASCII passphrase for
|
||||
<para>ASCII passphrase for
|
||||
<acronym>WPA</acronym> authentication.</para>
|
||||
|
||||
<warning>
|
||||
<para>Always use strong passwords that are
|
||||
sufficiently long and made from a rich alphabet so
|
||||
<para>Always use strong passwords that are at least
|
||||
8 characters long and made from a rich alphabet so
|
||||
that they will not be easily guessed or
|
||||
attacked.</para>
|
||||
</warning>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-kmgmt">
|
||||
<para>The <literal>wpa_key_mgmt</literal> line refers
|
||||
to the key management protocol to use. This example
|
||||
<para>The
|
||||
key management protocol to use. This example
|
||||
sets <acronym>WPA-PSK</acronym>.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ap-wpapsk-pwise">
|
||||
<para>The <literal>wpa_pairwise</literal> field
|
||||
indicates the set of accepted encryption algorithms by
|
||||
the <acronym>AP</acronym>. In this example, both
|
||||
<acronym>TKIP</acronym> (<acronym>WPA</acronym>) and
|
||||
<acronym>CCMP</acronym> (<acronym>WPA2</acronym>)
|
||||
ciphers are accepted. The <acronym>CCMP</acronym>
|
||||
cipher is an alternative to <acronym>TKIP</acronym>
|
||||
<para>Encryption algorithms accepted by
|
||||
the access point. In this example, only
|
||||
the
|
||||
<acronym>CCMP</acronym> (<acronym>AES</acronym>)
|
||||
cipher is accepted. <acronym>CCMP</acronym>
|
||||
is an alternative to <acronym>TKIP</acronym>
|
||||
and is strongly preferred when possible.
|
||||
<acronym>TKIP</acronym> should be used solely for
|
||||
stations incapable of doing
|
||||
<acronym>TKIP</acronym> should be allowed only when
|
||||
there are stations incapable of using
|
||||
<acronym>CCMP</acronym>.</para>
|
||||
</callout>
|
||||
</calloutlist>
|
||||
|
|
@ -2061,14 +2061,18 @@ wpa_pairwise=CCMP TKIP <co xml:id="co-ap-wpapsk-pwise"/></programlisting>
|
|||
<screen>&prompt.root; <userinput>service hostapd forcestart</userinput></screen>
|
||||
|
||||
<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
|
||||
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290
|
||||
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
|
||||
inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
|
||||
ether 00:11:95:c3:0d:ac
|
||||
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
|
||||
status: associated
|
||||
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
|
||||
authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen>
|
||||
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
|
||||
ether 04:f0:21:16:8e:10
|
||||
inet6 fe80::6f0:21ff:fe16:8e10%wlan0 prefixlen 64 scopeid 0x9
|
||||
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
|
||||
media: IEEE 802.11 Wireless Ethernet autoselect mode 11na <hostap>
|
||||
status: running
|
||||
ssid No5ignal channel 36 (5180 MHz 11a ht/40+) bssid 04:f0:21:16:8e:10
|
||||
country US ecm authmode WPA2/802.11i privacy MIXED deftxkey 2
|
||||
AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 17 mcastrate 6 mgmtrate 6
|
||||
scanvalid 60 ampdulimit 64k ampdudensity 8 shortgi wme burst
|
||||
dtimperiod 1 -dfs
|
||||
groups: wlan</screen>
|
||||
|
||||
<para>Once the <acronym>AP</acronym> is running, the
|
||||
clients can associate with it. See <xref
|
||||
|
|
|
|||
Loading…
Reference in a new issue