Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: HOWTO: Automated WPA Encryption with ndiswrapper drivers

  1. #1
    Join Date
    Apr 2005
    Location
    Brisbane, .au
    Beans
    13

    Lightbulb HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Pre-amble:

    I've been bashing at this for the last few hours as I just got myself a shiny new wireless router and wanted to use WPA-PSK rather than WEP. I don't pretend to be any sort of guru at this; I spent most of my time reading FAQs and Wiki entries; swore at my computer for a while when it didn't work and then just started experimenting. I've finally got what appears to be a fairly nice configuration that works great for me - I'm writing it up in the hopes that it helps someone else.

    Assumptions:

    • You can already access the network/internet -without- WPA or other encryption.
    • You're using an ndiswrapper-based driver (probably not essential, but you'll have to modify a few of the commands if you're using madwifi or one of the native drivers - YMMV).
    • Your wireless card comes up with an interface name of 'wlan0' (if not, you'll need to modify my examples to suit).
    • You want to use WPA-PSK with either TKIP or AES/CCMP.
    • Your router (or whatever) provides IP address details via DHCP (not essential, but you'll have to modify one of the files beyond my examples).
    • Your router or WAP broadcasts its' SSID. Sorry, haven't worked out how to make this work with broadcasting switched off yet. :/
    • You're working with an installation of Ubuntu Hoary.
    • You're comfortable editing files and working with badly-written HOWTOs.


    OK, here we go..

    You should already have your wireless working -without- WPA encryption. If you don't, the rest of this probably won't help you.

    First up, you'll need the wpasupplicant package. It's in the Universe repository, so you'll need to have that in your sources.list file. If you've already installed this package, I recommend that you reinstall; use these commands to get rid of it:

    sudo killall wpasupplicant
    sudo dpkg --purge wpasupplicant

    Now install a fresh copy:

    sudo apt-get install wpasupplicant

    After you've got it installed, start by modifying the "default" file -- I'm not sure why to be honest, but the installer told me to start there and I did:

    sudo vi /etc/default/wpasupplicant

    Here's what mine looks like; modify yours to taste:

    Code:
    # /etc/default/wpasupplicant
    
    # WARNING! Make sure you have a configuration file!
    
    ENABLED=1
    
    # Useful flags:
    #  -D <driver>          Wireless Driver
    #  -i <ifname>          Interface (required, unless specified in config)
    #  -c <config file>     Configuration file
    #  -d                   Debugging (-dd for more)
    #  -w                   Wait for interface to come up
    
    # OPTIONS="-w"
    Save and exit.

    Next, you'll need to sort your pre-shared key out. My router allows me to input the passphrase that makes up the key itself; I originally tried putting this passphrase in as the wireless key, which failed to work altogether for fairly obvious reasons. Hindsight is wonderful like that. Take the passphrase that you used in your router or WAP and use wpa_passphrase to generate the key. You use this command in the following format:

    wpa_passphrase <ssid> <passphrase>

    So the command I ran looks something like this:

    wpa_passphrase MyHomeWireless SuperSecretPassphrase

    ..which gives you an output something like:

    Code:
    network={
            ssid="MyHomeWireless"
            #psk="SuperSecretPassphrase"
            psk=e42ac2538ef03f906d37332a0df4446150e04cdcdd392e309486075065a70a1f
    }
    Copy all that - we'll need in a moment. You now need to put that in to a configuration file for wpa_supplicant, which you first need to create. Given that you'll have the keys to your wireless access in this file, a little extra precaution is in order. Use the following commands to create and then open the file for editing:

    sudo touch /etc/wpa_supplicant.conf
    sudo chmod 600 /etc/wpa_supplicant.conf
    sudo vi /etc/wpa_supplicant.conf

    Using the output of wpa_passphrase we copied earlier as a base, you'll need to tell wpa_supplicant a few more details about your network. Here's what my copy of this file looks like when complete, with the sample data:

    Code:
    network={
            ssid="MyHomeWireless"
            #psk="SuperSecretPassphrase"
            psk=e42ac2538ef03f906d37332a0df4446150e04cdcdd392e309486075065a70a1f
            key_mgmt=WPA-PSK
            proto=WPA
    }
    Save and exit.

    You should probably test this now - here's a good command to copy/paste to your cli (this will only work if you fulfill the assumptions of this HOWTO):

    sudo ifconfig wlan0 up && /usr/sbin/wpa_supplicant -Bw -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf && dhclient wlan0

    If that doesn't get you to the point where you can ping other hosts on your network, something is most likely wrong with wpa_supplicant (I'm assuming that it hasn't got anything to do with DHCP). Run these two commands:

    sudo dhclient -r wlan0 && ifconfig wlan0 down && killall wpa_supplicant
    sudo ifconfig wlan0 up && /usr/sbin/wpa_supplicant -w -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -dd

    This will give you a bunch of debugging output, and someone who is much more skilled than I might be able to help you out. Sorry, but this HOWTO isn't going to help you much more, as it's beyond my ken completely.

