diff options
author | Alan Hicks <alan@slackware.com> | 2010-01-12 21:05:44 -0500 |
---|---|---|
committer | Alan Hicks <alan@slackware.com> | 2010-01-12 21:05:44 -0500 |
commit | cfac810ce1683ddd101d3b44eb7ee3a383c73fca (patch) | |
tree | 894391f7f5784a2a94b21b2cb0d280ac44769b3a | |
parent | c1c4379a5efe307e8a5262edd726aeec2b188ed2 (diff) | |
download | slackbook-cfac810ce1683ddd101d3b44eb7ee3a383c73fca.tar.xz |
Chapter 14 rough draft completed.
-rw-r--r-- | chapter_14.xml | 259 |
1 files changed, 248 insertions, 11 deletions
diff --git a/chapter_14.xml b/chapter_14.xml index 9bbe28a..c3b6d8a 100644 --- a/chapter_14.xml +++ b/chapter_14.xml @@ -62,30 +62,111 @@ should know that you'll have to break a 2048-bit SSL key before the access point will let you communicate with my LAN.) </para> +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ + freq 2.432G</userinput></screen> + +<para> +The <arg>freq</arg> and <arg>channel</arg> arguments control basically +the same thing. You only need to use one. If you are unsure what +frequency or channel to use, Slackware can usually figure this out for +you. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ + channel auto</userinput></screen> + +<para> +Now Slackware will attempt to connect to the strongest access point on +the "nest" essid operating at any frequency. +</para> + </section> <section> <title>Wired Equivilant Protection (or Lack Thereof)</title> <para> -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Wireless networking is by its very nature less secure than wired +networking. Having your information travelling on the airwaves makes it +highly susceptible to interception by third paries, so over the years a +number of methods have been devised to make wireless networking more +secure. The first was called Wired Equivilant Protection, or WEP for +short, and well far short of its goal. If you are still using WEP +today, I encourage you to consider using WPA2 or some other form of +stronger encryption. Attacks against WEP are trivial and take only +minutes to perform. Unfortunately there are still access points +configured for WEP, and you may need to connect to one from time to +time. Connecting to WEP encrypted access points is fairly simple, +particularly if you have the key in hexidecimal format. We'll need to +pass the <arg>key</arg> argument along with the password in hexidecimal +or ASCII format. If using an ASCII password, you'll need to prepend it +with "s:"; here's a couple examples. Generally speaking, hexidecimal +format is prefered. </para> +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ + key cf80baf8bf01a160de540bfb1c</userinput> +<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ + key s:thisisapassword</userinput> +</screen> + </section> <section> -<title>WPA</title> +<title>Wifi Protected Access</title> + +<para> +Wifi Protected Access (or WPA for short) was the successor for WEP that +aimed to fix several problems with wireless encryption. Unfortunately, +WPA had some flaws as well. An update called WPA2 offers even stronger +protection. At this time, WPA2 is supported by nearly all wireless +network cards and access points, but some older devices may only +support WEP. If you need to secure your wireless network traffic, WPA2 +should be considered the minimum level of protection required. +Unfortunately, <application>iwconfig</application> is unable to setup +WPA2 encryption on its own. For that, we need a helper daemon, +<application>wpa_supplicant</application>(8). +</para> + +<para> +Unfortunately, there's no easy way to manually configure a WPA2 +protected network; you'll have to edit +<filename>/etc/wpa_supplicant.conf</filename> directly with a text +editor. Here we will discuss the simplest form of WPA2 protection, the +Pre-Shared Key, or PSK for short. For details on setting up Slackware +to connect to more complicated WPA2 encrypted networks, see the man +page for <filename>wpa_supplicant.conf</filename>. +</para> + +<screen> +# /etc/wpa_supplicant.conf +# ======================== +# This line enables the use of wpa_cli which is used by rc.wireless +# if possible (to check for successful association) +ctrl_interface=/var/run/wpa_supplicant +# By default, only root (group 0) may use wpa_cli +ctrl_interface_group=0 +eapol_version=1 +ap_scan=1 +fast_reauth=1 +#country=US + +# WPA protected network, supply your own ESSID and WPAPSK here: +network={ + scan_ssid=1 + ssid="nest" + key_mgmt=WPA-PSK + psk="secret passphrase" +} +</screen> <para> -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +The block of text we're interested in is the network block enclosed by +curly braces. Here we have set the ssid for the network "nest", as well +as the PSK to use "secret passphrase". At this point, WPA2 is setup. +You can run <application>wpa_supplicant</application> and then obtain +an IP address via DHCP or set a static address. Of course, this is a +lot of work, there must be an easier way to do this. </para> </section> @@ -93,6 +174,162 @@ voluptate velit esse cillum dolore eu fugiat nulla pariatur. <section> <title>rc.inet1.conf revisited</title> +<para> +Welcome back to <filename>rc.inet1.conf</filename>. You're recall in +the last chapter that we used this configuration file to