From cfac810ce1683ddd101d3b44eb7ee3a383c73fca Mon Sep 17 00:00:00 2001 From: Alan Hicks Date: Tue, 12 Jan 2010 21:05:44 -0500 Subject: Chapter 14 rough draft completed. --- chapter_14.xml | 259 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 248 insertions(+), 11 deletions(-) diff --git a/chapter_14.xml b/chapter_14.xml index 9bbe28a..c3b6d8a 100644 --- a/chapter_14.xml +++ b/chapter_14.xml @@ -62,30 +62,111 @@ should know that you'll have to break a 2048-bit SSL key before the access point will let you communicate with my LAN.) +darkstar:~# iwconfig wlan0 essid nest \ + freq 2.432G + + +The freq and channel arguments control basically +the same thing. You only need to use one. If you are unsure what +frequency or channel to use, Slackware can usually figure this out for +you. + + +darkstar:~# iwconfig wlan0 essid nest \ + channel auto + + +Now Slackware will attempt to connect to the strongest access point on +the "nest" essid operating at any frequency. + +
Wired Equivilant Protection (or Lack Thereof) -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Wireless networking is by its very nature less secure than wired +networking. Having your information travelling on the airwaves makes it +highly susceptible to interception by third paries, so over the years a +number of methods have been devised to make wireless networking more +secure. The first was called Wired Equivilant Protection, or WEP for +short, and well far short of its goal. If you are still using WEP +today, I encourage you to consider using WPA2 or some other form of +stronger encryption. Attacks against WEP are trivial and take only +minutes to perform. Unfortunately there are still access points +configured for WEP, and you may need to connect to one from time to +time. Connecting to WEP encrypted access points is fairly simple, +particularly if you have the key in hexidecimal format. We'll need to +pass the key argument along with the password in hexidecimal +or ASCII format. If using an ASCII password, you'll need to prepend it +with "s:"; here's a couple examples. Generally speaking, hexidecimal +format is prefered. +darkstar:~# iwconfig wlan0 \ + key cf80baf8bf01a160de540bfb1c +darkstar:~# iwconfig wlan0 \ + key s:thisisapassword + +
-WPA +Wifi Protected Access + + +Wifi Protected Access (or WPA for short) was the successor for WEP that +aimed to fix several problems with wireless encryption. Unfortunately, +WPA had some flaws as well. An update called WPA2 offers even stronger +protection. At this time, WPA2 is supported by nearly all wireless +network cards and access points, but some older devices may only +support WEP. If you need to secure your wireless network traffic, WPA2 +should be considered the minimum level of protection required. +Unfortunately, iwconfig is unable to setup +WPA2 encryption on its own. For that, we need a helper daemon, +wpa_supplicant(8). + + + +Unfortunately, there's no easy way to manually configure a WPA2 +protected network; you'll have to edit +/etc/wpa_supplicant.conf directly with a text +editor. Here we will discuss the simplest form of WPA2 protection, the +Pre-Shared Key, or PSK for short. For details on setting up Slackware +to connect to more complicated WPA2 encrypted networks, see the man +page for wpa_supplicant.conf. + + + +# /etc/wpa_supplicant.conf +# ======================== +# This line enables the use of wpa_cli which is used by rc.wireless +# if possible (to check for successful association) +ctrl_interface=/var/run/wpa_supplicant +# By default, only root (group 0) may use wpa_cli +ctrl_interface_group=0 +eapol_version=1 +ap_scan=1 +fast_reauth=1 +#country=US + +# WPA protected network, supply your own ESSID and WPAPSK here: +network={ + scan_ssid=1 + ssid="nest" + key_mgmt=WPA-PSK + psk="secret passphrase" +} + -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +The block of text we're interested in is the network block enclosed by +curly braces. Here we have set the ssid for the network "nest", as well +as the PSK to use "secret passphrase". At this point, WPA2 is setup. +You can run wpa_supplicant and then obtain +an IP address via DHCP or set a static address. Of course, this is a +lot of work, there must be an easier way to do this.
@@ -93,6 +174,162 @@ voluptate velit esse cillum dolore eu fugiat nulla pariatur.
rc.inet1.conf revisited + +Welcome back to rc.inet1.conf. You're recall in +the last chapter that we used this configuration file to automatically +configure NICs whenever Slackware boots. Now, we will use it to +configure wifi as well. If you're using WPA2, you'll still need to +setup wpa_supplicant.conf properly first, however. + + + +Recall that each NIC had a name or number that identified the variables +that corrospond with it? The same hold true for wifi NICs, only they +have even more variables due to the added complexity of wireless +networking. + + + +# rc.inet1.conf (excert) +# ====================== +## Example config information for wlan0. Uncomment the lines you need and fill +## in your info. (You may not need all of these for your wireless network) +IFNAME[4]="wlan0" +IPADDR[4]="" +NETMASK[4]="" +USE_DHCP[4]="yes" +#DHCP_HOSTNAME[4]="icculus-wireless" +#DHCP_KEEPRESOLV[4]="yes" +#DHCP_KEEPNTP[4]="yes" +#DHCP_KEEPGW[4]="yes" +#DHCP_IPADDR[4]="" +WLAN_ESSID[4]="nest" +#WLAN_MODE[4]=Managed +#WLAN_RATE[4]="54M auto" +#WLAN_CHANNEL[4]="auto" +#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" +#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ +# set EncrypType=TKIP | \ +# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" +WLAN_WPA[4]="wpa_supplicant" +#WLAN_WPADRIVER[4]="ndiswrapper" + + + +When we discussed wired ethernet, each "n" in the variable corrosponded +with the "n" in ethn. Here however, that no longer holds true. Notice +that the variable IFNAME[4] has a value of "wlan0". It is common for +wireless cards to have an interface name other than "ethn" and that is +reflected here. When rc.inet1.conf is read by the +start-up scripts, Slackware knows to apply all these options to the +"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. +Many of the other options are the same. IP address information is +added in exactly the same way we discussed for wired network cards in +the previous chapter; however, we have a lot of new variables that need +some explaination. + + + +To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory +by now; they refer the the essid and frequency to use. WLAN_MODE[n] is +either "managed" or "ad-hoc". Anyone connecting to an access point +will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if +you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated +variable that sets other variables inside itself. WLAN_IWPRIV[n] is +used for WPA2 networks. Here you tell Slackware what authentication +mode, encryption type, and key to use for WPA2 connections. Please +note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you +can't use both on the same interface. If you successfully configure +all this, then Slackware will attempt to connect to your wireless +network as soon as the system boots. + + + +But wait, that's so much work! And what if I need to connect to +multiple wireless networks? I take my laptop to work and school and +need to seemlessly setup those wireless connections as soon as one is +within range. Doing things this way is simply too much work. You're +absolutely correct. + + +
+ +
+wicd + + +Introducing wicd(8), the premier wired and +wireless network connection manager for the laptop user on the go. +Pronounced "wicked", wicd is capable of +storing information for any number of wireless networks you need and +connecting to them with a simple command or the click of a mouse. +wicd is not part of the default Slackware +installation at this time, as it interferes somewhat with the normal +way of configuring network adapters, but you can find it in the +/extra directory of your Slackware install disks +or at your favorite mirror. wicd is both a +network connection daemon and a graphical application for configuring +networks. The CLI isn't forgotten either, as +wicd-curses(8) is every bit as powerful as +the traditional GUI front-end. In order to use +wicd, you will need to disable support for +any interfaces you have in rc.inet1.conf first. + + + +# rc.inet1.conf +# ============= +# Config information for eth0: +IPADDR[0]="" +NETMASK[0]="" +USE_DHCP[0]="no" +DHCP_HOSTNAME[0]="" +# Default gateway IP address: +GATEWAY="" + + + +Now we can install wicd, setup the daemon to +run on system boot-up, and begin using a more friendly application. + + +darkstar:~# installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz +darkstar:~# chmod +x /etc/rc.d/rc.wicd +darkstar:~# /etc/rc.d/rc.wicd start + + + +If you're predominately using the console, simply run +wicd-curses from your command line. If +instead, you are using a graphical desktop provided by +X, you can start the graphical front-end +from either the KDE or XFCE menu. Optionally, you could manually run +wicd-client(1) from a terminal or run +dialogue. + + + +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! + +
-- cgit v1.2.3