    If you got lucky and you -are- able to ping hosts on your network, now is the time to automate it. It's actually really easy. Run this command first to bring the wireless link down cleanly:

    sudo dhclient -r wlan0 && ifconfig wlan0 down && killall wpa_supplicant

    You need to tell your network interface configuration file how to deal with the wireless config nicely; here's what you need to put in for your wireless card (again, if you don't completely fulfill the assumptions of this HOWTO, you'll need to change a few things). Open up /etc/network/interfaces:

    sudo vi /etc/network/interfaces

    ..here's the part you'll need to add/modify in yours for the wireless:

    Code:
    auto wlan0
    iface wlan0 inet dhcp
    pre-up /usr/sbin/wpa_supplicant -Bw -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf
    post-down killall -q wpa_supplicant
    Save and exit.

    We're all done! Wireless will now come up on boot (assuming that your computer already detects the card and loads the drivers for it already), and you can start/stop the wireless link with the following two commands:

    sudo ifup wlan0
    sudo ifdown wlan0

    --

    I hope this has helped someone. If you've got questions I'll try to help; please bear in mind that I've only got a rough idea of how this works, so my answers might be vague and not particularly useful.

  2. #2
    Join Date
    Apr 2005
    Beans
    54

    Talking Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Sorry dude. I have only two words for you. "Excellent Guide". I will trash my current "WEP" (Worst Entrance Protector).

  3. #3
    Join Date
    Apr 2005
    Beans
    36

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Hrm... it doesn't quite work for me. I've tried lots of stuff, but here's my wpa_supplicant output:

    Code:
    $ wpa_supplicant -ieth0 -c /etc/wpa_supplicant.conf -d ndiswrapper -c /etc/wpa_supplicant.conf
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'default'
    Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
    Reading configuration file '/etc/wpa_supplicant.conf'
    ctrl_interface='/var/run/wpa_supplicant'
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    Priority group 0
       id=0 ssid='Bell'
    Initializing interface (2) 'eth0'
    EAPOL: SUPP_PAE entering state DISCONNECTED
    EAPOL: KEY_RX entering state NO_KEY_RECEIVE
    EAPOL: SUPP_BE entering state INITIALIZE
    EAP: EAP entering state DISABLED
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    Own MAC address: 00:12:f0:01:aa:da
    wpa_driver_hostap_set_wpa: enabled=1
    wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_countermeasures: enabled=0
    wpa_driver_hostap_set_drop_unencrypted: enabled=1
    Setting scan request: 0 sec 100000 usec
    Wireless event: cmd=0x8b06 len=8
    RTM_NEWLINK, IFLA_IFNAME: Interface 'eth0' added
    RTM_NEWLINK, IFLA_IFNAME: Interface 'eth0' added
    Starting AP scan (broadcast SSID)
    Scan timeout - try to get results
    Received 180 bytes of scan results (1 BSSes)
    Scan results: 1
    Selecting BSS from priority group 0
    0: 00:09:5b:49:43:e3 ssid='Bell' wpa_ie_len=0 rsn_ie_len=0
       skip - no WPA/RSN IE
    No suitable AP found.
    Setting scan request: 5 sec 0 usec
    Signal 2 received - terminating
    No keys have been configured - skip key clearing
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    wpa_driver_hostap_set_wpa: enabled=0
    wpa_driver_hostap_set_drop_unencrypted: enabled=0
    wpa_driver_hostap_set_countermeasures: enabled=0
    What's this skip - no WPA/RSN IE mean?? My thread is here

    http://ubuntuforums.org/showthread.php?p=161762

  4. #4
    Join Date
    Feb 2005
    Location
    Maine, USA
    Beans
    286

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Quote Originally Posted by thread
    Hrm... it doesn't quite work for me. I've tried lots of stuff, but here's my wpa_supplicant output:

    Code:
    $ wpa_supplicant -ieth0 -c /etc/wpa_supplicant.conf -d ndiswrapper -c /etc/wpa_supplicant.conf
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
    Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'default'
    Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
    Reading configuration file '/etc/wpa_supplicant.conf'
    ctrl_interface='/var/run/wpa_supplicant'
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    Priority group 0
       id=0 ssid='Bell'
    Initializing interface (2) 'eth0'
    EAPOL: SUPP_PAE entering state DISCONNECTED
    EAPOL: KEY_RX entering state NO_KEY_RECEIVE
    EAPOL: SUPP_BE entering state INITIALIZE
    EAP: EAP entering state DISABLED
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    Own MAC address: 00:12:f0:01:aa:da
    wpa_driver_hostap_set_wpa: enabled=1
    wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
    Failed to set encryption.
    wpa_driver_hostap_set_countermeasures: enabled=0
    wpa_driver_hostap_set_drop_unencrypted: enabled=1
    Setting scan request: 0 sec 100000 usec
    Wireless event: cmd=0x8b06 len=8
    RTM_NEWLINK, IFLA_IFNAME: Interface 'eth0' added
    RTM_NEWLINK, IFLA_IFNAME: Interface 'eth0' added
    Starting AP scan (broadcast SSID)
    Scan timeout - try to get results
    Received 180 bytes of scan results (1 BSSes)
    Scan results: 1
    Selecting BSS from priority group 0
    0: 00:09:5b:49:43:e3 ssid='Bell' wpa_ie_len=0 rsn_ie_len=0
       skip - no WPA/RSN IE
    No suitable AP found.
    Setting scan request: 5 sec 0 usec
    Signal 2 received - terminating
    No keys have been configured - skip key clearing
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    wpa_driver_hostap_set_wpa: enabled=0
    wpa_driver_hostap_set_drop_unencrypted: enabled=0
    wpa_driver_hostap_set_countermeasures: enabled=0
    What's this skip - no WPA/RSN IE mean?? My thread is here

    http://ubuntuforums.org/showthread.php?p=161762
    I think that RSN authentication only works with WPA/IEEE 802.11i wireless. Is your router set up using that, and your wireless card not? Or vice versa? Or do you have wpasupplicant set up to use that and neither your card or router can? From the stuff you showed it looks like your router can't handle it ("No suitable AP found")--although that could just be you not being able to access it, because of wpasupplicant problems. Hope this helps some.

  5. #5
    Join Date
    Apr 2005
    Beans
    2

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Hey great guide, but note that if your wireless is already configured to run WEP you must comment out the lines in /etc/network/interfaces pertaining to that configuration. It didn't take too long to figure out, but it did throw me for a little loop.

  6. #6
    Join Date
    Jun 2005
    Beans
    1

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Ok, I did some looking around and I found out how to make WPA work with broadcast disabled. It's just a matter of adding two lines. Here is an example:

    Code:
    ap_scan=2
    network={
    scan_ssid=1
    ssid="My SSID"
    psk="SooperSekretPassphrase"
    key_mgmt=WPA-PSK
    proto=WPA
    }
    The "ap_scan" line tells your machine to let the driver (ndiswrapper) do the scanning instead of wpa_supplicant. The "scan_ssid" line tells it to send SSID specifc broadcast requests. Only adding both those lines to my config file let me connect to my AP while broadcast was disabled. I hope this helps some people out.

  7. #7
    Join Date
    Oct 2004
    Location
    Kingston, On
    Beans
    Hidden!

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    I have copied this to the forum-wiki delta

    http://test.wiki.ubuntu.com/forum/ha...wrapperWithWPA

    Perhaps someone could complete it by adding the latest comments...

  8. #8
    Join Date
    May 2005
    Beans
    2

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    I've followed everthing but cant figure out why I'm getting the following when I try to activate it:

    $ sudo ifconfig eth1 up && /usr/sbin/wpa_supplicant
    bash: /usr/sbin/wpa_supplicant: No such file or directory


    UPDATE:
    well I know now why i get that error, for some reason I'm unable to install wpasupplicant:

    $ sudo apt-get install wpasupplicant
    Password:
    Reading package lists... Done
    Building dependency tree... Done
    The following NEW packages will be installed:
    wpasupplicant
    0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
    Need to get 138kB of archives.
    After unpacking 385kB of additional disk space will be used.
    Get:1 http://us.archive.ubuntu.com hoary/universe wpasupplicant 0.3.8-1 [138kB]
    Fetched 138kB in 0s (153kB/s)
    Failed to fetch http://us.archive.ubuntu.com/ubuntu/...3.8-1_i386.deb MD5Sum mismatch
    E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?


    UPDATE #2:
    Well finally got it installed and now get the following:

    $ sudo ifconfig eth1 up && /usr/sbin/wpa_supplicant
    Failed to read configuration file '/etc/wpa_supplicant.conf'.
    Last edited by seezar; June 13th, 2005 at 12:43 AM.

  9. #9
    Join Date
    Jan 2005
    Location
    Sweden
    Beans
    584

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Quote Originally Posted by seezar
    Well finally got it installed and now get the following:

    $ sudo ifconfig eth1 up && /usr/sbin/wpa_supplicant
    Failed to read configuration file '/etc/wpa_supplicant.conf'.
    Did you create /etc/wpa_supplicant.conf? notzac described it in his original post. For reference, here is mine, with keys removed:

    Code:
    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    
    network={
    	ssid="hoganas"
    	psk=LotsAndLotsOfCharactersGeneratedByWpa_Passphrase
    	key_mgmt=WPA-PSK
    	proto=WPA
    }

    Håkan

  10. #10
    Join Date
    Jun 2005
    Beans
    1

    Re: HOWTO: Automated WPA Encryption with ndiswrapper drivers

    Very useful guide: has anyone found a .deb package for wpasupplicant that works with Warty?

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •