[clue-tech] Re: WPA based linux access point

Mon Apr 25 14:49:31 MDT 2005

Hi Fred,

> i'm a student engineering from belgium and for my thesis I have to make an 
> access-point that meets the latest security requirements. I read the thread 
> on http://clue.denver.co.us/pipermail/clue-tech/2005-April/012277.html , and 
> the accesspoint you described is more or less exactly what I have to make.
> Currently I have madwifi installed to work with a Dlink-AG520 and that works 
> normally, with or without WEP.

Great.

> My next goal is to implement WPA and WPA2, so I installed Hostapd. When I 
> try to connect with a windows client, de debug output gives something like 
> authenticated, and immediately after that deauthenticated. Also something 
> about 'the network is down'. After this the ath0 adapter doesn't appear in 
> ifconfig anymore unless I restart the network service.

Does your linux system use a DHCP client?  Try doing "ifconfig ath0 up"
before starting hostapd.  I'm not sure why hostapd would take your network
interface down, I don't think it ever did that to me.

You didn't give much information like what hardware and device driver
you are running under Windows, or your hostapd or madwifi/ath0 config.

> Do you know what I can do to get things running? Or do you have a more 
> extensive report of the work you did? Cause all the how-to's are rather 
> brief and I'm not (yet) a die hard linux user...
> Afterwards I would like to implement the freeradius too, but for now I would 
> bevery happy if the WPA would work allready!

Did you get it to work so far?  We had a really hard time and had to patch
the madwifi driver and hostapd.  We never had to patch freeradius but it
is really hard to configure - so many configuration options, and they are
basically like the unix man pages in which you need to know what you're
doing beforehand, then you can understand the documentation of the
configuration options.  (The freeradius mailing lists are very helpful.)

The madwifi bugs we fixed were mainly counters that would decrement past
zero, or counters that weren't incremented when they should have been.

There is the usual groupkey problem as well, I'm not sure this will ever
go away, but we set our groupkey rekeying timeout to 20 seconds and that
makes the problem mostly invisible (after applying the groupkey patches
of course).

We also had to patch madwifi because the D-Link DWL-AG660 windows device
driver claims to not support WEP (the capability is 0 instead of 1 in
the associate request).  Obviously it does support WEP, but madwifi
rejects the associate request.  We patched madwifi to allow the client
to associate even if set to WPA (authmode 3) and the client says it
doesn't support encryption.

Hope this helps,
Jim

-- 
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: please see http://www.ockers.net/