DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Question hostapd on new install issue?

Hey everyone.

Just fresh installed the amd64 v4.4 on a new home server I'm building. Nothing too crazy, just an upgraded replacement over my current i386 v4.3 box. The main new feature is that I'm adding an atheros based wireless card to let the server act as a wap.

Everything installs correctly, but when I go to run hostapd, I get this:

# hostapd
hostapd: /etc/hostapd.conf: group/world readable/writeable
failed to open the main config file: /etc/hostapd.conf
# ls /etc/hostapd.conf
/etc/hostapd.conf
#

Not sure why it's having a problem opening - config file is in the right place ( I have even tried placing it elsewhere and specifying it, to no avail). I've tried the default config file as well as my custom one (pretty much just activating WPA and setting up the passphrase).

Any ideas on why it's doing this? If you need any additional info let me know.
Reply With Quote
  #2   (View Single Post)  
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Use "ls -l" -- the error message says that the file is unprotected. It should be owned by root:wheel, chmod 600 (-rw-------).
Reply With Quote
  #3   (View Single Post)  
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Question

That solved it, and uncovered a new problem... Maybe I'm out of practice with my hostapd.conf writing, but it's rejecting what (used to) work just fine. Here's my file, with the lines that are causing errors marked with * :

---hostapd.conf---
*interface=ath0
driver=bsd
*logger_syslog=-1
*logger_syslog_level=0
*logger_stdout=-1
*logger_stdout_level=0
*debug=3
*dump_file=/tmp/hostapd.dump
*ctrl_interface=/usr/sbin/hostapd
ctrl_interface_group=wheel
ssid=mynetwork
macaddr_acl=0
*auth_algs=1

*wpa=1
wpa_passphrase=mynetworkpwphrase
wpa_key_magmt=WPA-PSK
wpa_pairwise=CCMP TKIP
---end hostapd.conf---

As you can see, all I'm trying to do is setup a simple WPA encryption on my wireless card. I've read through the man pages for hostapd.conf and couldn't see anyway to do it, and haven't been able to find an example though searches.

Any insights appreciated.
Reply With Quote
  #4   (View Single Post)  
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

It appears to me that the sample configuration file (the default install's /etc/hostapd.conf, that you apparently replaced with your own after doing a clean install, and prompting this thread), has been unchanged since February 2007.

I don't use hostapd. I've just looked at the man page. And it seems to me that:
Your first error is an apparent macro assignment and is attempting to using the reserved word "interface".

Your second line doesn't produce an error message, instead it assignes the macro "driver" and then never uses it.

And so on... repetitively, through the rest of the file.
Because you have destroyed your sample hostapd.conf file, I will replicate it here, so that you may copy/paste/edit as needed.
Code:
# $OpenBSD: hostapd.conf,v 1.11 2007/02/27 20:53:45 david Exp $
# sample hostapd configuration file
# see hostapd.conf(5)

# "wavelan is a battle field"

#
# Macros
#

# Define macros for the interfaces to be used by hostapd. The "wlan"
# interface is optional.
wlan="ath0"
wired="sis0"

#
# Tables
#

# Define the MAC addresses (BSSIDs) for your accesspoints in a table.
table <myess> {
    00:90:4b:0d:fd:c8,
    00:02:6f:21:ea:8b
}

# Address masks are providing a simple way to match by MAC vendor ID.
#
# table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }

#
# Global options
#

# Comment this option to run hostapd in passive IAPP logging mode.
set hostap interface $wlan

# Use default radiotap mode.
set hostap mode radiotap

# Uncomment these options to jump to the next channel every 2 seconds.
#set hostap hopper interface $wlan
#set hostap hopper delay 2000

# Use multicast (according to the revised standard).
set iapp interface $wired
set iapp mode multicast

# The following mode is compatible to some pre-standard IAPP implementations
#set iapp mode broadcast port 2313

#
# Event rules
#

# Log probe requests.
hostap handle type management subtype probe request \
    with iapp type radiotap

# Log and annoy foreign accesspoints.
#
# This will be logged as well but the important thing is to
# annoy other accesspoints in your wireless territory.
hostap handle type data bssid !<myess> \
    with frame type management subtype deauth reason auth expire \
    from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid

# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11"
# attack.
#
# hostap handle type data bssid !<myess> \
#    with frame type management subtype deauth reason auth expire \
#    from &bssid to &from bssid &bssid

# Detect flooding of management frames except beacons.
# This will detect some possible Denial of Service attacks
# against the IEEE 802.11 protocol (like "void11").
hostap handle skip type management subtype ! beacon \
    with log \
    rate 100 / 10 sec

# Finally log any rogue accesspoints limited to every second.
hostap handle skip type management subtype beacon bssid !<myess> \
    with iapp type radiotap limit 1 sec
Reply With Quote
  #5   (View Single Post)  
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Thankfully I've learned to always make backups of defaults, so I still have it

I guess what's confusing to me is that the configuration file I created works just fine with hostapd in FreeBSD. Doing a little digging I haven't seen anything that specifies different builds between FreeBSD and OpenBSD, including scouring the hostapd main site (http://hostap.epitest.fi/hostapd). In fact, the example hostapd.conf from their site, while much more detailed, is remarkably similar to mine...

Going to try and re-install using the 0.6.9 version directly from epitest, and see if that works. Thanks again for the help.
Reply With Quote
  #6   (View Single Post)  
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Ok, some more searching and I've found that there are two different versions of hostapd, one by Jouni Malinen, the other by the OpenBSD folks, and they are, in fact, two very, very different beasts.

Saying that, what is the best way to configure a wap on OpenBSD? I had always read that hostapd was the quickest, easiest way, but so far it continues to thwart me.

Thanks.
Reply With Quote
  #7   (View Single Post)  
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by geekswordsman View Post
...they are, in fact, two very, very different beasts....
That is usually the case. There are around 15 years of development separating the OSes.
Quote:
Saying that, what is the best way to configure a wap on OpenBSD?
OpenBSD's hostapd. But this time, be sure to use OpenBSD's man page, and edit the sample rather than using a FreeBSD configuration file.
Reply With Quote
  #8   (View Single Post)  
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Well that would make sense. I'll poke at it and see what if I can't get it working.

I'm actually surprised by the lack of easily-findable information regarding setting something so simple up. Don't suppose you happen to know of any sample documents otherwise regarding this?

Thanks again for the info.
Reply With Quote
  #9   (View Single Post)  
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Improve large wireless networks with hostapd(8)

Proactive wireless networks with hostapd(8)
Reply With Quote
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Thanks. Unfortunately I had already read both of those articles and they don't actually go into how to setup the WPA encryption and passphrase.
Reply With Quote
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

AFAIK, one sets hostap mode, and WPA keys, with ifconfig.

You've hit a very small group of OpenBSD users, here, and, over a weekend, when activity is lower.

If you don't want to wait a day or two, you might consider posting to misc@.
Reply With Quote
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

I've been poking at this for about a week now trying to get it working, so a little longer isn't too big of a deal =P

Attempting to set it up through ifconfig is resulting in a kernel trap. This is a good card (Atheros AR5212), though I'm wondering if it isn't something with the AMD64 distribution. I may have to try installing an i386 dist and testing it there as well.

Thanks again for the help.
Reply With Quote
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by geekswordsman View Post
Attempting to set it up through ifconfig is resulting in a kernel trap.
You are trying to solve two different problems: 1) understanding OpenBSD's hostapd is very different than FreeBSD's, and the extent of the differences. 2) WPA for ath(4).

The man page for ath(4) says:
Code:
AR5211 and AR5212 support the AES, TKIP, and Michael cryptographic opera-
tions required for WPA but at this time the driver does not support them.
Look to your chipset.

Last edited by jggimi; 26th April 2009 at 09:32 PM.
Reply With Quote
Old 26th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

*faceplants*

That's just wonderful. Guess I'll try FreeBSD again, as I had it working on there, but had a completely different issue regarding my internal NIC. Not to mention the FreeBSD AMD64 install isn't the most stable.

Thanks very much for the assist jggimi. I feel like a total dumb $$$ for not having found any of that info before (as I said, I've been working on this for about a week now!!!) and you pull it up in no time... But I'd rather feel like this than still be frustrated out of my head as to why it's not working! =P
Reply With Quote
Old 26th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

4.5 will be out next week; included in 4.5 is the following change:
Quote:
The ath(4) driver now has WPA-PSK support.
The details say:
Quote:
Switched ath(4) to softcrypto to enable support for WPA/WPA2
If you don't want to wait another week, just test with a -current snapshot.
Reply With Quote
Old 27th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Decided to try and test out even just WEP encryption, and had the same kernel trap.

Downloaded the 4.5 snapshot (I do like the installer better), attempted to configure WPA and got no kernel trap, just the entire system froze.

My command:

ifconfig ath0 192.168.1.1 nwid my_network wpaakms 'psk' wpaciphers 'tkip' wpapsk 'my_wpa_passphrase' mediaopt hostap

I had always thought that wireless options in ifconfig were only for connecting, not for host setup, and that another program configured the actual hosting part.

I'll probably try FreeBSD again on a spare HDD that I have, and hopefully resolve the problem with my internal NIC.

Thanks again for the advice.
Reply With Quote
Old 27th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Quote:
...and that another program configured the actual hosting part.
Not on OpenBSD. The hostapd tool you were attempting to use has a different purpose:
Quote:
DESCRIPTION
hostapd is a daemon which allows communication between different 802.11
wireless access points running in Host AP mode.

hostapd implements the Inter Access Point Protocol (IAPP). Its purpose
is to exchange station association updates between access points in large
wireless networks. IAPP has been designed to speed up roaming between
different access points in the same Extended Service Set (ESS). IAPP is
described in the IEEE 802.11f standard.

hostapd additionally allows the monitoring and logging of station associ-
ations on a non-hostap host which is receiving IAPP messages.....
Sorry things didn't work out for you with this particular hardware configuration. You might still want to post your "freeze" to misc@; it's possible one of the driver developers may have a new fix available or a suggestion. Just post your dmesg and the failing ifconfig command.
Reply With Quote
Old 27th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jggimi View Post
Not on OpenBSD. The hostapd tool you were attempting to use has a different purpose
As I have now learned ^_^ Thanks!

Quote:
Originally Posted by jggimi View Post
Sorry things didn't work out for you with this particular hardware configuration. You might still want to post your "freeze" to misc@; it's possible one of the driver developers may have a new fix available or a suggestion. Just post your dmesg and the failing ifconfig command.
Oh no, not at all. Actually, in doing a little more digging I found that there is an error in my ifconfig... When passing the wpa-psk, I need to also include the nwid of the network I'm connecting to. wpa-psk is actually a seperate method invoked by ifconfig that generates the hexadecimal passkey, and it requires that ssid in order to do so (where the ssid == nwid specified in ifconfig). So it's fully possible that my system freeze is a result of my passing bad/incomplete arguments to ifconfig.

At work now, so can't test it yet (stupid me and left it powered off, so can't even ssh in >_>). But I'll keep poking at it. I've been using BSD as my server OS for over 10 years now, and I'd rather keep trying at it and get it working than switch over to another OS!

If I figure it out I'll post details. Thanks again!
Reply With Quote
Old 27th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by geekswordsman View Post
...So it's fully possible that my system freeze is a result of my passing bad/incomplete arguments to ifconfig.
I don't use WPA with OpenBSD, so I've never looked into its configuration. But if it is at all possible for ifconfig to "know" it has incomplete information, I belived it should fail with an error message, the kernel should not hang. If you determine that the hang was due to a config error on your part, you should file a bug report.
Quote:
If I figure it out I'll post details. Thanks again!
Great! And you're welcome, of course, but I don't think I've helped very much.
Reply With Quote
Old 27th April 2009
geekswordsman geekswordsman is offline
Port Guard
 
Join Date: Apr 2009
Location: DC Area
Posts: 24
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jggimi View Post
I don't use WPA with OpenBSD, so I've never looked into its configuration. But if it is at all possible for ifconfig to "know" it has incomplete information, I belived it should fail with an error message, the kernel should not hang. If you determine that the hang was due to a config error on your part, you should file a bug report.
I agree that it should, but you never know. It may not even be ifconfig that causing the hang, it could be wpa-psk. It's something that's supposed to be supported, which to me means that they've tested it successfully. I just need to duplicate what they did, which may mean going back to an i386 architecture.

Quote:
Originally Posted by jggimi View Post
Great! And you're welcome, of course, but I don't think I've helped very much.
I disagree. You've kept hair on my head by providing quick responses with great, simple insight. It's what I needed. I tend to over-complicate things, and that's what got me so confused here about what I was doing. I think I'm on the right track now. We'll hopefully know tonight!
Reply With Quote
Reply

Tags
hostapd, openbsd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible SMP Issue? MetalHead OpenBSD General 1 25th November 2008 03:52 AM
Dual ath cards with WPA2 in hostapd? Malinda FreeBSD Security 4 8th June 2008 08:34 PM
Nagios issue scottro General software and network 5 31st May 2008 10:18 AM
RAM issue nikkon FreeBSD General 5 7th May 2008 04:26 AM


All times are GMT. The time now is 03:21 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick