DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default Connecting to router wirelessly

I recently installed OBSD on my laptop, and I'd like to bring it around the house to use it whenever.

The router has WPA2 for wireless security enabled, because I'm mainly concerned about other people connecting to it or maybe even sniffing packets of the information I'm exchanging with the internet wirelessly.

I checked the wireless support section of the Networking documentation on the OBSD website, and I think it said WPA was not supported for ath(4) type wireless cards. (I have a Linksys WPC55AG PCMCIA card.) But I tried to Google some information, and recent posts from 2008 were saying that WPA encryption was functioning on Atheros chip based cards.

I'm not sure how to go about this, but first I'd like to confirm whether or not I can use my wireless card as of now.
Reply With Quote
  #2   (View Single Post)  
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

If you read the -current man page for ath(4), you will see WPA mentioned only in regards to two chipsets that can conduct cryptographic operations, and that the driver does not yet support WPA.

The PCI driver for ath(4) has not been updated in 5 months.

The chipset management software for ath(4) was updated several times, approximately four months ago, to add software crypto to support WPA and WPA2.

Note that all of these updates are in -current.

Since the driver has not been updated, it appears to me that development is not yet complete.
Reply With Quote
  #3   (View Single Post)  
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

What alternatives would you suggest now if one wanted to surf the web securely over wireless with OBSD?
Reply With Quote
  #4   (View Single Post)  
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

For my WiFi, I use neither WPA nor WEP. Instead, I use authpf(8) for authentication, and then ssh(1)/sshd(8) with it's built-in SOCKS proxy for encrypted web browsing.

For end users with Windows workstations, putty is used instead of ssh(1).
Reply With Quote
  #5   (View Single Post)  
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

Will it make a difference if my modem and router are one and the same? When my ISP came here to set up internet, they put this giant box in the room (it's bigger than a school binder), which is the modem and also the router, and they told me it was not possible to disable the router even if I wanted to because it was part of the modem or something.

So I'm just wondering if this will make a difference in setting up authpf if I set up another computer for all traffic to be authenticated before using the internet.
Reply With Quote
  #6   (View Single Post)  
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

Perhaps an ASCII picture of your layout would be handy.

In my case, my WiFi Access Point is a device connected to my OpenBSD router. If I understand what you've written, your WiFi access point is your ISP's router, and the only OpenBSD platform is your laptop? If so, then the only encryption available to you directly is WEP. If you have a second OpenBSD platform, it could be used to route encrypted traffic.

My environment:
Code:
                WiFi AP
                    |
{internet} -- [OpenBSD] -- {wired LAN}
A possible configuration you might be able to employ, if you have two OpenBSD systems. In this case, you can't use authpf; WEP would have to be used to control access; but improved encryption could be had by tunnelling via SSH:
Code:
{internet} -- [ISP's WiFi AP] -- {wired LAN} -- {2nd OpenBSD box}
You'd set up an SSH session between your laptop and the 2nd box, and use SSH's SOCKS proxy to provide more robust encryption.
Reply With Quote
  #7   (View Single Post)  
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

This is what my set up looks like right now:

Code:
   (Coaxial cable from wall)
                 |  
              [Modem]- antenna
             /  |  | \
             |  |  |  |
            [c][c][c][c]
And then of course my laptop which is not connected (yet).
The [c]'s are different computers. I can install OpenBSD on any of them.
The Modem has a router built into it, and it's not possible to disable it. There is an antenna sticking out of the modem which is the wireless access point. Everything is inside a single box.

My research done on WEP made me conclude to believe that it's very easily cracked, which is why I chose WPA2 on the modem/router settings and set my own passkey.

Is WEP really safe to use?

Last edited by guitarscn; 20th January 2009 at 06:04 PM.
Reply With Quote
  #8   (View Single Post)  
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

Is WEP sufficient to block inadvertant access by neighbors? Yes.

Is it sufficient to protect your network from the bored 13 year old next door? No.

WEP is breakable with simple software. The last time I checked, about 5 years ago, it would take about 15 minutes of sniffing to have enough data to crack 40-bit WEP, and on the order of a couple of hours for 128-bit WEP.

But WPA isn't a perfect solution, either. Scan down this page to see the most recent articles on WPA security breaches discussed at Slashdot : http://slashdot.org/search.pl?query=wpa

If there is a possibility of a nearby bored teenager, I recommend turning off the Access Point in your router, then have one of your wired platforms run OpenBSD, and insert an OpenBSD-supported access point via USB or PCI, or an ethernet-connected AP via a 2nd NIC. Have this OpenBSD platform be your WiFi router, inside your wired network. e.g.:
Code:
{internet} -- [ISP's router, no AP] -- {wired LAN} -- [OpenBSD router with AP] -- {WiFi}
Other options require trusting in WPA, and, either obtaining a WPA-compliant WiFi NIC for your laptop, or, using your existing ath(4) NIC with a different OS in the laptop that has a WPA-capable driver.

Last edited by jggimi; 20th January 2009 at 06:57 PM.
Reply With Quote
  #9   (View Single Post)  
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

Where can I view a list of all the OpenBSD-supported access point hardware?

For the other option, I'm not really familiar with what an "ethernet-connected access point with a second network card" is. Can you explain what that is?

So after I set this up, I can use it like I would a "standard" wireless router and set rules for who can connect to my OpenBSD router and whatnot?
Reply With Quote
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

Supported hardware can be found for your architecture starting at www.openbsd.org/plat.html -- but to discover which drivers allow "Host AP" mode, you'll have to click on each individual driver and read through the man page.

An ethernet connected Acess Point is known as a "Wireless Ethernet Bridge" and there are several makes and models, which you can find with a little bit of Google Fu. As far as the wire-connected host is concerned, WiFi connected devices are just MAC and IP addresses reached by a standard Ethernet NIC.
Reply With Quote
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

Would you mind if I asked which hardware you use for your wireless setup?
Reply With Quote
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

Sure. My WiFi AP is for home use; it's 802.11b only. The access point is an old Linksys WAP11 wireless ethernet bridge. My OpenBSD laptops use an(4) and wpi(4) NICs.

(On the road with insecure wireless I either use SSH or a VPN, as appropriate.)
Reply With Quote
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

I have a Linksys WRT54G router I had before from my previous internet connection before I switched to my current one, and it's being unused since I have the built-in router. Can I make use of the Linksys router?
Reply With Quote
Old 20th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

A very small amount of Google Fu will show that there is 3rd party firmware which can convert that device into an ethernet bridge. I don't have one, and have not read through any of the links to see what the limitations and capabilities are. I do not even know if you can reverse the process, in order to return it to a working router.

You're certainly welcome to conduct your own research, and make your own tests.
Reply With Quote
Old 20th January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

Okay, I'll have to check out those options.

Suppose I set up everything with the OpenBSD router and the wireless access point on it. What prevents other people from connecting to it and using it?
Reply With Quote
Old 21st January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,814
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by guitarscn View Post
What prevents other people from connecting to it and using it?
Please click on authpf(8), which I mentioned three times in this thread, above. Four times, now.

It is the standard authentication method for gateway routers using PF.
Reply With Quote
Old 21st January 2009
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default

Oops, sorry, I thought it was a method without using authpf. That was my last question for this topic!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Connecting to internet via adsl router michaelrmgreen FreeBSD General 3 9th August 2009 12:29 PM
pkgsrc pkg_add problems not connecting Mr-Biscuit NetBSD Package System (pkgsrc) 30 14th June 2009 11:28 AM
pkg_add problems with connecting Mr-Biscuit NetBSD Package System (pkgsrc) 2 26th May 2009 11:44 AM
System freeze when connecting USB flash drive (4.4 & 4.5 but worked in 4.3) GardenGnome OpenBSD Installation and Upgrading 11 7th May 2009 02:32 PM
Connecting to wireless router TomAmundsen FreeBSD General 19 25th August 2008 10:14 PM


All times are GMT. The time now is 05:20 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick