projects / openwrt / staging / florian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Support encrypted WDS connections (#2463)
[openwrt/staging/florian.git] / docs / wireless.tex
1 The WiFi settings are configured in the file \texttt{/etc/config/wireless}
2 (currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
3 it should detect your card and create a sample configuration file. By default '\texttt{option network lan}' is
4 commented. This prevents unsecured sharing of the network over the wireless interface.
5
6 Each wireless driver has its own configuration script in \texttt{/lib/wifi/driver\_name.sh} which handles
7 driver specific options and configurations. This script is also calling driver specific binaries like wlc for
8 Broadcom, or hostapd and wpa\_supplicant for atheros.
9
10 The reason for using such architecture, is that it abstracts the driver configuration.
11
12 \paragraph{Generic Broadcom wireless config:}
13
14 \begin{Verbatim}
15 config wifi-device "wl0"
16 option type "broadcom"
17 option channel "5"
18
19 config wifi-iface
20 option device "wl0"
21 # option network lan
22 option mode "ap"
23 option ssid "OpenWrt"
24 option hidden "0"
25 option encryption "none"
26 \end{Verbatim}
27
28 \paragraph{Generic Atheros wireless config:}
29
30 \begin{Verbatim}
31 config wifi-device "wifi0"
32 option type "atheros"
33 option channel "5"
34 option agmode "11g"
35
36 config wifi-iface
37 option device "wifi0"
38 # option network lan
39 option mode "ap"
40 option ssid "OpenWrt"
41 option hidden "0"
42 option encryption "none"
43 \end{Verbatim}
44
45 \paragraph{Generic mac80211 wireless config:}
46
47 \begin{Verbatim}
48 config wifi-device "wifi0"
49 option type "mac80211"
50 option channel "5"
51
52 config wifi-iface
53 option device "wlan0"
54 # option network lan
55 option mode "ap"
56 option ssid "OpenWrt"
57 option hidden "0"
58 option encryption "none"
59 \end{Verbatim}
60
61 \paragraph{Generic multi-radio Atheros wireless config:}
62
63 \begin{Verbatim}
64 config wifi-device wifi0
65 option type atheros
66 option channel 1
67
68 config wifi-iface
69 option device wifi0
70 # option network lan
71 option mode ap
72 option ssid OpenWrt_private
73 option hidden 0
74 option encryption none
75
76 config wifi-device wifi1
77 option type atheros
78 option channel 11
79
80 config wifi-iface
81 option device wifi1
82 # option network lan
83 option mode ap
84 option ssid OpenWrt_public
85 option hidden 1
86 option encryption none
87 \end{Verbatim}
88
89 There are two types of config sections in this file. The '\texttt{wifi-device}' refers to
90 the physical wifi interface and '\texttt{wifi-iface}' configures a virtual interface on top
91 of that (if supported by the driver).
92
93 A full outline of the wireless configuration file with description of each field:
94
95 \begin{Verbatim}
96 config wifi-device wifi device name
97 option type broadcom, atheros, mac80211
98 option country us, uk, fr, de, etc.
99 option channel 1-14
100 option maxassoc 1-128 (broadcom only)
101 option distance 1-n
102 option agmode 11b, 11g, 11a, 11bg (atheros only)
103
104 config wifi-iface
105 option network the interface you want wifi to bridge with
106 option device wifi0, wifi1, wifi2, wifiN
107 option mode ap, sta, adhoc, monitor, or wds
108 option ssid ssid name
109 option bssid bssid address
110 option encryption none, wep, psk, psk2, wpa, wpa2
111 option key encryption key
112 option key1 key 1
113 option key2 key 2
114 option key3 key 3
115 option key4 key 4
116 option server ip address
117 option port port
118 option hidden 0,1
119 option isolate 0,1
120 \end{Verbatim}
121
122 \paragraph{Options for the \texttt{wifi-device}:}
123
124 \begin{itemize}
125 \item \texttt{type} \\
126 The driver to use for this interface.
127
128 \item \texttt{country} \\
129 The country code used to determine the regulatory settings.
130
131 \item \texttt{channel} \\
132 The wifi channel (e.g. 1-14, depending on your country setting).
133
134 \item \texttt{maxassoc} \\
135 Optional: Maximum number of associated clients. This feature is supported only on the broadcom chipset.
136
137 \item \texttt{distance} \\
138 Optional: Distance between the ap and the furthest client in meters. This feature is supported only on the atheros chipset.
