User Tools

Site Tools


doc:howto:wireless.overview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:wireless.overview [2013/07/12 10:13]
lorema
doc:howto:wireless.overview [2014/12/02 18:48] (current)
BenFranske [Wireless security] re-link to missing 802.1x instructions
Line 2: Line 2:
  
 ===== Introduction ===== ===== Introduction =====
-[[http://linuxwireless.org/​en/​users|Linux Wireless]] is //the// source for documentation regarding the entire **Linux Kernel IEEE 802.11 ("​wireless"​) subsystem**. It is a wiki like this one, so feel free to contribute there as well! Everything not OpenWrt specific, belongs there. This page is an exception, as I believe I can provide a better introduction. ;-)+[[http://wireless.kernel.org/​en/​users|Linux Wireless]] is //the// source for documentation regarding the entire **Linux Kernel IEEE 802.11 ("​wireless"​) subsystem**. It is a wiki like this one, so feel free to contribute there as well! Everything not OpenWrt specific, belongs there. This page is an exception, as I believe I can provide a better introduction. ;-)
  
   * IEEE 802.**3** is a family of communication protocols comprising [[wp>​Physical Layer|Layer 1]] and [[wp>​Media Access Control|Layer 2 Sublayer MAC]]    * IEEE 802.**3** is a family of communication protocols comprising [[wp>​Physical Layer|Layer 1]] and [[wp>​Media Access Control|Layer 2 Sublayer MAC]] 
-  * IEEE 802.3 has an officially ​name: //​Ethernet//​+  * IEEE 802.3 has an official ​name: //​Ethernet//​
   * IEEE 802.**11** is a family of communication protocols also comprising Layer 1 and Layer 2 Sublayer MAC   * IEEE 802.**11** is a family of communication protocols also comprising Layer 1 and Layer 2 Sublayer MAC
   * IEEE 802.11 has no official name; so most people simply call it "​wireless"​ or "​wavelan"​ or ''​wifi''​ (note that [[wp>​Wi-Fi]] is a brand name)   * IEEE 802.11 has no official name; so most people simply call it "​wireless"​ or "​wavelan"​ or ''​wifi''​ (note that [[wp>​Wi-Fi]] is a brand name)
Line 13: Line 13:
       * to set up and configure **[[wireless utilities]]** are available, however on OpenWrt we rather use UCI: ''​[[doc/​uci/​wireless|/​etc/​config/​wireless]]''​ and ''​[[doc/​uci/​network|/​etc/​config/​network]]''​.       * to set up and configure **[[wireless utilities]]** are available, however on OpenWrt we rather use UCI: ''​[[doc/​uci/​wireless|/​etc/​config/​wireless]]''​ and ''​[[doc/​uci/​network|/​etc/​config/​network]]''​.
     * There are two different types of WNICs to distinguish:​ [[http://​www.linuxwireless.org/​en/​developers/​Documentation/​Glossary?​highlight=%28softmac%29#​SoftMAC|SoftMAC]] and [[http://​www.linuxwireless.org/​en/​developers/​Documentation/​Glossary?​highlight=%28FullMAC%29#​FullMAC|FullMAC]] devices; also see //​[[http://​linuxwireless.org/​en/​developers/​Documentation/​mac80211|About mac80211]]//​.     * There are two different types of WNICs to distinguish:​ [[http://​www.linuxwireless.org/​en/​developers/​Documentation/​Glossary?​highlight=%28softmac%29#​SoftMAC|SoftMAC]] and [[http://​www.linuxwireless.org/​en/​developers/​Documentation/​Glossary?​highlight=%28FullMAC%29#​FullMAC|FullMAC]] devices; also see //​[[http://​linuxwireless.org/​en/​developers/​Documentation/​mac80211|About mac80211]]//​.
-  * In contrary ​to Ethernet drivers, wireless drivers work in a **Wireless Mode of Operation**.+  * In contrast ​to Ethernet drivers, wireless drivers work in a **Wireless Mode of Operation**.
  