automatically +configure NICs whenever Slackware boots. Now, we will use it to +configure wifi as well. If you're using WPA2, you'll still need to +setup <filename>wpa_supplicant.conf</filename> properly first, however. +</para> + +<para> +Recall that each NIC had a name or number that identified the variables +that corrospond with it? The same hold true for wifi NICs, only they +have even more variables due to the added complexity of wireless +networking. +</para> + +<screen> +# rc.inet1.conf (excert) +# ====================== +## Example config information for wlan0. Uncomment the lines you need and fill +## in your info. (You may not need all of these for your wireless network) +IFNAME[4]="wlan0" +IPADDR[4]="" +NETMASK[4]="" +USE_DHCP[4]="yes" +#DHCP_HOSTNAME[4]="icculus-wireless" +#DHCP_KEEPRESOLV[4]="yes" +#DHCP_KEEPNTP[4]="yes" +#DHCP_KEEPGW[4]="yes" +#DHCP_IPADDR[4]="" +WLAN_ESSID[4]="nest" +#WLAN_MODE[4]=Managed +#WLAN_RATE[4]="54M auto" +#WLAN_CHANNEL[4]="auto" +#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" +#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ +# set EncrypType=TKIP | \ +# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" +WLAN_WPA[4]="wpa_supplicant" +#WLAN_WPADRIVER[4]="ndiswrapper" +</screen> + +<para> +When we discussed wired ethernet, each "n" in the variable corrosponded +with the "n" in ethn. Here however, that no longer holds true. Notice +that the variable IFNAME[4] has a value of "wlan0". It is common for +wireless cards to have an interface name other than "ethn" and that is +reflected here. When <filename>rc.inet1.conf</filename> is read by the +start-up scripts, Slackware knows to apply all these options to the +"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. +Many of the other options are the same. IP address information is +added in exactly the same way we discussed for wired network cards in +the previous chapter; however, we have a lot of new variables that need +some explaination. +</para> + +<para> +To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory +by now; they refer the the essid and frequency to use. WLAN_MODE[n] is +either "managed" or "ad-hoc". Anyone connecting to an access point +will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if +you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated +variable that sets other variables inside itself. WLAN_IWPRIV[n] is +used for WPA2 networks. Here you tell Slackware what authentication +mode, encryption type, and key to use for WPA2 connections. Please +note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you +can't use both on the same interface. If you successfully configure +all this, then Slackware will attempt to connect to your wireless +network as soon as the system boots. +</para> + +<para> +But wait, that's so much work! And what if I need to connect to +multiple wireless networks? I take my laptop to work and school and +need to seemlessly setup those wireless connections as soon as one is +within range. Doing things this way is simply too much work. You're +absolutely correct. +</para> + +</section> + +<section> +<title>wicd</title> + +<para> +Introducing <application>wicd</application>(8), the premier wired and +wireless network connection manager for the laptop user on the go. +Pronounced "wicked", <application>wicd</application> is capable of +storing information for any number of wireless networks you need and +connecting to them with a simple command or the click of a mouse. +<application>wicd</application> is not part of the default Slackware +installation at this time, as it interferes somewhat with the normal +way of configuring network adapters, but you can find it in the +<filename>/extra</filename> directory of your Slackware install disks +or at your favorite mirror. <application>wicd</application> is both a +network connection daemon and a graphical application for configuring +networks. The CLI isn't forgotten either, as +<application>wicd-curses</application>(8) is every bit as powerful as +the traditional GUI front-end. In order to use +<application>wicd</application>, you will need to disable support for +any interfaces you have in <filename>rc.inet1.conf</filename> first. +</para> + +<screen> +# rc.inet1.conf +# ============= +# Config information for eth0: +IPADDR[0]="" +NETMASK[0]="" +USE_DHCP[0]="no" +DHCP_HOSTNAME[0]="" +# Default gateway IP address: +GATEWAY="" +</screen> + +<para> +Now we can install <application>wicd</application>, setup the daemon to +run on system boot-up, and begin using a more friendly application. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput> +<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput> +<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput> +</screen> + +<para> +If you're predominately using the console, simply run +<application>wicd-curses</application> from your command line. If +instead, you are using a graphical desktop provided by +<application>X</application>, you can start the graphical front-end +from either the KDE or XFCE menu. Optionally, you could manually run +<application>wicd-client</application>(1) from a terminal or run +dialogue. +</para> + +<para> +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +</para> + </section> </chapter> |