mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 06:33:41 +00:00
615a4d1e45
The wifi-iface actually supports an undocumented option to choose whether to treat a passphrase as a text passphrase or an encoded passphrase (like encoded by the wpa_passphrase utility). This patch documents that functionality. Signed-off-by: Warren Turkal <wt@penguintechs.org> SVN-Revision: 17712
493 lines
14 KiB
TeX
493 lines
14 KiB
TeX
The WiFi settings are configured in the file \texttt{/etc/config/wireless}
|
|
(currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
|
|
it should detect your card and create a sample configuration file. By default '\texttt{option network lan}' is
|
|
commented. This prevents unsecured sharing of the network over the wireless interface.
|
|
|
|
Each wireless driver has its own configuration script in \texttt{/lib/wifi/driver\_name.sh} which handles
|
|
driver specific options and configurations. This script is also calling driver specific binaries like wlc for
|
|
Broadcom, or hostapd and wpa\_supplicant for atheros and mac80211.
|
|
|
|
The reason for using such architecture, is that it abstracts the driver configuration.
|
|
|
|
\paragraph{Generic Broadcom wireless config:}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device "wl0"
|
|
option type "broadcom"
|
|
option channel "5"
|
|
|
|
config wifi-iface
|
|
option device "wl0"
|
|
# option network lan
|
|
option mode "ap"
|
|
option ssid "OpenWrt"
|
|
option hidden "0"
|
|
option encryption "none"
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Generic Atheros wireless config:}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device "wifi0"
|
|
option type "atheros"
|
|
option channel "5"
|
|
option hwmode "11g"
|
|
|
|
config wifi-iface
|
|
option device "wifi0"
|
|
# option network lan
|
|
option mode "ap"
|
|
option ssid "OpenWrt"
|
|
option hidden "0"
|
|
option encryption "none"
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Generic mac80211 wireless config:}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device "wifi0"
|
|
option type "mac80211"
|
|
option channel "5"
|
|
|
|
config wifi-iface
|
|
option device "wlan0"
|
|
# option network lan
|
|
option mode "ap"
|
|
option ssid "OpenWrt"
|
|
option hidden "0"
|
|
option encryption "none"
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Generic multi-radio Atheros wireless config:}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device wifi0
|
|
option type atheros
|
|
option channel 1
|
|
|
|
config wifi-iface
|
|
option device wifi0
|
|
# option network lan
|
|
option mode ap
|
|
option ssid OpenWrt_private
|
|
option hidden 0
|
|
option encryption none
|
|
|
|
config wifi-device wifi1
|
|
option type atheros
|
|
option channel 11
|
|
|
|
config wifi-iface
|
|
option device wifi1
|
|
# option network lan
|
|
option mode ap
|
|
option ssid OpenWrt_public
|
|
option hidden 1
|
|
option encryption none
|
|
\end{Verbatim}
|
|
|
|
There are two types of config sections in this file. The '\texttt{wifi-device}' refers to
|
|
the physical wifi interface and '\texttt{wifi-iface}' configures a virtual interface on top
|
|
of that (if supported by the driver).
|
|
|
|
A full outline of the wireless configuration file with description of each field:
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device wifi device name
|
|
option type broadcom, atheros, mac80211
|
|
option country us, uk, fr, de, etc.
|
|
option channel 1-14
|
|
option maxassoc 1-128 (broadcom only)
|
|
option distance 1-n (meters)
|
|
option hwmode 11b, 11g, 11a, 11bg (atheros, mac80211)
|
|
option rxantenna 0,1,2 (atheros, broadcom)
|
|
option txantenna 0,1,2 (atheros, broadcom)
|
|
option txpower transmission power in dBm
|
|
|
|
config wifi-iface
|
|
option network the interface you want wifi to bridge with
|
|
option device wifi0, wifi1, wifi2, wifiN
|
|
option mode ap, sta, adhoc, monitor, mesh, or wds
|
|
option txpower (deprecated) transmission power in dBm
|
|
option ssid ssid name
|
|
option bssid bssid address
|
|
option encryption none, wep, psk, psk2, wpa, wpa2
|
|
option key encryption key
|
|
option key1 key 1
|
|
option key2 key 2
|
|
option key3 key 3
|
|
option key4 key 4
|
|
option passphrase 0,1
|
|
option server ip address
|
|
option port port
|
|
option hidden 0,1
|
|
option isolate 0,1 (broadcom)
|
|
option doth 0,1 (atheros, broadcom)
|
|
option wmm 0,1 (atheros, broadcom)
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Options for the \texttt{wifi-device}:}
|
|
|
|
\begin{itemize}
|
|
\item \texttt{type} \\
|
|
The driver to use for this interface.
|
|
|
|
\item \texttt{country} \\
|
|
The country code used to determine the regulatory settings.
|
|
|
|
\item \texttt{channel} \\
|
|
The wifi channel (e.g. 1-14, depending on your country setting).
|
|
|
|
\item \texttt{maxassoc} \\
|
|
Optional: Maximum number of associated clients. This feature is supported only on the Broadcom chipsets.
|
|
|
|
\item \texttt{distance} \\
|
|
Optional: Distance between the ap and the furthest client in meters. This feature is supported only on the Atheros chipsets.
|
|
|
|
\item \texttt{mode} \\
|
|
The frequency band (\texttt{b}, \texttt{g}, \texttt{bg}, \texttt{a}). This feature is only supported on the Atheros chipsets.
|
|
|
|
\item \texttt{diversity} \\
|
|
Optional: Enable diversity for the Wi-Fi device. This feature is supported only on the Atheros chipsets.
|
|
|
|
\item \texttt{rxantenna} \\
|
|
Optional: Antenna identifier (0, 1 or 2) for reception. This feature is supported by Atheros and some Broadcom chipsets.
|
|
|
|
\item \texttt{txantenna} \\
|
|
Optional: Antenna identifier (0, 1 or 2) for emission. This feature is supported by Atheros and some Broadcom chipsets.
|
|
|
|
\item \texttt{txpower}
|
|
Set the transmission power to be used. The amount is specified in dBm.
|
|
|
|
\end{itemize}
|
|
|
|
\paragraph{Options for the \texttt{wifi-iface}:}
|
|
|
|
\begin{itemize}
|
|
\item \texttt{network} \\
|
|
Selects the interface section from \texttt{/etc/config/network} to be
|
|
used with this interface
|
|
|
|
\item \texttt{device} \\
|
|
Set the wifi device name.
|
|
|
|
\item \texttt{mode} \\
|
|
Operating mode:
|
|
|
|
\begin{itemize}
|
|
\item \texttt{ap} \\
|
|
Access point mode
|
|
|
|
\item \texttt{sta} \\
|
|
Client mode
|
|
|
|
\item \texttt{adhoc} \\
|
|
Ad-Hoc mode
|
|
|
|
\item \texttt{monitor} \\
|
|
Monitor mode
|
|
|
|
\item \texttt{mesh} \\
|
|
Mesh Point mode (802.11s)
|
|
|
|
\item \texttt{wds} \\
|
|
WDS point-to-point link
|
|
|
|
\end{itemize}
|
|
|
|
\item \texttt{ssid}
|
|
Set the SSID to be used on the wifi device.
|
|
|
|
\item \texttt{bssid}
|
|
Set the BSSID address to be used for wds to set the mac address of the other wds unit.
|
|
|
|
\item \texttt{txpower}
|
|
(Deprecated, set in wifi-device) Set the transmission power to be used. The amount is specified in dBm.
|
|
|
|
\item \texttt{encryption} \\
|
|
Encryption setting. Accepts the following values:
|
|
|
|
\begin{itemize}
|
|
\item \texttt{none}
|
|
\item \texttt{wep}
|
|
\item \texttt{psk}, \texttt{psk2} \\
|
|
WPA(2) Pre-shared Key
|
|
|
|
\item \texttt{wpa}, \texttt{wpa2} \\
|
|
WPA(2) RADIUS
|
|
\end{itemize}
|
|
|
|
\item \texttt{key, key1, key2, key3, key4} (wep, wpa and psk) \\
|
|
WEP key, WPA key (PSK mode) or the RADIUS shared secret (WPA RADIUS mode)
|
|
|
|
\item \texttt{passphrase} (wpa) \\
|
|
0 treats the wpa psk as a text passphrase; 1 treats wpa psk as
|
|
encoded passphrase. You can generate an encoded passphrase with
|
|
the wpa\_passphrase utility. This is especially useful if your
|
|
passphrase contains special characters. This option only works
|
|
when using mac80211 or atheros type devices.
|
|
|
|
\item \texttt{server} (wpa) \\
|
|
The RADIUS server ip address
|
|
|
|
\item \texttt{port} (wpa) \\
|
|
The RADIUS server port (defaults to 1812)
|
|
|
|
\item \texttt{hidden} \\
|
|
0 broadcasts the ssid; 1 disables broadcasting of the ssid
|
|
|
|
\item \texttt{isolate} \\
|
|
Optional: Isolation is a mode usually set on hotspots that limits the clients to communicate only with the AP and not with other wireless clients.
|
|
0 disables ap isolation (default); 1 enables ap isolation.
|
|
|
|
\item \texttt{doth} \\
|
|
Optional: Toggle 802.11h mode.
|
|
0 disables 802.11h (default); 1 enables it.
|
|
|
|
\item \texttt{wmm} \\
|
|
Optional: Toggle 802.11e mode.
|
|
0 disables 802.11e (default); 1 enables it.
|
|
|
|
\end{itemize}
|
|
|
|
\paragraph{Mesh Point}
|
|
|
|
Mesh Point (802.11s) is only supported by some mac80211 drivers. It requires the iw package
|
|
to be installed to setup mesh links. OpenWrt creates mshN mesh point interfaces. A sample
|
|
configuration looks like this:
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device "wlan0"
|
|
option type "mac80211"
|
|
option channel "5"
|
|
|
|
config wifi-iface
|
|
option device "wlan0"
|
|
option network lan
|
|
option mode "mesh"
|
|
option mesh_id "OpenWrt"
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Wireless Distribution System}
|
|
|
|
WDS is a non-standard mode which will be working between two Broadcom devices for instance
|
|
but not between a Broadcom and Atheros device.
|
|
|
|
\subparagraph{Unencrypted WDS connections}
|
|
|
|
This configuration example shows you how to setup unencrypted WDS connections.
|
|
We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
|
|
and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device "wl0"
|
|
option type "broadcom"
|
|
option channel "5"
|
|
|
|
config wifi-iface
|
|
option device "wl0"
|
|
option network lan
|
|
option mode "ap"
|
|
option ssid "OpenWrt"
|
|
option hidden "0"
|
|
option encryption "none"
|
|
|
|
config wifi-iface
|
|
option device "wl0"
|
|
option network lan
|
|
option mode wds
|
|
option ssid "OpenWrt WDS"
|
|
option bssid "ca:fe:ba:be:00:02"
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{Encrypted WDS connections}
|
|
|
|
It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
|
|
\texttt{psk+psk2} modes are supported. Configuration below is an example
|
|
configuration using Pre-Shared-Keys with AES algorithm.
|
|
|
|
\begin{Verbatim}
|
|
config wifi-device wl0
|
|
option type broadcom
|
|
option channel 5
|
|
|
|
config wifi-iface
|
|
option device "wl0"
|
|
option network lan
|
|
option mode ap
|
|
option ssid "OpenWrt"
|
|
option encryption psk2
|
|
option key "<key for clients>"
|
|
|
|
config wifi-iface
|
|
option device "wl0"
|
|
option network lan
|
|
option mode wds
|
|
option bssid ca:fe:ba:be:00:02
|
|
option ssid "OpenWrt WDS"
|
|
option encryption psk2
|
|
option key "<psk for WDS>"
|
|
\end{Verbatim}
|
|
|
|
\paragraph{802.1x configurations}
|
|
|
|
OpenWrt supports both 802.1x client and Access Point
|
|
configurations. 802.1x client is only working with
|
|
drivers supported by wpa-supplicant. Configuration
|
|
only supports EAP types TLS, TTLS or PEAP.
|
|
|
|
\subparagraph{EAP-TLS}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-iface
|
|
option device "ath0"
|
|
option network lan
|
|
option ssid OpenWrt
|
|
option eap_type tls
|
|
option ca_cert "/etc/config/certs/ca.crt"
|
|
option priv_key "/etc/config/certs/priv.crt"
|
|
option priv_key_pwd "PKCS#12 passphrase"
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{EAP-PEAP}
|
|
|
|
\begin{Verbatim}
|
|
config wifi-iface
|
|
option device "ath0"
|
|
option network lan
|
|
option ssid OpenWrt
|
|
option eap_type peap
|
|
option ca_cert "/etc/config/certs/ca.crt"
|
|
option auth MSCHAPV2
|
|
option identity username
|
|
option password password
|
|
\end{Verbatim}
|
|
|
|
\paragraph{Limitations:}
|
|
|
|
There are certain limitations when combining modes.
