From owner-freebsd-questions@FreeBSD.ORG Sat Jan 14 06:40:06 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6EA97106566B for ; Sat, 14 Jan 2012 06:40:06 +0000 (UTC) (envelope-from freebsd-questions@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id D6E148FC08 for ; Sat, 14 Jan 2012 06:40:05 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.179]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.unitedinsong.com.au (Postfix) with ESMTPSA id 5ECD35C26 for ; Sat, 14 Jan 2012 16:52:35 +1000 (EST) Message-ID: <4F112266.10505@herveybayaustralia.com.au> Date: Sat, 14 Jan 2012 16:36:22 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:7.0.1) Gecko/20111109 Thunderbird/7.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: wireless and/or routing question UPDATE - WPA X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2012 06:40:06 -0000 On 01/14/12 16:28, Waitman Gobble wrote: > On Fri, Jan 13, 2012 at 8:34 AM, Waitman Gobble wrote: > >> On Jan 13, 2012 7:19 AM, "Matthias Apitz" wrote: >>> El día Friday, January 13, 2012 a las 07:03:11AM -0800, Waitman Gobble >> escribió: >>>> Hi, >>>> >>>> Thanks. I've always heard countless rumors about WPA being wise :) I'll >>>> take your advice and take a step up in technology. My "stubborn >>>> conservatism" probably roots back to the time when not all devices >> could do >>>> WPA, or at least I had crazy trouble getting things to work. But this >>>> learned attitude was probably around 2000, which was like a million >> years >>>> ago with dinosaurs and stuff. Time for me to finally get with it. >>>> >>>> ... >>> Concerning WEP ./. WPA: From the technical point it is clear, WPA is >>> more secure; but there are other aspects as well; we have had in Germany >>> cases where the WAN IP of the AP appeared as source addr of some kind of >>> crime (access to child porn or whatever) and the AP owner said: I'm >>> using WEP, it was not me, and someone highjacked my AP ... and he/she >>> went home as free person; >>> >>> matthias >>> -- >>> Matthias Apitz >>> e - w http://www.unixarea.de/ >>> UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) >>> UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 >> thanks, going to try WPA this weekend. >> >> My apartment is not so convenient for drive-by scanners (cant think of the >> proper term at the moment) but i do have at least one neighbor who appears >> potentially suspect.. like he might try to hack my ap for fun. >> >> Waitman >> > > Hi, > > Today I picked up a D-Link DIR-815 and set it up for WPA with TKIP/PSK. > I believe i followed the instructions in the FreeBSD handbook. However, the > wpa_supplicant appears to hang indefinitely. If i control-c it barfs out an > error. > > This clones ale0 wired NIC MAC to ath0 wireless NIC for lagg > > ifconfig ath0 ether 00:23:5a:59:e1:e4 > ifconfig wlan0 create wlandev ath0 ssid BOOTAY > ifconfig wlan0 up scan > > > > > here's the wpa_supplicant that's hanging: > > wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf > > > > > p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf > Trying to associate with 1c:7e:e5:de:ed:52 (SSID='BOOTAY' freq=2452 MHz) > Associated with 1c:7e:e5:de:ed:52 > WPA: Key negotiation completed with 1c:7e:e5:de:ed:52 [PTK=TKIP GTK=TKIP] > CTRL-EVENT-CONNECTED - Connection to 1c:7e:e5:de:ed:52 completed (auth) > [id=0 id_str=] > > > ^CCTRL-EVENT-TERMINATING - signal 2 received > ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address > ELOOP: remaining socket: sock=4 eloop_data=0x284081c0 user_data=0x28412080 > handler=0x806d620 > > > If I terminate with ampersand to run asynchronously it keeps running and i > have a wireless connection - it works. > > p00ntang# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf& > > > I guess that makes sense but the handbook is not clear to me that it's to > be done this way. It's the first time i've set up WPA on FreeBSD so i'm not > 100% about what to expect. > > i am noticing messages about rekeying, so maybe the wpa-supplicant is > supposed to keep running. > > here's /etc/wpa_supplicant.conf > > network={ > ssid="BOOTAY" > psk="PASSWORD GOES HERE" > } > > > here's the rest of the lagg to set wired/wireless interface with a failover > configuration. this is pretty clear in the handbook but i'll put it here in > case someone runs across the thread in the future. > > ifconfig ale0 up > ifconfig wlan0 up > ifconfig lagg0 create > ifconfig lagg0 up laggproto failover laggport ale0 laggport wlan0 > 10.0.0.20/24 > Just stick the config in rc.conf and make sure you include "WPA" in the wlan0 definition. It will "just work" then. For reference, to run wpa_supplicant from the cli you usually add "-B" in the flags to daemonise it, and run in the background; otherwise it will run in the foreground for debugging purposes.