139
140 \item \texttt{mode} \\
141 The frequency band (\texttt{b}, \texttt{g}, \texttt{bg}, \texttt{a}). This feature is only supported on the atheros chipset.
142
143
144 \end{itemize}
145
146 \paragraph{Options for the \texttt{wifi-iface}:}
147
148 \begin{itemize}
149 \item \texttt{network} \\
150 Selects the interface section from \texttt{/etc/config/network} to be
151 used with this interface
152
153 \item \texttt{device} \\
154 Set the wifi device name.
155
156 \item \texttt{mode} \\
157 Operating mode:
158
159 \begin{itemize}
160 \item \texttt{ap} \\
161 Access point mode
162
163 \item \texttt{sta} \\
164 Client mode
165
166 \item \texttt{adhoc} \\
167 Ad-Hoc mode
168
169 \item \texttt{monitor} \\
170 Monitor mode
171
172 \item \texttt{wds} \\
173 WDS point-to-point link
174
175 \end{itemize}
176
177 \item \texttt{ssid}
178 Set the SSID to be used on the wifi device.
179
180 \item \texttt{bssid}
181 Set the BSSID address to be used for wds to set the mac address of the other wds unit.
182
183 \item \texttt{encryption} \\
184 Encryption setting. Accepts the following values:
185
186 \begin{itemize}
187 \item \texttt{none}
188 \item \texttt{wep}
189 \item \texttt{psk}, \texttt{psk2} \\
190 WPA(2) Pre-shared Key
191
192 \item \texttt{wpa}, \texttt{wpa2} \\
193 WPA(2) RADIUS
194 \end{itemize}
195
196 \item \texttt{key, key1, key2, key3, key4} (wep, wpa and psk) \\
197 WEP key, WPA key (PSK mode) or the RADIUS shared secret (WPA RADIUS mode)
198
199 \item \texttt{server} (wpa) \\
200 The RADIUS server ip address
201
202 \item \texttt{port} (wpa) \\
203 The RADIUS server port (defaults to 1812)
204
205 \item \texttt{hidden} \\
206 0 broadcasts the ssid; 1 disables broadcasting of the ssid
207
208 \item \texttt{isolate} \\
209 Optional: Isolation is a mode usually set on hotspots that limits the clients to communicate only with the AP and not with other wireless clients.
210 0 disables ap isolation (default); 1 enables ap isolation.
211
212 \end{itemize}
213
214 \paragraph{Wireless Distribution System}
215
216 WDS is a non-standard mode which will be working between two Broadcom devices for instance
217 but not between a Broadcom and Atheros device.
218
219 \subparagraph{Unencrypted WDS connections}
220
221 This configuration example shows you how to setup unencrypted WDS connections.
222 We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
223 and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).
224
225 \begin{Verbatim}
226 config wifi-device "wl0"
227 option type "broadcom"
228 option channel "5"
229
230 config wifi-iface
231 option device "wl0"
232 option network lan
233 option mode "ap"
234 option ssid "OpenWrt"
235 option hidden "0"
236 option encryption "none"
237
238 config wifi-iface
239 option device "wl0"
240 option network lan
241 option mode wds
242 option ssid "OpenWrt WDS"
243 option bssid "ca:fe:ba:be:00:02"
244 \end{Verbatim}
245
246 \subparagraph{Encrypted WDS connections}
247
248 It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
249 \texttt{psk+psk2} modes are supported. Configuration below is an example
250 configuration using Pre-Shared-Keys with AES algorithm.
251
252 \begin{Verbatim}
253 config wifi-device wl0
254 option type broadcom
255 option channel 5
256
257 config wifi-iface
258 option device "wl0"
259 option network lan
260 option mode ap
261 option ssid "OpenWrt"
262 option encryption psk2
263 option key "<key for clients>"
264
265 config wifi-iface
266 option device "wl0"
267 option network lan
268 option mode wds
269 option bssid ca:fe:ba:be:00:02
270 option ssid "OpenWrt WDS"
271 option encryption psk2
272 option key "<psk for WDS>"
273 \end{Verbatim}
274
275
276 \paragraph{Limitations:}
277
278 There are certain limitations when combining modes.
279 Only the following mode combinations are supported:
280
281 \begin{itemize}
282 \item \textbf{Broadcom}: \\
283 \begin{itemize}
284 \item 1x \texttt{sta}, 0-3x \texttt{ap}
285 \item 1-4x \texttt{ap}
286 \item 1x \texttt{adhoc}
287 \item 1x \texttt{monitor}
288 \end{itemize}
289
290 WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
291 settings with the master interface, which is done automatically).
292
293 \item \textbf{Atheros}: \\
294 \begin{itemize}
295 \item 1x \texttt{sta}, 0-Nx \texttt{ap}
296 \item 1-Nx \texttt{ap}
297 \item 1x \texttt{adhoc}
298 \end{itemize}
299
300 N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
301 changed by loading the module with the maxvaps=N parameter.
302 \end{itemize}
303
304 \paragraph{Adding a new driver configuration}
305
306 Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
307 you might be interested in adding support for another driver like Ralink RT2x00,
308 Texas Instruments ACX100/111.
309
310 The driver specific script should be placed in \texttt{/lib/wifi/<driver>.sh} and has to
311 include several functions providing :
312
313 \begin{itemize}
314 \item detection of the driver presence
315 \item enabling/disabling the wifi interface(s)
316 \item configuration reading and setting
317 \item third-party programs calling (nas, supplicant)
318 \end{itemize}
319
320 Each driver script should append the driver to a global DRIVERS variable :
321
322 \begin{Verbatim}
323 append DRIVERS "driver name"
324 \end{Verbatim}
325
326 \subparagraph{\texttt{scan\_<driver>}}
327
328 This function will parse the \texttt{/etc/config/wireless} and make sure there
329 are no configuration incompatibilities, like enabling hidden SSIDS with ad-hoc mode
330 for instance. This can be more complex if your driver supports a lof of configuration
331 options. It does not change the state of the interface.
332
333 Example:
334 \begin{Verbatim}
335 scan_dummy() {
336 local device="$1"
337
338 config_get vifs "$device" vifs
339 for vif in $vifs; do
340 # check config consistency for wifi-iface sections
341 done
342 # check mode combination
343 }
344 \end{Verbatim}
345
346 \subparagraph{\texttt{enable\_<driver>}}
347
348 This function will bring up the wifi device and optionally create application specific
349 configuration files, e.g. for the WPA authenticator or supplicant.
350
351 Example:
352 \begin{Verbatim}
353 enable_dummy() {
354 local device="$1"
355
356 config_get vifs "$device" vifs
357 for vif in $vifs; do
358 # bring up virtual interface belonging to
359 # the wifi-device "$device"
360 done
361 }
362 \end{Verbatim}
363
364 \subparagraph{\texttt{disable\_<driver>}}
365
366 This function will bring down the wifi device and all its virtual interfaces (if supported).
367
368 Example:
369 \begin{Verbatim}
370 disable_dummy() {
371 local device="$1"
372
373 # bring down virtual interfaces belonging to
374 # "$device" regardless of whether they are
375 # configured or not. Don't rely on the vifs
376 # variable at this point
377 }
378 \end{Verbatim}
379
380 \subparagraph{\texttt{detect\_<driver>}}
381
382 This function looks for interfaces that are usable with the driver. Template config sections
383 for new devices should be written to stdout. Must check for already existing config sections
384 belonging to the interfaces before creating new templates.
385
386 Example:
387 \begin{Verbatim}
388 detect_dummy() {
389 [ wifi-device = "$(config_get dummydev type)" ] && return 0
390 cat <<EOF
391 config wifi-device dummydev
392 option type dummy
393 # REMOVE THIS LINE TO ENABLE WIFI:
394 option disabled 1
395
396 config wifi-iface
397 option device dummydev
398 option mode ap
399 option ssid OpenWrt
400 EOF
401 }
402 \end{Verbatim}
Staging tree of florian