More Linux Server Topics - Network Diagram - About This Site
Chapter 10
Linux Wireless Networking
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In This Chapter
Wireless Linux Compatible NICs
Installing The Linux-WLAN Drivers
Linux-WLAN Encryption For Security
Troubleshooting Your Wireless LAN
© Peter Harrison, www.linuxhomenetworking.com
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
This chapter will show you how to configure wireless NIC cards on your Linux box. As of version 8.0, RedHat did not ship with the Linux Wireless driver set (Linux-WLAN) installed. You have to download and install them after installing Linux. For this reason it may be good to keep your regular Ethernet NIC installed in the machine to provide connectivity to the web until you get the wireless NIC to work, or you could ask someone to burn a CD with the files needed for installation.
If you are not running RedHat Linux, or have upgraded your RedHat distribution’s kernel then you can refer to the sections on how to install WLAN from universally usable tar files.
Wireless Linux Compatible NICs
Not all wireless NIC cards work with Linux-WLAN. For this reason it is best to check the Linux-WLAN group’s website at www.linux-wlan.org for the latest hardware compatibility list.
The Linksys WMP11 NIC and Linux
You have to be especially carefull with Linksys WMP series of wireless PCI cards. The older version of the card that uses the Intersil chipset works with Linux, but the newer version 2.7 card using a Broadcom chipset will not. Even so, the original WMP won’t work without upgrading the firmware.
Pre Version 2.7 WMP 11 Card
This card uses the Linux-WLAN compatible Intersil chipset and doesn’t have any version number stamped on it. You’ll have to download and install the latest firmware for a card from the Linksys website, then install the card in a windows box and upgrade the firmware. If you don't, your Linux box may not detect your NIC card at all and you will get kernel error messages like this one in /var/log/messages after you finish installing the software.
Aug 25 21:07:06 hostname kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
Be careful as this message can also be due to you using an SSID in your configuration files that doesn’t match the SSID of your WAP / wireless router.
The WMP 11 Version 2.7 Card
In September 2002, Linksys launched a Version 2.7 (or v2.7) model of the WMP11 card using a Broadcom chipset. The linux-wlan.org site's hardware compatibility page now lists the WMP v2.7 as being an incompatible device. You can determine whether you have this model by looking for the “V2.7” which is very clearly stamped on the front side of these cards.
Installing the WMP11 v2.7 with the linux-WLAN tarball will give the following error in the log file /var/log/messages
00:0c.0 Network controller: BROADCOM Corporation: Unknown
device 4301 (rev01)
Subsystem: Unknown device 1737:4301
Flags: bus master, fast devsel, latency 64, IRQ 5
Memory at f4000000 (32-bit, non-prefetchable) [size=3D8K]
Capabilities: [40] Power Management version 2
Installing the WMP11 v2.7 with the linux-WLAN tarball using RPMs will give the following error message on the screen:
Dec 1 01:28:14 bigboy insmod:
/lib/modules/2.4.18-14/net/prism2_pci.o: init_module: No such device
Dec 1 01:28:14 bigboy insmod: Hint: insmod errors can be caused by incorrect
module parameters, including invalid IO or IRQ parameters. You may find more
information in syslog or the output from dmesg
Dec 1 01:28:14 bigboy insmod: /lib/modules/2.4.18-14/net/prism2_pci.o: insmod
wlan0 failed
Linux-WLAN Preparation
All devices on a wireless network must use the same “Network Identifier” or SSID in order to communicate with each other. The default SSID for Linux-WLAN is “linux-wlan”, the default SSID for your windows NIC cards may be different. It’s a good idea to decide on a common SSID and stick with it.
Once configured, Linux-WLAN doesn’t identify the wireless NIC as an Ethernet “eth” device, but as a “wlan” device. This is good to know in order to avoid confusion when troubleshooting.
Always be prepared to check your syslog /var/log/messages file for errors if things don't work. It is a good source of information. The syslog chapter will also show you how to set up syslog error logging to be more sensitive to error types.
You may get "device unknown" or "no such device" errors related to the wlan device in the /var/log/messages file if you use older unpatched versions of the Linux-WLAN software. Always use the most recent versions to reduce the installation mental stress.
PCMCIA Type Card Specific Information
Before installing the linux-wlan software for PCMCIA type cards such as the (Linksys WPC11) you will need to install the RedHat Linux "pcmcia-cs" RPM package. This step isn't necessary for true PCI cards such as the Linksys WMP11. According to the linux-wlan documentation, this will have to be done from a source RPM. The latest version as of this writing was:
kernel-pcmcia-cs-3.1.31-9.i386.rpm
Downloading and installing RPMs isn’t hard. If you need a refresher, the RPM chapter covers how to do this in detail.
Installing The Linux-WLAN Drivers
Linux-WLAN Installation - Using RPMs
1. Download the latest version of linux-wlan RPM. RPM versions of the driver files can be found at http://prism2.unixguru.raleigh.nc.us. Remember to download the files for the correct kernel type, OS version and kernel version. Downloading and installing RPMs isn’t hard. If you need a refresher, the RPM chapter covers how to do this in detail.
Determining The Kernel Type
Use the "uname -p" command. The Bigboy server discussed in the Topology chapter is running a i586 version of Linux. The Linux version may not match the CPU you have installed, always use the uname version.
[root@bigboy tmp]# uname -p
i586
[root@bigboy tmp]#
Determining The OS Version
One of the easiest ways is to view the /etc/issue file. Bigboy is running version 8.0
[root@bigboy cron.daily]# more
/etc/issue
Red Hat Linux release 8.0 (Psyche)
Kernel \r on an \m
[root@bigboy cron.daily]#
Determining The Kernel Version
You can use the "uname -r" command to do this. In this case, Bigboy is running version 2.4.18-14
[root@bigboy tmp]# uname -r
2.4.18-14
[root@bigboy tmp]#
If you upgrade the version of your Linux, you'll have to do these steps all over again. The combined Linux / Linux-WLAN upgrade will also create new versions of your /etc/sysconfig/network-scripts/ifcfg-wlan0, /etc/wlan.conf and /etc/pcmcia/wlan-ng.opts files which you may have to restore from the automatically saved versions.
2. Once you have all this information, you’ll need to download and install the base, module and interface packages. Here are examples for a i586 installation using a PCI card on Redhat 8.0
[root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-0.1.15-5.rh80.i586.rpm
[root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-modules-rh80.14-0.1.15-5.rh80.i586.rpm
[root@bigboy tmp]# rpm -Uvh kernel-wlan-ng-pci-0.1.15-5.rh80.i586.rpm
If you get any error messages during the installation, then you're doing something wrong. However, I have seen the kernel-wlan-ng-pcmcia rpm installation give errors stating that the kernel-pcmcia-cs rpm hadn't been previously installed even when it had been. Installing the rpm with --force and --nodeps switches does the trick by forcing the installation while not checking for dependencies. Always remember that under normal circumstances this wouldn’t be a good idea, error messages are there for a reason.
[root@smallfry tmp]# rpm -Uvh
kernel-wlan-ng-pcmcia-0.1.15-6.i686.rpm
error: Failed dependencies:
kernel-pcmcia-cs is needed by
kernel-wlan-ng-pcmcia-0.1.15-6
[root@smallfry tmp]# rpm -Uvh --force --nodeps
kernel-wlan-ng-pcmcia-0.1.15-6.i686.rpm
Preparing...
########################################### [100%]
1:kernel-wlan-ng-pcmcia
########################################### [100%]
Adding prism2_cs alias to /etc/modules.conf file...
Shutting down PCMCIA services: cardmgr modules.
Starting PCMCIA services: modules cardmgr.
The default wlan0 network configuration is DHCP. Adjust accordingly.
ACHTUNG! ATTENTION! WARNING!
YOU MUST configure /etc/pcmcia/wlan-ng.opts to match
WAP settings!!!
[root@smallfry tmp]#
Linux-WLAN Installation – Using TAR files
If you are running a non standard version of your RedHat kernel or using a version of Linux that is incompatible with RPMs, then you’ll need to use the TAR file installation method. If you are running standard RedHat Linux use the RPMs unless you have excess patience. Remember that if you upgrade your Linux version or kernel, you'll probably have to do these steps all over again
Install the Kernel Source Files
Installing Linux-WLAN using TAR files involves compiling the software to make it match the particular flavor of the Linux kernel you are running. It is therefore important to install your kernel sources files. For RedHat version 7.3 it was version 2.4.18-3.
[root@bigboy tmp]# rpm -Uvh kernel-source-2.4.18-3.i386.rpm
Download And Install The Linux-WLAN TAR File
Download the latest version of Linux-WLAN from www.linux-wlan.org. The most recent version as of this writing was:
linux-wlan-ng-0.1.14-pre1.tar.gz
Unzip and install the Linux-WLAN files
[root@bigboy tmp]# gunzip linux-wlan-ng-0.1.14-pre1.tar.gz
[root@bigboy tmp]# tar -xvf linux-wlan-ng-0.1.14-pre1.tar
[root@bigboy tmp]# cd linux-wlan-ng-0.1.14
[root@bigboy linux-wlan-ng-0.1.14]# make clean
[root@bigboy linux-wlan-ng-0.1.14]# make config
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Running “make config” command will prompt you for information:
o (PCI cards only) Say 'y' to pci and 'n' to pcmcia, plx, and usb driver questions
o (PCMCIA cards only) Say 'y' to pcmcia and 'n' to pci, plx, and usb driver questions
o When you are prompted for the "Module install directory" enter /lib/modules/”linux-kernel-version”, where “linux-kernel-version“ is the version of the kernel. Get a directory listing of /lib/modules/ beforehand to make sure you are providing the correct kernel directory that both matches your kernel version and that also actually has files in it. Select only a single module directory as using more than one can lead to future "make" problems.
o Use other defaults
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
[root@bigboy linux-wlan-ng-0.1.14]# make all
[root@bigboy linux-wlan-ng-0.1.14]# make install
Configure The New wlan0 Interface Driver (PCI Cards)
1. Edit /etc/modules.conf and insert the following line to load the driver on booting:
alias wlan0 prism2_pci
2. Create a startup driver configuration file called wmp11 (or whatever you NIC card is named) in the /etc/init.d directory
[root@bigboy tmp]# vi /etc/init.d/wmp11
3. Add the following 4 lines to the file.
#!/bin/bash
modprobe prism2_pci
wlanctl-ng wlan0 lnxreq_ifstate ifstate=enable
wlanctl-ng wlan0 lnxreq_autojoin ssid=linux_wlan authtype=opensystem
exit 0
Remember to modify the SSID in the above commands to match that of your WAP. You can also test these commands from the command line to see if they work. The response should be:
message=lnxreq_autojoin
ssid=linksys
authtype=opensystem
resultcode=success
If you get a resultcode=error or something else, then start over making sure you are using the latest versions of the Linux-WLAN software. At this time, the "Link" LED on your NIC card will come on solid, as it has established a link with the WAP11 access point.
4. Make the file executable so that it will be able to run on the next system reboot.
[root@bigboy tmp]# chmod 755 /etc/init.d/wmp11
5. The next step is to create a link to this file in the startup directories. When booting, the system needs to load the drivers for the interface before it will activate the interface. Some web sites recommend putting the driver loading commands in /etc/rc.d/rc.local, but this makes the driver load at the end of the booting process and the wlan0 interface will be inactive till then.
This may not be a problem for many installations, but applications such as Samba, DHCP server, DNS (named) and SSH, when configured to specifically run on the IP address of your interface, may fail to start if the interface is down.
If your applications are set to promiscuous listening, which is the default setting for the applications above, it may not matter and you could put these commands in your /etc/rc.d/rc.local file instead and save yourself a lot of grief.
If you don’t want to use the /etc/rc.d/rc.local file then you need to ensure that you run your custom driver script before the Linux "network" script starts up the wlan0 interface device you will create later. In RedHat the default network startup script link in /etc/rc3.d and /etc/rc5.d is named "S10network". You will need to create a symbolic link called "S09wmp11" to make /etc/init.d/wmp11 be run before "S10network" during the boot process.
[root@bigboy tmp]# cd /etc/rc3.d
[root@bigboy tmp]# ls *network* (Verify the "network" filename)
[root@bigboy tmp]# ln -s ../init.d/wmp11 S09wmp11
[root@bigboy tmp]# cd /etc/rc5.d
[root@bigboy tmp]# ln -s ../init.d/wmp11 S09wmp11
Configure The New wlan0 Interface Driver (PCMCIA Cards)
Open and edit the configuration options file, /etc/pcmcia/wlan-ng.opts. Locate the lines containing "ssid=linux_wlan" and set the SSID to whatever value you’ve decided to use on your wireless LAN.
NOTE: Never alias for the PCMCIA cards in /etc/modules.conf, as it is not neccessary, and also it will cause the system to try to bring up wlan0 before the PCMCIA services, which won't work.
Post Installation Steps
Configure The New wlan0 Interface
Edit /etc/sysconfig/network-scripts/ifcfg-wlan0 to include the following lines:
DHCP Version Fixed IP Version
============ =================
DEVICE=wlan0 DEVICE=wlan0
USERCTL=yes BROADCAST=192.168.1.255
ONBOOT=yes IPADDR=192.168.1.100
BOOTPROTO=dhcp NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
In the fixed IP version you will also need to:
o Substitute your selected IP, netmask, network, broadcast address with those above.
o Make sure you have correct gateway statement in your /etc/sysconfig/network file. eg. GATEWAY=192.168.1.1
Disable Your Existing Ethernet NIC
You may want to disable your existing eth0 Ethernet interface after installing the drivers. Edit /etc/sysconfig/network-scripts/ifcfg-eth0 file to have an ONBOOT=no entry. This will disable the interface on reboot or when /etc/init.d/network is restarted.
Select the Wireless mode and SSID
Edit your /etc/wlan.conf file (PCI type NIC) or your /etc/pcmcia/wlan-ng.opts file (PCMCIA type NICs) configuration file. Locate the lines containing "ssid=linux_wlan" and set the SSID to whatever value you’ve decided to use on your wireless LAN.
Also modify the IS_ADHOC option to make your NIC either support "adhoc" mode for peer to peer networks or "infrastructure" mode if you are using a WAP.
Here is a sample snippet.
#=======SELECT STATION MODE===================
IS_ADHOC=n
# y|n, y - adhoc, n - infrastructure
#=======INFRASTRUCTURE STATION START===================
# SSID is all we have for now
AuthType="opensystem" # opensystem | sharedkey (requires WEP)
# Use DesiredSSID="" to associate with any AP in range
DesiredSSID="linksys"
Simulate a Reboot
Run the following commands and test for errors in the file /var/log/messages:
PCI Cards – Installed Using RPMs
[root@bigboy tmp]# /etc/init.d/wlan restart
PCI Cards – Installed Using TAR Files
[root@bigboy tmp]# /etc/init.d/wmp11
[root@bigboy tmp]# /etc/init.d/network restart
PCMCIA Cards
[root@bigboy tmp]# /etc/rc.d/init.d/pcmcia restart
[root@bigboy tmp]# /etc/init.d/network restart
Now check to see IP address of the wlan interface is OK
[root@bigboy tmp]# ifconfig -a
[root@bigboy tmp]# ping <gateway-address>
Check For Interrupt Conflicts
Before installing the software you should ensure that the wireless NIC card doesn’t have an interrupt that clashes with another device in your computer. Insert the card in an empty slot in your Linux box and reboot. Inspect your /var/log/messages file again:
[root@bigboy tmp]# tail -300 /var/log/messages
Look carefully for any signs that the card is interfering with existing card IRQs. If there is a conflict there will usually be a warning, or "IRQ also used by..." message. If that is the case, move the card to a different slot, or otherwise eliminate the conflict by disabling the conflicting device if you don’t really need it.
After you’ve installed the software, you can also inspect your /proc/interrupts file for multiple devices having the same interrupt
[root@bigboy tmp]# more /proc/interrupts
11: 4639 XT-PIC wlan0, eth0 (bad)
[root@bigboy tmp]# more /proc/interrupts
11: 4639 XT-PIC wlan0 (good)
Interrupt conflicts are usually more problematic with old style PC-AT buses, newer PCI based systems generally handle conflicts better. The above (bad) /proc/interrupts example came from a functioning PCI based Linux box, the reason why it worked was that though the interrupt was the same, the base memory address which was used by Linux to communicate with the cards were different. You can check both the interrupts and base memory of your NIC cards after doing the software installation by using the "ifconfig -a" command:
[root@bigboy tmp]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:88418 errors:0 dropped:0 overruns:0 frame:0
TX packets:88418 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7678679 (7.3 Mb) TX bytes:7678679 (7.3 Mb)
wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:215233 errors:0 dropped:0 overruns:0 frame:0
TX packets:447594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:39394014 (37.5 Mb) TX bytes:126738425 (120.8 Mb)
Interrupt:11 Memory:c887a000-c887b000
[root@bigboy tmp]#
Linux-WLAN Encryption For Security
One of the flaws of wireless networking is that all the wireless clients can detect the presence of all available network SSIDs and have the option of joining any of them. With encryption, the client must have a membership encryption password which can also be represented as a series of Wireless Encryption Protocol (WEP) keys. The /etc/wlan.conf file (PCI type NIC) or the /etc/pcmcia/wlan-ng.opts file (PCMCIA type NICs) file is also used to activate this feature.
Note: I must strongly recommend that you first set up your network without encryption. Only migrate to an encrypted design after you are satisfied that the unencrypted design works satisfactorily.
To invoke encryption, you have to set the "dot11PrivacyInvoked" parameter to "true" and state which of the keys will be used as the default starting key via the "dot11WEPDefaultKeyID" parameter. You then have the option of either providing a key generating string (simple password) or all four of the keys. In the example below, "ketchup" is the password used to automatically generate the keys.
#=======WEP===========================================
# [Dis/En]able WEP. Settings only matter if PrivacyInvoked is true
lnxreq_hostWEPEncrypt=false # true|false
lnxreq_hostWEPDecrypt=false # true|false
dot11PrivacyInvoked=true
dot11WEPDefaultKeyID=1
dot11ExcludeUnencrypted=true # true|false, in AP this means WEP
# is required for all STAs
# If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate
# keys (just a convenience)
PRIV_GENERATOR=/sbin/nwepgen # nwepgen, Neesus compatible
PRIV_KEY128=false # keylength to generate
PRIV_GENSTR="ketchup"
# or set them explicitly. Set genstr or keys, not both.
dot11WEPDefaultKey0= # format: xx:xx:xx:xx:xx or
dot11WEPDefaultKey1= # xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
dot11WEPDefaultKey2= # e.g. 01:20:03:40:05 or
dot11WEPDefaultKey3= # 01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
Not all devices on your network will use the same algorithm
method to generate the encryption keys. You may find the same generator string
will not create the same keys, and intra-network communication will be
impossible. If this is the case, you can use the /sbin/nwepgen program
to generate the keys once you provide your easy to remember key generator
string. Once you have the four sets of keys, you'll have to add them them
individually and in sequence to the /etc/wlan.conf (or /etc/pcmcia/wlan-ng.opts)
file and set the PRIV_GENSTR parameter to "". Here is how you can use
nwepgen to create the keys with a generator string of "ketchup".
[root@bigboy tmp]# /sbin/nwepgen ketchup
64:c1:a1:cc:db
2b:32:ed:37:16
b6:cc:9e:1b:37
d7:0e:51:3f:03
[root@bigboy tmp]#
In this case your /etc/wlan.conf file would look like this:
PRIV_GENSTR=""
# or set them explicitly. Set genstr or keys, not both.
dot11WEPDefaultKey0= 64:c1:a1:cc:db
dot11WEPDefaultKey1= 2b:32:ed:37:16
dot11WEPDefaultKey2= b6:cc:9e:1b:37
dot11WEPDefaultKey3= d7:0e:51:3f:03
Remember that all devices on your network will need to have the same keys and default key for this to work. This includes all wireless NICs and WAPs
De-activating Encryption
In some cases, NIC cards without full Linux-WLAN compatibility will freeze up after a number of hours of working with encryption. The steps to reverse encryption are:
o Set the configuration file parameter "dot11PrivacyInvoked" to "false"
o Stop Linux-WLAN and disable the wireless wlan0 interface
[root@bigboy tmp]# /etc/init.d/wlan stop
Shutting Down WLAN Devices:message=lnxreq_ifstate
ifstate=disable
resultcode=success
[root@bigboy tmp]# ifdown wlan0
o Even though you have done these two steps, the driver is still loaded in memory, though not active. Your next steps will be to list all the active drivers in memory with the lsmod command, and remove the Linux-WLAN related entries using rmmod
[root@bigboy tmp]# lsmod
Module Size Used by Not tainted
…
…
prism2_pci 66672 1 (autoclean)
p80211 20328 1 [prism2_pci]
…
…
[root@bigboy tmp]# rmmod prism2_pci
[root@bigboy tmp]# rmmod p80211
o Restart Linux-WLAN and reactivate the wlan0 interface and you should be functional again.
[root@bigboy tmp]# /etc/init.d/wlan start
Starting WLAN Devices:message=lnxreq_hostwep
resultcode=no_value
decrypt=false
encrypt=false
[root@bigboy tmp]# ifup wlan0
o If you fail to reload the driver modules you’ll get errors like these below in your /var/log/messages file.
Jan 2 18:11:12 bigboy kernel: prism2sta_ifstate:
hfa384x_drvr_start() failed,result=-110
Jan 2 18:11:18 bigboy kernel: hfa384x_docmd_wait: hfa384x_cmd timeout(1),
reg=0x8021.
Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Initialize command failed.
Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Failed, result=-110
Troubleshooting Your Wireless LAN
Always check the /var/log/messages file for possible errors arising from the software installation. The chapter on logging covers how to do this in more detail.
p80211 Kernel errors in /var/log/messages usually point to an incorrectly configured SSID
Nov 13 22:24:54 bigboy kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
If there are no errors in /var/log/messages and you can’t ping your gateways or obtain an IP address, then check your /etc/sysconfig/network-scripts/ifcfg-wlan0 file for a correct IP configuration and your routing table to make sure your routes are OK. You can also check to see if your Linux box is out or range of the WAP.