Monday, September 10, 2012

Wireless 802.11 virtual access point on Linux.

 
     Notebook, desktop computer, smartphone, another notebook and only one wire by Internet provider. How to make all these devices to have an access to a global net from my home? Frankly, time to time I connected them to each other over ad-hoc wireless but it isn't a good way yet. First at all, ad-hoc supports only weak WEP encryption ( just imagine how my neighbors would laugh watching at my wifi station with WEP security while others keep WAP2 only) and secondly Android doesn't recognized ad-hoc. Therefore I need wireless Access Point to share Internet across my devices.

This story I will explain how to install AP on ASUS notebook N73S, AR9285 wireless adapter on Linux Debian wheezy/sid release. As a client I will use  smartphone GSmart G1310 with Android 2.2.

1. First at all, let's check PCI bus to find out the device:
# lspci | grep AR9285
03:00.0 Network controller: Atheros Communications Inc. AR9285 Wireless Network Adapter (PCI-Express) (rev 01)

2. Next, let's make Linux kernel to see the wireless network card. On the my case I have the following options turned on:
Networking support->Wireless->cfg80211-wireless configuration API [CONFIG_CFG80211]
Networking support->Wireless->Generic IEEE 802.11 Networking Stack [CONFIG_MAC80211]
Device drivers->Network device support->Wireless LAN->Atheros Wireless Cards->Atheros 802.11n wireless card support [CONFIG_ATH9K]

3. Check whether Ath9k kernel modules has been installed for the device
# dmesg | grep ath9k
[ 7.937533] ath9k 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 7.937545] ath9k 0000:03:00.0: setting latency timer to 64
[ 8.033245] ieee80211 phy0: Selected rate control algorithm 'ath9k_rate_control'
[ 8.033657] Registered led device: ath9k-phy0

4. At this step we need wireless-tools to be installed. We will not use them during the setup but it may be helpful to check the status of the device. The next package wpasupplicant is needed to generate WPA2 PSK key.
#apt-get install wireless-tools wpasupplicant

5. Let's check that Linux has recognized the wireless card and it's available to use
# iwconfig
wlan0 IEEE 802.11bgn Mode:Master Frequency:2.437 GHz Tx-Power=16 dBm

6. Now the time of hostapd. It is available in Debian but to get better compatibility let's build it from source. Source can be downloaded here http://hostap.epitest.fi/hostapd/. 
Download and upack the archive:
#wget http://hostap.epitest.fi/releases/hostapd-1.0.tar.gz
#tar xvfz hostapd-1.0.tar.gz
#cd hostapd-1.0/hostapd

7. Next we need to check the default settings and perhaps change them.
#cp defconfig .config

Open .config file in any editor and ensure that below variables are turned on:
CONFIG_DRIVER_HOSTAP=y
CONFIG_IAPP=y

8. Build the daemon
# make && make install

9. I don't plan to have a lot of wireless clients for my AP, so WPA2 with predefined passphrase is enough for me. wpa_passphrase can help us to generate PSK key. Launch it with your SSID and any passphrase.
# wpa_passphrase your_ssid passphrase
network={
ssid="your_network"
#psk="passphrase"
psk=0332fcb2d40e47f4e594bec01a0db94756c50d2f1bdf155585f6e54912c86fac
}

10. Open /etc/hostapd/hostapd.conf and update the file. Change "ssid" to your SSID and wpa_passphrase, wpa_psk to the values obtained with help of wpa_passphrase
interface=wlan0
driver=nl80211
ssid=PUT_YOUR_SSID_HERE
hw_mode=g
channel=6
macaddr_acl=1
auth_algs=1
accept_mac_file=/etc/hostapd/hostapd.accept
ignore_broadcast_ssid=0
wpa=2
debug=2
wpa_passphrase="put_your_passphrase_here"
wpa_psk=put_your_psk_here
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
logger_syslog=-1
logger_syslog_level=1

I use MAC authentication with hardware addresses listed in /etc/hostapd/hostapd.accept. Below the example of /etc/hostapd/hostapd.accept
00:11:22:33:44:55

11. Test the configuration
hostapd can be launched as in background as well in the foreground mode. The last one is useful to debug the configuration. Once it is done daemon can be set to start from /etc/init.d. Let's start hostapd and try to connect with a wireless client. 
#/usr/local/bin/hostapd -P /var/run/hostapd.pid /etc/hostapd/hostapd.conf 

I will use smartphone GSmart 1310 with Android 2.2. First at all make Settings->Wireless&Networks->Wi-Fi turned on. Next open Settings->Wireless&Networks->Wi-Fi settings and find the network by SSID. The network must have the property: "Secured with WPA/WPA2 PSK" Click at the network and input WPA2 passphrase exactly the same that was used to generate PSK key for hostap. Android will start the negotiation and halt on with the message "Obtaining IP address". That's fine and we will get rid of this on next steps. Let's check the hosapd daemon. Open /var/log/syslog and find its messages:
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: authentication OK (open system)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 MLME: MLME-AUTHENTICATE.indication(70:f3:95:xx:xx:62, OPEN_SYSTEM)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 MLME: MLME-DELETEKEYS.request(70:f3:95:xx:xx:62)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: authenticated
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: association OK (aid 1)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: associated (aid 1)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 MLME: MLME-ASSOCIATE.indication(70:f3:95:xx:xx:62)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 MLME: MLME-DELETEKEYS.request(70:f3:95:xx:xx:62)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: event 1 notification
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: start authentication
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.1X: unauthorizing port
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: received EAPOL-Key frame (4/4 Pairwise)
hostapd: wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.1X: authorizing port
hostapd: wlan0: STA 70:f3:95:xx:xx:62 RADIUS: starting accounting session 5046E9FE-00000002
hostapd: wlan0: STA 70:f3:95:xx:xx:62 WPA: pairwise key handshake completed (RSN)

Below information indicates that hosapd and smartphone have been connected to each other and established wireless connection on data link layer.

12. We still cannot work over the connection because wireless client has not been got the correct IP address, default route and DNS. Now the time to take care of all of this. To make it work we need DHCP server behind wireless AP.
# apt-get install isc-dhcp-server

14. Let's make it is listening on the wireless interface. Open /etc/default/isc-dhcp-server and add the following lines:
DHCPD_CONF=/etc/dhcp/dhcpd.conf
INTERFACES="wlan0"

15. Configure wireless network, default router and DSN settings.
Open file /etc/dhcp/dhcpd.conf and update it.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.3;
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}

16. Restart the DHCP server and try attempt to connect from Android to AP again. Now /var/log/syslog shows that the client has been got IP, default route and DNS
dhcpd: DHCPDISCOVER from 70:f3:95:xx:xx:62 via wlan0
dhcpd: DHCPOFFER on 192.168.1.2 to 70:f3:95:xx:xx:62 via wlan0
dhcpd: DHCPREQUEST for 192.168.1.2 (192.168.1.1) from 70:f3:95:e0:xx:62 via wlan0

Look at the Android Wi-Fi settings. The status on the connection has changed to "Connected".
# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=19.4 ms

So we have established the network connection between the server with wireless AP and Android client. But there is still a problem to get something behind the AP server.

17. Enable NAT.
Any wireless client that is connected to the AP uses private network 192.168.1.0 we assigned in DHCP settings. Private networks are reserved to  local use only and cannot be routed through Internet. So to make a wireless client access Internet we need to NAT it to IP address that uses AP server.

Allow forward of the wireless network between interfaces
#iptables -A FORWARD -i wlan0 -s 192.168.1.0/24 -d 0/0 -j ACCEPT
Masquerade the network
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE -v

18. Make a final test.
Get Android smartphone, click at browser and test any site. It must work now.





Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)