How I installed some wireless 802.11b networks with Linux

Kees Lemmens, Tu Delft, July 2003
Last modified, June 18, 2004

1  Basic steps

  1. Get your card recognized by the kernel by loading the appropriate driver.
  2. Set the wireless network parameters if necessary by using iwconfig (ESSID, WEP, MODE).
  3. Set the standard network parameters by ifconfig / route or by DHCP (just the same as for a wired card).
  4. Now check if you can see the local wireless network (www.gateway.luchthaven in case of a TU Delft hotspot).
  5. Start a VPN-like connection to get out of the local network into the outside world (this largely depends on the way the hotspot provider organized this).

More details about these steps (especially 1 and 2) can be found further in this document.

2  VPN client for TU Delft hotspot

Starting a Linux vpn client on the TU Delft wireless network is rather easy once you have the card connected to the hotspot :

Note however that you have to turn of (or modify) your firewall settings before starting the VPN connection ! Easiest (bot not the safest ...) is to turn it off while experimenting and start modifying the rules once you have VPN running.

3  Security

After having connected to the hotspot and turned on VPN you have 2 security problems :

I think however that (re)programming the firewall rules should be a task for the vpn-client software. For this reason I consider the current wireless solution nice, but not very safe !

3.1  More secure alternative :

This is why I currently prefer a solution where I use an encrypted connection to my own access point or USB adapter using a fixed ip-adress linked to a MAC address, WEP and a SSID and then use NAT (IP masquerading) to go through a Linux firewall on the access point to the internet. In that case the wireless system is completely invisible to the outside world and also reasonably well protected from the inside.

And because I removed the antennas from the access point so that the range of operation is only 5-10 meters using the technique above gives me a much safer feeling than by using the TU Delft hotspots ;)

4  Details about some popular wireless cards

4.1  PCMCIA cards

If you have a wireless PCMCIA card and the card is supported by your version of the pcmcia-tools it will often be started automatically by the cardmgr. Check the output of the dmesg command (the last lines) and the iwconfig command.

Example for Aironet 350 PCMCIA : 

dell1:~ 248 % dmesg | tail
airo:  Probing for PCI adapters
airo:  Finished probing for PCI adapters
airo: Doing fast bap_reads
airo: MAC enabled eth1 0:c:ce:52:d0:78
eth1: index 0x05: Vcc 5.0, Vpp 5.0, irq 3, io 0x0100-0x013f
Setting key 0
airo:  WEP_PERM set 12106

dell1:~ 249 % iwconfig
eth0      no wireless extensions.

eth1      IEEE 802.11-DS  ESSID:"LINUX"  Nickname:"dell1"
          Mode:Managed  Frequency:2.447GHz  Access Point: 00:80:C8:0B:C5:D6
          Bit Rate:11Mb/s   Tx-Power=20 dBm   Sensitivity=0/0
          Retry limit:16   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality:11/0  Signal level:-50 dBm  Noise level:-95 dBm
          Rx invalid nwid:105  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:18819   Missed beacon:0

The easiest cards (imo) are the Cisco Aironet 350 PCMCIA cards (but very expensive !) and derivates like some Xircom adapters: these work immediately. Also good are the pcmcia cards supported by the orinoco_cs driver (see /etc/pcmcia/config for all supported pcmcia cards). Prism2 based chips are also fine : my brother uses a cheap Sitecom PCMCIA card and that works flawlessly as well.

A sample script to start using a ESSID of ``any'' and immediately connect to a wireless DHCP server (such as www.gateway.luchthaven at TU Delft) could be as follows : 

========================================================================
#!/bin/sh

PATH=/sbin:/usr/sbin:${PATH}

INTF="eth1"
SSID="any"
KEY="off"
MODE="Managed"

echo "Starting wireless on interface $INTF ...."

sudo iwconfig $INTF mode $MODE ESSID $SSID
sudo iwconfig $INTF key $KEY
sleep 3
sudo dhcpcd $INTF

# This part is just to check the settings in case of trouble :
iwconfig $INTF
ifconfig $INTF
route -n
cat /etc/resolv.conf
======================================================================

Note however that this script is rather insecure as the TU Delft hotspots do not use any SSID and/or WEP encryption (thereby making it easier to connect for new users at the cost of lower security).

4.1.1  If the card is not recognized

Note that you should always install the latest PCMCIA tools. And also : nowadays most pcmcia card drivers are NOT anymore in the pcmciatools package BUT IN THE STANDARD KERNEL, so also check your kernel version and enable/compile the device modules that you think you may need for your PCMCIA card. In case you don't trust yourself with this : ask a guru ;-)

Kernel config options : 

Section : General setup -> PCMCIA/Cardbus support -> enable all
Section : Networking device support -> Wireless LAN (non-hamradio)  --->
          Wireless Pcmcia cards support
	   - Hermes PCMCIA card support
           - Cisco/Aironet 34X/35X/4500/4800 PCMCIA cards
And some others in :
Section : Networking device support -> PCMCIA network device support --->
          PCMCIA Wireless Lan

4.2  PCI cards

If you don't know what card you have you can get the vendor and type of your PCI decices with the /sbin/lspci commmand. Check for lines with "Controller'' or ``Network'' Hereafter some lines from the output of my system : 

asus05:/root # lspci
00:00.0 Host bridge: Intel Corp. 82865G/PE/P DRAM Controller/Host-Hub Interface (rev 02)
00:01.0 PCI bridge: Intel Corp. 82865G/PE/P PCI to AGP Controller (rev 02)
00:1f.5 Multimedia audio controller: Intel Corp. 82801EB/ER (ICH5/ICH5R) AC'97 Audio Controller (rev 02)
00:1f.6 Modem: Intel Corp. 82801EB/ER (ICH5/ICH5R) AC'97 Modem Controller (rev 02)
01:00.0 VGA compatible controller: ATI Technologies Inc RV350 [Mobility Radeon 9 600 M10]
02:00.0 Ethernet controller: 3Com Corporation 3c940 10/100/1000Base-T [Marvell] (rev 12)
02:01.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev ab)
02:01.2 FireWire (IEEE 1394): Ricoh Co Ltd R5C552 IEEE 1394 Controller (rev 03)
02:02.0 Network controller: Broadcom Corporation BCM4306 802.11b/g Wireless LAN Controller (rev 03)

4.2.1  Cisco, Prism and Hermes based cards

Cisco Aironet 350 PCI cards are painless and work out of the box. Also many different cards are supported by the orinoco and hermes drivers (Hermes chipset 802.11b support (Orinoco/Prism2/Symbol) ) and do often work fine as well.

4.2.2  Broadcom BCM4306 802.11b/g Wireless LAN Controller

This one is often found in modern high-end laptops such as our ASUS L5F00GA. There are no native Linux drivers for this interface as Broadcom refuses to give any information and they also didn't yet release a native driver as was done for several of their Gigabit interfaces.

It is however quite easy to get it working using the "ndiswrapper" project , that makes it possible to use the the native MS-Windows-XP drivers ! To my surprise this is quite simple to install and works fine and reliable. The biggest problem is to obtain the right version of the MSWindows XP drivers for your hardware ;) For the rest is was rather straightforward.

How to install :

A sample script to start using a ESSID of ``any'' and immediately connect to a wireless DHCP server (such as www.gateway.luchthaven at TU Delft) could be as follows : 

========================================================================
#!/bin/sh

PATH=/sbin:/usr/sbin:${PATH}

sudo insmod ndiswrapper  # loads also the XP MS-windows driver if installed

INTF="wlan0"
SSID="any"
KEY="off"
MODE="Managed"

echo "Starting wireless on interface $INTF ...."

sudo iwconfig $INTF mode $MODE ESSID $SSID
sudo iwconfig $INTF key $KEY
sleep 3
sudo dhcpcd $INTF

# This part is just to check the settings in case of trouble :
iwconfig $INTF
ifconfig $INTF
route -n
cat /etc/resolv.conf
======================================================================

As root this will always run fine, to run this as a non-root user you have of course to add the name of the allowed user(s) and commands to /etc/sudoers.

4.2.3  Dynalink DWL 520+

The Dynalink DWL 520+ with Texas Instruments ACX100 is a pain in the .... There is an experimental binary only driver with many problems (especially in starting up) : acx100_bin_20030626.tgz (see sourceforge). I wouldn't recommend this card at all, change it for something better if you have the opportunity or else be prepared for a lot of frustration ;)

However : if you really want to try it, I loaded the driver with the following script. Note that some commands are repeated several times but that is the only way to get the bloody thing/driver going (also mentioned in the official documentation !) : 

==========================================================================
#!/bin/sh -x
# Script to make the Dynalink 520+ wireless PCI card work (more or less):
# Kees Lemmens, June 2003

PAUSE="sleep 3"
DEVICE=eth1

ifconfig $DEVICE down
rmmod acx100sta-2.4.20-8
insmod -f acx100sta-2.4.20-8.o 2>/dev/null 1>&2

$PAUSE
iwconfig $DEVICE mode Managed
$PAUSE
ifconfig $DEVICE 192.168.1.2         # for static IP
$PAUSE
iwconfig $DEVICE key off
iwconfig $DEVICE rate 4 # rate can only be specified as an index from a list
# 1:   1MBit
# 2:   2Mbit
# 3: 5.5MBit
# 4:  11MBit
# 5:  22MBit

ifconfig $DEVICE down
ifconfig $DEVICE 192.168.1.2         # for static IP
$PAUSE
iwconfig $DEVICE # show settings
sleep 20
iwconfig $DEVICE essid "TWALINUX"
$PAUSE
ping -c 4 192.168.1.1                # just to test
==========================================================================

Once it is configured it works reasonable but occasionally looses the connection in which case the only way to get it working again is by reloading the driver with the script.

4.3  USB devices

At home I use a simple Sitecom USB WL012 network adapter and that works fine, but it needs a complete different set of tools to be operated : the prism2 wlan-ng tools. Some instructions of the wireless-tools may work but to get the thing going you really need the wlan-ng

Below is a script that I made to connect to a hotspot using the WL012 and the linux-wlan-ng tools : change it to your own needs. Note that Ad-Hoc mode is more complicated with these wlan-ng tools (but I must admit this works fine as well once you have it going :). 

==============================================================================
# Script for starting the WL012 USB wireless adapter, Kees Lemmens, March 2004

PATH=${PATH}:/sbin:/usr/sbin

INTF=wlan0
SSID=""
PRBASE=/opt/prism2/sbin

echo "Starting wireless to acesspoint on interface $INTF ...."

# reload the driver if already loaded :
sudo ifconfig $INTF down 2>/dev/null
(sudo rmmod prism2_usb && sudo rmmod p80211 ) 2>/dev/null
sudo modprobe prism2_usb # prism2_doreset=1 # prism2_debug=3

sudo $PRBASE/wlanctl-ng $INTF lnxreq_ifstate ifstate=enable
sudo $PRBASE/wlanctl-ng $INTF lnxreq_autojoin ssid=$SSID \
   authtype=opensystem

# show current settings :
# $PRBASE/wlanctl-ng $INTF dot11req_start

sleep 3
sudo dhcpcd $INTF

# Show interface settings :
ifconfig $INTF && iwconfig $INTF
=====================================================================================

Note that many standard Sitecom WL012 adapters only work with 2.4 kernels because of a flaw in the firmware : if you need to run it on 2.6 kernels you need to apply a firmware patch from Sitecom !!

This could be done as follows :

4.4  Dynalink DI614+ access point and other external devices

This is a nice piece of work and seems to work fine. No drivers needed : just plug your ethernet card into one of the RJ45 connectors and use a browser to configure !

To gain access and configure the thing note the following :

To reset the DI614+ to factory defaults : Tools -> System -> Restore

NOTE: If you want to lock a wireless card to this ACCESSPOINT using the MAC adress (iwconfig $DEVICE ap ...) you should use the MAC address of the wired LAN and not that of the Wireless LAN or WLAN.

5  Some Wireless Linux background info

The 802.11b devices - as often under Linux - are once they are recognised by the hardware device driver -plain standard ethernet devices that can be manipulated in a completely standard way.

If the driver is loaded and the wireless properties are set, you'll have a ëth0", ëth1", "wlan0" interface that you can manipulate as a normal ethernet card with the ïfconfig", "route", ïptables" and other commands.

The wireless cards have 2 fundamentally different ways of operation : 

AD-HOC : a point-to-point connection between 2 or more wireless network cards.

           WL1   <--------> WL2  <---------> WL3

MANAGED : each card talks to an access point (HUB) that routes the packages
          either to other wireless systems, to wired systems on the local
          LAN or to the Internet using an UPLINK.


          WL1   <---------> <ACCESS POINT> <-----------> WL2
                              |  ^  ^  ^
          WLAN  <-------------   |  |  |---------------> LAN: PC1-4
                                 |  |
          WL3   <-----------------  -------------------> WL4

Cards start to talk to each other or to the access point as soon they have the same "Session ID" : SSID or ESSID and the same WEP encryption key.

6  Overview of WIRELESS TOOLS commands

The wireless aspects from the card can be manipulated with a special set of tools that should be installed on your Linux box: the "wireless tools". They are independ from the underlying hardware, but they will only work on wireless ethernet devices. 


iwconfig <device> : much like ifconfig but only for wireless aspects of the
    device. Allows you to manipulate bitrate, encryption, session id (SSID,
    ESSID), frequency or channel, hardware MAC address of the Acces Point
    and whether we work in AD-HOC or MANAGED mode.

iwlist <device> : gives a list of all accesspoints within range with their
    MAC addresses.

iwspy <device> : adds the device to a mechanism that gathers permanent
    statistics about the connection : quality of the link, signal strength
    and noise level.

File translated from TEX by TTH, version 2.58.
On 18 Jun 2004, 14:43.