  
 ==== Wireless Modes of Operation ==== ==== Wireless Modes of Operation ====
-→[[http://​linuxwireless.org/​en/​users/​Documentation/​modes|Wireless Modes of Operation]]+→[[http://​wireless.kernel.org/​en/​users/​Documentation/​modes|Wireless Modes of Operation]]
  
  
Line 35: Line 35:
 ===== Wireless Drivers in OpenWrt ===== ===== Wireless Drivers in OpenWrt =====
 Wireless drivers are pulled on a more or less regularly basis from [[http://​git.kernel.org/​cgit/​linux/​kernel/​git/​linville/​wireless-testing.git/​|wireless-testing]] and the OpenWrt-patches which are not mainlined yet are adjusted, see e.g. [[https://​dev.openwrt.org/​changeset/​36939/​trunk|r36939]]. Wireless drivers are pulled on a more or less regularly basis from [[http://​git.kernel.org/​cgit/​linux/​kernel/​git/​linville/​wireless-testing.git/​|wireless-testing]] and the OpenWrt-patches which are not mainlined yet are adjusted, see e.g. [[https://​dev.openwrt.org/​changeset/​36939/​trunk|r36939]].
 +OpenWrt does not use Kernel drivers. The package is called mac80211.
   * [[https://​dev.openwrt.org/​search?​q=mac80211&​changeset=on|commits to OpenWrt trunk regarding mac80211]]   * [[https://​dev.openwrt.org/​search?​q=mac80211&​changeset=on|commits to OpenWrt trunk regarding mac80211]]
   * [[https://​dev.openwrt.org/​search?​ticket=on&​q=mac80211|tickets on mac80211]], better is a custom query in [[wp>​Trac]]:​ e.g. [[https://​dev.openwrt.org/​query?​status=accepted&​status=assigned&​status=new&​status=reopened&​description=~mac80211&​max=20&​order=priority|custom query]]   * [[https://​dev.openwrt.org/​search?​ticket=on&​q=mac80211|tickets on mac80211]], better is a custom query in [[wp>​Trac]]:​ e.g. [[https://​dev.openwrt.org/​query?​status=accepted&​status=assigned&​status=new&​status=reopened&​description=~mac80211&​max=20&​order=priority|custom query]]
 +
 +Similar work (brand new drivers for older Kernel) is done by the [[https://​backports.wiki.kernel.org/​index.php/​Main_Page|backports]] project [[http://​marc.info/?​l=linux-backports&​m=136490878702448|April 2013 announcement]],​ previously called compat-wireless or compat-driver. OpenWrt does not use this, despite referencing it by name.
  
 ===== Wireless Utilities in OpenWrt ===== ===== Wireless Utilities in OpenWrt =====
Line 51: Line 54:
 ==== Captive portal software available in the OpenWrt repository ==== ==== Captive portal software available in the OpenWrt repository ====
  
