DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
Old 27th April 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

One that confuses users switching over from FreeBSD and Linux is that OpenBSD's implementation of WPA is in the kernel, there is no wpa_supplicant userland component.

As jggimi mentioned, in order to utilize the kernels software WPA support, drivers must first support it.

The 4.4 release was the first that offered WPA-PSK/WPA2-PSK but it didn't support every wireless chipset in the tree, 4.5 has come a long way since then.. so presumably more drivers will support it come May.
Reply With Quote
Old 27th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

What's funny is that I've only ever used FreeBSD as a RAID server for some file storage. I've always used OpenBSD for my routing and firewalls.

I've typically found that the general idea of setting something up is pretty much the same across *nix's, with the main differences being
a) where the file is stored (/etc, /etc/hostapd, etc)
and b) some slight changes in command name (sfdisk or fdisk) and parameters.
Obviously I was very wrong in this case!

I've done WEP configuration only once before, and it was years ago, and I can't honestly remember whether it was on FreeBSD or OpenBSD. Since I was more than likely just toying around for geekpoints, and considering my confusion now, I'm guessing it was on FreeBSD.

It really never occured to me that OpenBSD would include the encryption in the kernel - it makes sense to do so, and I'm really glad that they did. Hopefully when I get a chance to toy around again tonight with the -current v4.5 I d/led and installed yesterday I'll be able to get this thing working with no problems.

At the very least, WEP encryption for the moment would be nice, just to let me know that I'm on the right track!
Reply With Quote
Old 28th April 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by geekswordsman View Post
I agree that it should, but you never know. It may not even be ifconfig that causing the hang, it could be wpa-psk. It's something that's supposed to be supported, which to me means that they've tested it successfully. I just need to duplicate what they did, which may mean going back to an i386 architecture.
Atheros has come out recently with a number of variations on the same chip family which ath(4) does not currently support. If you post the output of dmesg(8), then we might be able to diagnose whether or not your particular chip will support WPA or not, but as others that already stated, OpenBSD 4.5 will be released 1 May.
Reply With Quote
Old 28th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

Here's the dmesg | grep ath0:
Code:
ath0 at pci3 dev 6 function 0 "Atheros AR5212" rev 0x01: apic 4 int 21 (irq 5)
ath0: AR2414 7.9 phy 4.5 rf2413 5.6, FCC2A*, address 00:14:6c:89:52:3b
Didn't have much time to test anything out last night unfortunately. Just had a chance to re-run my ifconfig with the wpapsk parameter specified like I thought it should be, and got the same issue - just a system freeze with no errors. Hopefully I'll have some time to poke at it more tonight.
Reply With Quote
Old 28th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The driver does not support WPA for the AR5212, yet, according to the -current man page.
Reply With Quote
Old 28th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

Thanks jggimi. I'll try just WEP encryption to see if that works tonight. Security wise, I can always force mac-address authentication for the time being until it does become available.
Reply With Quote
Old 28th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I'd already mentioned it in post #13.
Quote:
Security wise, I can always force mac-address authentication...
That does not provide security, just policy.

If you're interested in authentication, consider authpf(8). In combination with a VPN or with SSH tunneling, you can have authentication, authorization, and encryption, all without WPA or WEP.
Reply With Quote
Old 28th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

Quote:
Originally Posted by jggimi View Post
I'd already mentioned it in post #13.
You also mentioned in #15 that the -current snapshot ath(4) driver supported wpa, which I am using

Quote:
Originally Posted by jggimi View Post
If you're interested in authentication, consider authpf(8). In combination with a VPN or with SSH tunneling, you can have authentication, authorization, and encryption, all without WPA or WEP.
There's a thought that may just warrant investigation.
Reply With Quote
Old 28th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

It's hard to tell what's going on with ath from the man page or announcements. And looking through the CVS logs in src/sys/dev/ic/ar52* doesn't help. One has to try it. And so far, it doesn't appear to work.

As for authpf, I recently posted a sample configuration:

http://www.daemonforums.org/showthre...3099#post22947
Reply With Quote
Old 28th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

Quote:
Originally Posted by jggimi View Post
It's hard to tell what's going on with ath from the man page or announcements. And looking through the CVS logs in src/sys/dev/ic/ar52* doesn't help. One has to try it. And so far, it doesn't appear to work.
You sir, are unfortunately correct. Of course, I was having problems with WEP as well, but that I may have just been fat-fingering something.

