[clue-tech] Re: Linux WPA accesspoint using hostapd?

Jim Ockers ockers at ockers.net
Fri Apr 1 10:41:17 MST 2005 

Hi Andy,

> I found your posting about a Linux AP while trying to research building
> one for myself - WPA/WPA2 capable. I didn't find any feedback
> though...did you get any?

I didn't get any, but since that time we got it all to work.  We are
using the following combination of hardware/software:

Client 1:
D-Link DWL-AG660 PCMCIA (cardbus/PCI) cards (Atheros AR5212)
Windows XP SP2 + D-Link Windows driver + Windows 802.1x supplicant
WPA-EAP + EAP-PEAP + PEAP-MSCHAPV2 for authentication

Client 2:
D-Link DWL-AG660 (Atheros AR5212)
Linux 2.4.28 + madwifi + wpa_supplicant
WPA-EAP + EAP-PEAP + PEAP-MSCHAPV2 for authentication

Accesspoint:
D-Link DWL-AG530 or Elcard Atheros AR5212 PCI cards.
Linux 2.4.28 + wireless extensions + madwifi from CVS
freeradius 1.0.1 + mysql for authentication (usernames/passwords)
hostapd from CVS for WPA and 802.1x EAPOL support
TKIP for GTK (group key)
TKIP for PTK (pairwise key)
WEP104 crypto only - since we got TKIP to work we didn't spend too much
time messing with CCMP or AES crypto.

> Could you tell me if (in your experience) the D-Link DWL-G520 would be
> suitable for such a project? Additionally if you have the time, could
> you possibly point me in the right direction for the documentation you
> used?

Unfortunately the documentation is pretty sparse.  I've thought about
writing it up.  The April Linux Journal has the first part in a series
about making a Linux system into a WPA accesspoint.  I could write that
article now of course.  You should start by reading their articles I 
think.

I'm not familiar with the DWL-G520.  You should use the D-Link products
that have the Atheros chips in them since the madwifi driver works, and
the hostapd supports madwifi.

We had to patch madwifi a few times (there was a bug, and also a work-
around for the D-Link DWL-AG660 windows driver which claimed to not
support WEP in its associate request [boo D-link!], and also the 
groupkey was not set properly so DHCP didn't work).  We patched hostapd 
to get rid of AES support so it would compile on our system, and also 
hacked on the freeradius sql.conf to make it work with our database 
of usernames and passwords.

There are lots of other gotchas, like how the TLS certificate for 
freeradius needs to have a couple of extended attributes or else Windows 
will silently refuse to authenticate - just to name one gotcha that
you'll find.

Anyway it was an interesting project.  I hope this helps get you started.

-- 
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: please see http://www.ockers.net/

More information about the clue-tech mailing list