|
|
Only the following mode combinations are supported:
|
|
|
|
\begin{itemize}
|
|
\item \textbf{Broadcom}: \\
|
|
\begin{itemize}
|
|
\item 1x \texttt{sta}, 0-3x \texttt{ap}
|
|
\item 1-4x \texttt{ap}
|
|
\item 1x \texttt{adhoc}
|
|
\item 1x \texttt{monitor}
|
|
\end{itemize}
|
|
|
|
WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
|
|
settings with the master interface, which is done automatically).
|
|
|
|
\item \textbf{Atheros}: \\
|
|
\begin{itemize}
|
|
\item 1x \texttt{sta}, 0-Nx \texttt{ap}
|
|
\item 1-Nx \texttt{ap}
|
|
\item 1x \texttt{adhoc}
|
|
\end{itemize}
|
|
|
|
N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
|
|
changed by loading the module with the maxvaps=N parameter.
|
|
\end{itemize}
|
|
|
|
\paragraph{Adding a new driver configuration}
|
|
|
|
Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
|
|
you might be interested in adding support for another driver like Ralink RT2x00,
|
|
Texas Instruments ACX100/111.
|
|
|
|
The driver specific script should be placed in \texttt{/lib/wifi/<driver>.sh} and has to
|
|
include several functions providing :
|
|
|
|
\begin{itemize}
|
|
\item detection of the driver presence
|
|
\item enabling/disabling the wifi interface(s)
|
|
\item configuration reading and setting
|
|
\item third-party programs calling (nas, supplicant)
|
|
\end{itemize}
|
|
|
|
Each driver script should append the driver to a global DRIVERS variable :
|
|
|
|
\begin{Verbatim}
|
|
append DRIVERS "driver name"
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{\texttt{scan\_<driver>}}
|
|
|
|
This function will parse the \texttt{/etc/config/wireless} and make sure there
|
|
are no configuration incompatibilities, like enabling hidden SSIDS with ad-hoc mode
|
|
for instance. This can be more complex if your driver supports a lof of configuration
|
|
options. It does not change the state of the interface.
|
|
|
|
Example:
|
|
\begin{Verbatim}
|
|
scan_dummy() {
|
|
local device="$1"
|
|
|
|
config_get vifs "$device" vifs
|
|
for vif in $vifs; do
|
|
# check config consistency for wifi-iface sections
|
|
done
|
|
# check mode combination
|
|
}
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{\texttt{enable\_<driver>}}
|
|
|
|
This function will bring up the wifi device and optionally create application specific
|
|
configuration files, e.g. for the WPA authenticator or supplicant.
|
|
|
|
Example:
|
|
\begin{Verbatim}
|
|
enable_dummy() {
|
|
local device="$1"
|
|
|
|
config_get vifs "$device" vifs
|
|
for vif in $vifs; do
|
|
# bring up virtual interface belonging to
|
|
# the wifi-device "$device"
|
|
done
|
|
}
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{\texttt{disable\_<driver>}}
|
|
|
|
This function will bring down the wifi device and all its virtual interfaces (if supported).
|
|
|
|
Example:
|
|
\begin{Verbatim}
|
|
disable_dummy() {
|
|
local device="$1"
|
|
|
|
# bring down virtual interfaces belonging to
|
|
# "$device" regardless of whether they are
|
|
# configured or not. Don't rely on the vifs
|
|
# variable at this point
|
|
}
|
|
\end{Verbatim}
|
|
|
|
\subparagraph{\texttt{detect\_<driver>}}
|
|
|
|
This function looks for interfaces that are usable with the driver. Template config sections
|
|
for new devices should be written to stdout. Must check for already existing config sections
|
|
belonging to the interfaces before creating new templates.
|
|
|
|
Example:
|
|
\begin{Verbatim}
|
|
detect_dummy() {
|
|
[ wifi-device = "$(config_get dummydev type)" ] && return 0
|
|
cat <<EOF
|
|
config wifi-device dummydev
|
|
option type dummy
|
|
# REMOVE THIS LINE TO ENABLE WIFI:
|
|
option disabled 1
|
|
|
|
config wifi-iface
|
|
option device dummydev
|
|
option mode ap
|
|
option ssid OpenWrt
|
|
EOF
|
|
}
|
|
\end{Verbatim}
|