-| ''​[[doc:​howto:​wireless.hotspot.nocatauth|nocatauth]]''​ | Layer 3 |  ​http://​nocat.net/​downloads/​NoCatAuth/ ​|+| ''​[[doc:​howto:​wireless.hotspot.nocatauth|nocatauth]]''​ | Layer 3 |   ​|
 | ::: | NoCatAuth is the original "catch and release"​ [[wp>​captive portal]] implementation. It provides a simple splash screen web page for clients on your network, as well as a variety of authenticated modes. NoCatAuth is written in [[wp>​Perl]]. || | ::: | NoCatAuth is the original "catch and release"​ [[wp>​captive portal]] implementation. It provides a simple splash screen web page for clients on your network, as well as a variety of authenticated modes. NoCatAuth is written in [[wp>​Perl]]. ||
-| ''​[[doc:​howto:​wireless.hotspot.nocatsplash|nocatsplash]]''​ | Layer 3 |  ​http://​nocat.net/​downloads/​NoCatSplash ​|+| ''​[[doc:​howto:​wireless.hotspot.nocatsplash|nocatsplash]]''​ | Layer 3 |   ​|
 | :::  | NoCatSplash is an Open Public Network Gateway Daemon. It performs as a [captive/​open/​active] portal. When run on a gateway/​router on a network, all web requests are redirected until the client either logs in or clicks "I Accept"​ to an [[wp>​Acceptable use policy|AUP]]. The gateway daemon then changes the firewall rules on the gateway to pass traffic for that client (based on IP address and MAC address).\\ NoCatSplash is the C port of NoCatAuth ​ || | :::  | NoCatSplash is an Open Public Network Gateway Daemon. It performs as a [captive/​open/​active] portal. When run on a gateway/​router on a network, all web requests are redirected until the client either logs in or clicks "I Accept"​ to an [[wp>​Acceptable use policy|AUP]]. The gateway daemon then changes the firewall rules on the gateway to pass traffic for that client (based on IP address and MAC address).\\ NoCatSplash is the C port of NoCatAuth ​ ||
 | ''​[[doc:​howto:​wireless.hotspot.nodogsplash|nodogsplash]]''​ | Layer 3 |  https://​github.com/​nodogsplash/​nodogsplash | | ''​[[doc:​howto:​wireless.hotspot.nodogsplash|nodogsplash]]''​ | Layer 3 |  https://​github.com/​nodogsplash/​nodogsplash |
Line 59: Line 62:
 | ''​[[doc:​howto:​wireless.hotspot.wifidog|wifidog]]''​ | Layer 3 |  http://​dev.wifidog.org/​ | | ''​[[doc:​howto:​wireless.hotspot.wifidog|wifidog]]''​ | Layer 3 |  http://​dev.wifidog.org/​ |
 | ::: | The Wifidog project is a complete and embeddable captive portal solution for wireless community groups or individuals who wish to open a free Hotspot while still preventing abuse of their Internet connection.\\ Originally forked from NoCatSplash and NoCatAuth,​ran at layer3 using iptables as opposed to chillispots layer2 solutions. Wifidog offers a simple package and none uci based configuration file. Users can be managed and controlled through the gateway and hooked into any custom user management. This solution creates a custom central user management system. You can build your own login page and user management system or use their own portal system. || | ::: | The Wifidog project is a complete and embeddable captive portal solution for wireless community groups or individuals who wish to open a free Hotspot while still preventing abuse of their Internet connection.\\ Originally forked from NoCatSplash and NoCatAuth,​ran at layer3 using iptables as opposed to chillispots layer2 solutions. Wifidog offers a simple package and none uci based configuration file. Users can be managed and controlled through the gateway and hooked into any custom user management. This solution creates a custom central user management system. You can build your own login page and user management system or use their own portal system. ||
-| ''​[[doc:​howto:​wireless.hotspot.chillispot|chillispot]]''​ | Layer 2 |  http://​www.chillispot.info/ | +| ''​[[doc:​howto:​wireless.hotspot.chillispot|chillispot]]''​ | Layer 2 |  http://​www.chillispot.org/ | 
 | ::: | ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login which is today'​s standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication,​ authorization and accounting (AAA) is handled by your favorite RADIUS server.\\ Layer 2 solution using a [[wp>​RADIUS]] database for the backend user management and tracking. WARNING: This project may be dead. There hasn't really been much work on this project for years. Which leads to the next project. || | ::: | ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login which is today'​s standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication,​ authorization and accounting (AAA) is handled by your favorite RADIUS server.\\ Layer 2 solution using a [[wp>​RADIUS]] database for the backend user management and tracking. WARNING: This project may be dead. There hasn't really been much work on this project for years. Which leads to the next project. ||
 | ''​[[doc:​howto:​wireless.hotspot.coova-chilli|coova-chilli]]''​ | Layer 2 / Layer 3|  http://​www.coova.org/​ | | ''​[[doc:​howto:​wireless.hotspot.coova-chilli|coova-chilli]]''​ | Layer 2 / Layer 3|  http://​www.coova.org/​ |
 | ::: | CoovaChilli is an open source access controller for wireless LAN access points and is based on ChilliSpot. It is used for authenticating users of a wireless (or wired) LAN. It supports web based login (UAM) which is today'​s standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication,​ authorization and accounting (AAA) is handled by your favorite RADIUS server.\\ Built on top of Chillispot with several improvements and additions. Includes [[wp>​WISPr]] support, and much more. Main captive portal solution used in CoovaAP. || | ::: | CoovaChilli is an open source access controller for wireless LAN access points and is based on ChilliSpot. It is used for authenticating users of a wireless (or wired) LAN. It supports web based login (UAM) which is today'​s standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication,​ authorization and accounting (AAA) is handled by your favorite RADIUS server.\\ Built on top of Chillispot with several improvements and additions. Includes [[wp>​WISPr]] support, and much more. Main captive portal solution used in CoovaAP. ||
 | ''​[[doc:​howto:​wireless.hotspot.pepperspot|pepperspot]]''​ | Layer 2 |  http://​sourceforge.net/​projects/​pepperspot/​ | | ''​[[doc:​howto:​wireless.hotspot.pepperspot|pepperspot]]''​ | Layer 2 |  http://​sourceforge.net/​projects/​pepperspot/​ |
-| ::: | PepperSpot is a captive portal or wireless LAN access point controller which support the IPv6 protocol. It supports web based login and it supports Wireless Protected Access (WPA). Authentication is handled by your favorite RADIUS server (over IPv4/​IPv6).\\ Another Chillispot fork. Support for IPv6 protocol, Wireless Protected Access (WPA). Also RADIUS server backend. ||+| ::: | PepperSpot is a captive portal or wireless LAN access point controller which support the IPv6 protocol ​(started as Chillispot fork with IPV6 support). It supports web based login and it supports Wireless Protected Access (WPA). Authentication is handled by your favorite RADIUS server (over IPv4/​IPv6).\\ Another Chillispot fork. Support for IPv6 protocol, Wireless Protected Access (WPA). Also RADIUS server backend. ||
  
  
Line 136: Line 139:
 ===== Wireless security ===== ===== Wireless security =====
   * WEP (unsecure, cracked)   * WEP (unsecure, cracked)
-  * WPA (unsecure, cracked+  * WPA (sufficiently secure if strong passwords are used and WPS disabled
-  * WPA2 (unsecure, cracked+  * WPA2 (secure if strong passwords are used and WPS disabled
-  * 802.11X (Secure ​Authentication of LDAP domain credentialsFIXME Can openwrt do this?  With radius ? +  * 802.1X (securePer-user authentication using RADIUS, including support for dynamic vlan assignment[[doc:​howto:​wireless.security.8021x|Basic WPA Enterprise configuration instructions]]
  
 ===== Wireless recipes ===== ===== Wireless recipes =====
Line 148: Line 151:
 ===== Notes ===== ===== Notes =====
   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=133243#​p133243|on AP modes]]   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=133243#​p133243|on AP modes]]
 +  * [[https://​dev.openwrt.org/​changeset/​37553|r37553 ​ add authsae open80211s authentication daemon]] [[wp>​IEEE 802.11s]]
 +  * [[https://​dev.openwrt.org/​changeset/​37483|r37483 ath9k: add initial tx queueing rework patches]] This forces all packets (even for un-aggregated traffic) through software queues to improve fairness and stability
  
 ===== OpenWrt Wireless FAQ ===== ===== OpenWrt Wireless FAQ =====
   * ->​[[http://​wiki.openwrt.org/​doc/​faq/​faq.wireless|OpenWrt Wireless FAQ]]   * ->​[[http://​wiki.openwrt.org/​doc/​faq/​faq.wireless|OpenWrt Wireless FAQ]]
doc/howto/wireless.overview.1373616801.txt.bz2 · Last modified: 2013/07/12 10:13 by lorema