Notebook,
desktop computer, smartphone, another notebook and only
one wire by Internet provider. How to make all these devices to have
an access to
a global net from my home? Frankly, time to time I connected them
to each other over
ad-hoc wireless but it isn't a good way yet. First at all, ad-hoc
supports only weak
WEP encryption ( just imagine how my neighbors would laugh watching
at my wifi
station with WEP security while others keep WAP2 only) and secondly
Android doesn't
recognized ad-hoc. Therefore
I need wireless Access Point to share Internet across my devices.
This story I will explain how to install AP on ASUS notebook N73S, AR9285 wireless adapter on Linux Debian wheezy/sid release. As a client I will use smartphone GSmart G1310 with Android 2.2.
1.
First at all, let's check PCI bus to find out the device:
#
lspci | grep AR9285
03:00.0
Network controller: Atheros Communications Inc. AR9285 Wireless
Network Adapter (PCI-Express) (rev 01)
2.
Next, let's make Linux kernel to see the wireless network card. On the my
case I have the
following options turned on:
Networking
support->Wireless->cfg80211-wireless configuration API
[CONFIG_CFG80211]
Networking
support->Wireless->Generic IEEE 802.11 Networking Stack
[CONFIG_MAC80211]
Device
drivers->Network device support->Wireless LAN->Atheros
Wireless Cards->Atheros 802.11n wireless card support
[CONFIG_ATH9K]
3.
Check whether Ath9k kernel modules has been installed for the device
#
dmesg | grep ath9k
[
7.937533] ath9k 0000:03:00.0: PCI INT A -> GSI 17 (level, low)
-> IRQ 17
[
7.937545] ath9k 0000:03:00.0: setting latency timer to 64
[
8.033245] ieee80211 phy0: Selected rate control algorithm
'ath9k_rate_control'
[
8.033657] Registered led device: ath9k-phy0
4.
At this step we need wireless-tools to be installed. We will not use
them during the setup but
it may be helpful to check the status of the device. The next package
wpasupplicant is
needed to generate WPA2 PSK key.
#apt-get
install wireless-tools wpasupplicant
5.
Let's check that Linux has recognized the wireless card and it's
available to use
#
iwconfig
wlan0
IEEE 802.11bgn Mode:Master Frequency:2.437 GHz Tx-Power=16 dBm
6.
Now the time of hostapd. It is available in Debian but to get better
compatibility let's build it from source. Source
can be downloaded here http://hostap.epitest.fi/hostapd/.
Download
and upack the archive:
#wget
http://hostap.epitest.fi/releases/hostapd-1.0.tar.gz
#tar
xvfz hostapd-1.0.tar.gz
#cd
hostapd-1.0/hostapd
7.
Next we need to check the default settings and perhaps change them.
#cp
defconfig .config
Open
.config file in any editor and ensure that below variables are turned
on:
CONFIG_DRIVER_HOSTAP=y
CONFIG_IAPP=y
8.
Build the daemon
#
make && make install
9.
I don't plan to have a lot of wireless clients for my AP, so WPA2
with predefined passphrase is
enough for me. wpa_passphrase can help us to generate PSK key. Launch
it with your SSID and any
passphrase.
#
wpa_passphrase your_ssid passphrase
network={
ssid="your_network"
#psk="passphrase"
psk=0332fcb2d40e47f4e594bec01a0db94756c50d2f1bdf155585f6e54912c86fac
}
10.
Open /etc/hostapd/hostapd.conf and update the file. Change "ssid"
to your SSID and
wpa_passphrase, wpa_psk to the values obtained with help of
wpa_passphrase
interface=wlan0
driver=nl80211
ssid=PUT_YOUR_SSID_HERE
hw_mode=g
channel=6
macaddr_acl=1
auth_algs=1
accept_mac_file=/etc/hostapd/hostapd.accept
ignore_broadcast_ssid=0
wpa=2
debug=2
wpa_passphrase="put_your_passphrase_here"
wpa_psk=put_your_psk_here
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
CCMP
rsn_pairwise=CCMP
logger_syslog=-1
logger_syslog_level=1
I
use MAC authentication with hardware addresses listed in
/etc/hostapd/hostapd.accept. Below
the example of /etc/hostapd/hostapd.accept
00:11:22:33:44:55
11.
Test the configuration
hostapd
can be launched as in background as well in the foreground mode. The
last one is useful to
debug the configuration. Once it is done daemon can be set to start
from /etc/init.d. Let's
start hostapd and try to connect with a wireless client.
#/usr/local/bin/hostapd -P /var/run/hostapd.pid /etc/hostapd/hostapd.conf
I will use
smartphone GSmart
1310 with Android 2.2. First at all make
Settings->Wireless&Networks->Wi-Fi turned on. Next
open Settings->Wireless&Networks->Wi-Fi settings and find
the network by SSID. The
network must have the property: "Secured with WPA/WPA2 PSK" Click
at the network and input WPA2 passphrase exactly the same that was
used to generate PSK
key for hostap. Android will start the negotiation and halt on with
the message "Obtaining
IP address". That's fine and we will get rid of this on next
steps. Let's
check the hosapd daemon. Open /var/log/syslog and find its messages:
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: authentication OK (open
system)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 MLME:
MLME-AUTHENTICATE.indication(70:f3:95:xx:xx:62, OPEN_SYSTEM)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 MLME:
MLME-DELETEKEYS.request(70:f3:95:xx:xx:62)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: authenticated
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: association OK (aid 1)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.11: associated (aid 1)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 MLME:
MLME-ASSOCIATE.indication(70:f3:95:xx:xx:62)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 MLME:
MLME-DELETEKEYS.request(70:f3:95:xx:xx:62)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: event 1 notification
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: start authentication
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.1X: unauthorizing port
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: sending 1/4 msg of 4-Way Handshake
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: received EAPOL-Key frame (2/4
Pairwise)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: sending 3/4 msg of 4-Way Handshake
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: received EAPOL-Key frame (4/4
Pairwise)
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 IEEE 802.1X: authorizing port
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 RADIUS: starting accounting session
5046E9FE-00000002
hostapd:
wlan0: STA 70:f3:95:xx:xx:62 WPA: pairwise key handshake completed
(RSN)
Below
information indicates that hosapd and smartphone have been connected
to each other and established
wireless connection on data link layer.
12.
We still cannot work over the connection because wireless client has
not been got the correct IP
address, default route and DNS. Now the time to take care of all of
this. To make it work we
need DHCP server behind wireless AP.
#
apt-get install isc-dhcp-server
14.
Let's make it is listening on the wireless interface. Open
/etc/default/isc-dhcp-server and
add the following lines:
DHCPD_CONF=/etc/dhcp/dhcpd.conf
INTERFACES="wlan0"
15.
Configure wireless network, default router and DSN settings.
Open
file /etc/dhcp/dhcpd.conf and update it.
subnet
192.168.1.0 netmask 255.255.255.0 {
range
192.168.1.2 192.168.1.3;
option
domain-name-servers 192.168.1.1;
option
routers 192.168.1.1;
option
broadcast-address 192.168.1.255;
default-lease-time
600;
max-lease-time
7200;
}
16.
Restart the DHCP server and try attempt to connect from Android to AP
again. Now
/var/log/syslog shows that the client has been got IP, default route
and DNS
dhcpd:
DHCPDISCOVER from 70:f3:95:xx:xx:62 via wlan0
dhcpd:
DHCPOFFER on 192.168.1.2 to 70:f3:95:xx:xx:62 via wlan0
dhcpd:
DHCPREQUEST for 192.168.1.2 (192.168.1.1) from 70:f3:95:e0:xx:62 via
wlan0
Look
at the Android Wi-Fi settings. The status on the connection has
changed to "Connected".
#
ping 192.168.1.2
PING
192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64
bytes from 192.168.1.2: icmp_req=1 ttl=64 time=19.4 ms
So
we have established the network connection between the server with
wireless AP and Android
client. But there is still a problem to get something behind the AP
server.
17.
Enable NAT.
Any
wireless client that is connected to the AP uses private network
192.168.1.0 we
assigned in DHCP settings. Private networks are reserved to local use
only and cannot
be routed through Internet. So to make a wireless client access
Internet we
need to NAT it to IP address that uses AP server.
Allow
forward of the wireless network between interfaces
#iptables
-A FORWARD -i wlan0 -s 192.168.1.0/24 -d 0/0 -j ACCEPT
Masquerade
the network
#iptables
-t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE -v
18.
Make a final test.
Get
Android smartphone, click at browser and test any site. It must work
now.
No comments:
Post a Comment