Quote:
Originally Posted by jggimi,23267
As for authpf, I recently posted a sample configuration:

http://www.daemonforums.org/showthre...3099#post22947
Good stuff! Appreciate it.
Reply With Quote
Old 1st May 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Smile It Lives!

So after no luck at all with the pre-release snapshot of 4.5 this week, I decided to go ahead and give it a shot tonight with the official release version.

Fired it up, immediately attempted an ifconfig on ath0, and system froze. Attempted numerous configurations, but anytime I specified a nwid with hostap enabled the system would lock up, no errors.

I could enable hostap, but that doesn't exactly do me any good without having a NWID to connect to, and some form of security on it!

So did a little digging, and notice a little nugget right out of the ath(4) man page that I have somehow overlooked:
Code:
   The following hostname.if(5) example creates a host-based access point on
     boot:

           inet 192.168.1.1 255.255.255.0 NONE media autoselect \
                   mediaopt hostap nwid my_net chan 11
Now that's interesting... Why is it using inet and not ifconfig? And I need to specify the nwid after hostap? Logically it makes sense, but why do I need to use inet directly and not ifconfig?

Apparently hostap mode on wireless networks is not controllable via ifconfig. It needs to be handled by inet directly. And this means that you must create a hostname.if file with the parameters, and do
Code:
# sh /etc/netstart
to get the interface up. Here's my final hostname.ath0 (nwid and wpa-psk obfuscated, obviously)
Code:
inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap /
nwid my_network wpa wpaakms psk wpaprotos wpa1 wpapsk $(wpa-psk /
my_network mywpapskey)
That's all that's needed! Setting up dhcpd and pf is of course still required, but at least my wireless host is now working

Thanks again to everyone for the assist!
Reply With Quote
Old 1st May 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by geekswordsman View Post
Now that's interesting... Why is it using inet and not ifconfig?
I suspect you are reading "inet" & thinking inetd(8). "inet" is used to differentiate the following address as an IPv4 address. IPv6 addresses are denoted by "inet6". For more information, see ifconfig(8) & Section 6.2:

http://openbsd.org/faq/faq6.html#Setup
Reply With Quote
Old 1st May 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

Quote:
Originally Posted by ocicat View Post
I suspect you are reading "inet" & thinking inetd(8).
You are correct, my misprint!
Reply With Quote
Old 1st May 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The hostname.<nic> files are configuration files for ifconfig. See hostname.if(5).
Reply With Quote
Old 2nd May 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

But what I find interesting is that issuing the command directly to ifconfig results in a system freeze. The only way I can get it to work without a freeze is through the hostname.ath0.
Reply With Quote
Old 2nd May 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by geekswordsman View Post
...the command directly to ifconfig results in a system freeze. The only way I can get it to work without a freeze is through the hostname.ath0.
Please consider taking the time to organize as much information as possible to create a formal (complete) problem report to the developers. Information on what is considered relevant, necessary, & informative can be found at the following link:

http://openbsd.org/report.html

This site is independent of the project proper. Developers affiliated with the development of OpenBSD are not (generally) aware of discussions here, so any abnormal behaviour discussed here needs to be formally submitted in terms of problem reports if such problems are/can be resolved.

As mentioned previously, there are a certain number of recent Atheros chipsets which are similar to what was referenced in the creation of ath(4) but not entirely the same. I have seen one properly identified in dmesg(8) output which then crashes the kernel in -current upon scanning for available access points. Not that this identifies what you are encountering, but for the developers to resolve such problems, they need as much useful information as possible.
Reply With Quote
Old 2nd May 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Default

I'll take a look and do that. I may have the same chipset - when entering a NWID directly into ifconfig (ie, ifconfig ath0 dhcp nwid something), my system would freeze.

I've noticed that right now, the system only wants to operate in 802.11b, not sure why. Going to investigate that further too.

At least I have a wap again!
Reply With Quote
Reply

Tags
hostapd, openbsd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible SMP Issue? MetalHead OpenBSD General 1 25th November 2008 03:52 AM
Dual ath cards with WPA2 in hostapd? Malinda FreeBSD Security 4 8th June 2008 08:34 PM
Nagios issue scottro General software and network 5 31st May 2008 10:18 AM
RAM issue nikkon FreeBSD General 5 7th May 2008 04:26 AM


All times are GMT. The time now is 08:02 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick