summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlan Hicks <alan@slackware.com>2010-01-12 21:05:44 -0500
committerAlan Hicks <alan@slackware.com>2010-01-12 21:05:44 -0500
commitcfac810ce1683ddd101d3b44eb7ee3a383c73fca (patch)
tree894391f7f5784a2a94b21b2cb0d280ac44769b3a
parentc1c4379a5efe307e8a5262edd726aeec2b188ed2 (diff)
downloadslackbook-cfac810ce1683ddd101d3b44eb7ee3a383c73fca.tar.xz
Chapter 14 rough draft completed.
-rw-r--r--chapter_14.xml259
1 files changed, 248 insertions, 11 deletions
diff --git a/chapter_14.xml b/chapter_14.xml
index 9bbe28a..c3b6d8a 100644
--- a/chapter_14.xml
+++ b/chapter_14.xml
@@ -62,30 +62,111 @@ should know that you'll have to break a 2048-bit SSL key before the
access point will let you communicate with my LAN.)
</para>
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
+ freq 2.432G</userinput></screen>
+
+<para>
+The <arg>freq</arg> and <arg>channel</arg> arguments control basically
+the same thing. You only need to use one. If you are unsure what
+frequency or channel to use, Slackware can usually figure this out for
+you.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
+ channel auto</userinput></screen>
+
+<para>
+Now Slackware will attempt to connect to the strongest access point on
+the "nest" essid operating at any frequency.
+</para>
+
</section>
<section>
<title>Wired Equivilant Protection (or Lack Thereof)</title>
<para>
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
-eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
-minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
-ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
-voluptate velit esse cillum dolore eu fugiat nulla pariatur.
+Wireless networking is by its very nature less secure than wired
+networking. Having your information travelling on the airwaves makes it
+highly susceptible to interception by third paries, so over the years a
+number of methods have been devised to make wireless networking more
+secure. The first was called Wired Equivilant Protection, or WEP for
+short, and well far short of its goal. If you are still using WEP
+today, I encourage you to consider using WPA2 or some other form of
+stronger encryption. Attacks against WEP are trivial and take only
+minutes to perform. Unfortunately there are still access points
+configured for WEP, and you may need to connect to one from time to
+time. Connecting to WEP encrypted access points is fairly simple,
+particularly if you have the key in hexidecimal format. We'll need to
+pass the <arg>key</arg> argument along with the password in hexidecimal
+or ASCII format. If using an ASCII password, you'll need to prepend it
+with "s:"; here's a couple examples. Generally speaking, hexidecimal
+format is prefered.
</para>
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
+ key cf80baf8bf01a160de540bfb1c</userinput>
+<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
+ key s:thisisapassword</userinput>
+</screen>
+
</section>
<section>
-<title>WPA</title>
+<title>Wifi Protected Access</title>
+
+<para>
+Wifi Protected Access (or WPA for short) was the successor for WEP that
+aimed to fix several problems with wireless encryption. Unfortunately,
+WPA had some flaws as well. An update called WPA2 offers even stronger
+protection. At this time, WPA2 is supported by nearly all wireless
+network cards and access points, but some older devices may only
+support WEP. If you need to secure your wireless network traffic, WPA2
+should be considered the minimum level of protection required.
+Unfortunately, <application>iwconfig</application> is unable to setup
+WPA2 encryption on its own. For that, we need a helper daemon,
+<application>wpa_supplicant</application>(8).
+</para>
+
+<para>
+Unfortunately, there's no easy way to manually configure a WPA2
+protected network; you'll have to edit
+<filename>/etc/wpa_supplicant.conf</filename> directly with a text
+editor. Here we will discuss the simplest form of WPA2 protection, the
+Pre-Shared Key, or PSK for short. For details on setting up Slackware
+to connect to more complicated WPA2 encrypted networks, see the man
+page for <filename>wpa_supplicant.conf</filename>.
+</para>
+
+<screen>
+# /etc/wpa_supplicant.conf
+# ========================
+# This line enables the use of wpa_cli which is used by rc.wireless
+# if possible (to check for successful association)
+ctrl_interface=/var/run/wpa_supplicant
+# By default, only root (group 0) may use wpa_cli
+ctrl_interface_group=0
+eapol_version=1
+ap_scan=1
+fast_reauth=1
+#country=US
+
+# WPA protected network, supply your own ESSID and WPAPSK here:
+network={
+ scan_ssid=1
+ ssid="nest"
+ key_mgmt=WPA-PSK
+ psk="secret passphrase"
+}
+</screen>
<para>
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
-eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
-minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
-ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
-voluptate velit esse cillum dolore eu fugiat nulla pariatur.
+The block of text we're interested in is the network block enclosed by
+curly braces. Here we have set the ssid for the network "nest", as well
+as the PSK to use "secret passphrase". At this point, WPA2 is setup.
+You can run <application>wpa_supplicant</application> and then obtain
+an IP address via DHCP or set a static address. Of course, this is a
+lot of work, there must be an easier way to do this.
</para>
</section>
@@ -93,6 +174,162 @@ voluptate velit esse cillum dolore eu fugiat nulla pariatur.
<section>
<title>rc.inet1.conf revisited</title>
+<para>
+Welcome back to <filename>rc.inet1.conf</filename>. You're recall in
+the last chapter that we used this configuration file to automatically
+configure NICs whenever Slackware boots. Now, we will use it to
+configure wifi as well. If you're using WPA2, you'll still need to
+setup <filename>wpa_supplicant.conf</filename> properly first, however.
+</para>
+
+<para>
+Recall that each NIC had a name or number that identified the variables
+that corrospond with it? The same hold true for wifi NICs, only they
+have even more variables due to the added complexity of wireless
+networking.
+</para>
+
+<screen>
+# rc.inet1.conf (excert)
+# ======================
+## Example config information for wlan0. Uncomment the lines you need and fill
+## in your info. (You may not need all of these for your wireless network)
+IFNAME[4]="wlan0"
+IPADDR[4]=""
+NETMASK[4]=""
+USE_DHCP[4]="yes"
+#DHCP_HOSTNAME[4]="icculus-wireless"
+#DHCP_KEEPRESOLV[4]="yes"
+#DHCP_KEEPNTP[4]="yes"
+#DHCP_KEEPGW[4]="yes"
+#DHCP_IPADDR[4]=""
+WLAN_ESSID[4]="nest"
+#WLAN_MODE[4]=Managed
+#WLAN_RATE[4]="54M auto"
+#WLAN_CHANNEL[4]="auto"
+#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7"
+#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \
+# set EncrypType=TKIP | \
+# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16"
+WLAN_WPA[4]="wpa_supplicant"
+#WLAN_WPADRIVER[4]="ndiswrapper"
+</screen>
+
+<para>
+When we discussed wired ethernet, each "n" in the variable corrosponded
+with the "n" in ethn. Here however, that no longer holds true. Notice
+that the variable IFNAME[4] has a value of "wlan0". It is common for
+wireless cards to have an interface name other than "ethn" and that is
+reflected here. When <filename>rc.inet1.conf</filename> is read by the
+start-up scripts, Slackware knows to apply all these options to the
+"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC.
+Many of the other options are the same. IP address information is
+added in exactly the same way we discussed for wired network cards in
+the previous chapter; however, we have a lot of new variables that need
+some explaination.
+</para>
+
+<para>
+To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory
+by now; they refer the the essid and frequency to use. WLAN_MODE[n] is
+either "managed" or "ad-hoc". Anyone connecting to an access point
+will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if
+you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated
+variable that sets other variables inside itself. WLAN_IWPRIV[n] is
+used for WPA2 networks. Here you tell Slackware what authentication
+mode, encryption type, and key to use for WPA2 connections. Please
+note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you
+can't use both on the same interface. If you successfully configure
+all this, then Slackware will attempt to connect to your wireless
+network as soon as the system boots.
+</para>
+
+<para>
+But wait, that's so much work! And what if I need to connect to
+multiple wireless networks? I take my laptop to work and school and
+need to seemlessly setup those wireless connections as soon as one is
+within range. Doing things this way is simply too much work. You're
+absolutely correct.
+</para>
+
+</section>
+
+<section>
+<title>wicd</title>
+
+<para>
+Introducing <application>wicd</application>(8), the premier wired and
+wireless network connection manager for the laptop user on the go.
+Pronounced "wicked", <application>wicd</application> is capable of
+storing information for any number of wireless networks you need and
+connecting to them with a simple command or the click of a mouse.
+<application>wicd</application> is not part of the default Slackware
+installation at this time, as it interferes somewhat with the normal
+way of configuring network adapters, but you can find it in the
+<filename>/extra</filename> directory of your Slackware install disks
+or at your favorite mirror. <application>wicd</application> is both a
+network connection daemon and a graphical application for configuring
+networks. The CLI isn't forgotten either, as
+<application>wicd-curses</application>(8) is every bit as powerful as
+the traditional GUI front-end. In order to use
+<application>wicd</application>, you will need to disable support for
+any interfaces you have in <filename>rc.inet1.conf</filename> first.
+</para>
+
+<screen>
+# rc.inet1.conf
+# =============
+# Config information for eth0:
+IPADDR[0]=""
+NETMASK[0]=""
+USE_DHCP[0]="no"
+DHCP_HOSTNAME[0]=""
+# Default gateway IP address:
+GATEWAY=""
+</screen>
+
+<para>
+Now we can install <application>wicd</application>, setup the daemon to
+run on system boot-up, and begin using a more friendly application.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput>
+<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput>
+<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput>
+</screen>
+
+<para>
+If you're predominately using the console, simply run
+<application>wicd-curses</application> from your command line. If
+instead, you are using a graphical desktop provided by
+<application>X</application>, you can start the graphical front-end
+from either the KDE or XFCE menu. Optionally, you could manually run
+<application>wicd-client</application>(1) from a terminal or run
+dialogue.
+</para>
+
+<para>
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+</para>
+
</section>
</chapter>