Hostapd
Материал из ALT Linux Wiki
Версия от 06:51, 28 марта 2015; Grumlber eburg (обсуждение | вклад)
Содержание |
Настройка компьютера в качестве точки доступа для периферии (телефоны, смартфоны и т.п)
Источники информации, или вместо теории
При настройке использовал в качестве руководства :
http://www.ibm.com/developerworks/ru/library/l-wifiencrypthostapd/
http://liberatum.ru/exclusive/25350
плюс готовые заготовки конфигов в пакетах dhcpd и hostapd.
Не углубляясь в теорию
В качестве промежуточного dns используется dnsmasq.
Устанавливаю hostapd и dhcpd
apt-get install hostapd dhcpd
Создаю конфиг hostapd.conf
##### hostapd configuration file ############################################## # Empty lines and lines starting with # are ignored # AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for # management frames); ath0 for madwifi interface=wlan0 #bridge=brbr0 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 # Dump file for state information (on SIGUSR1) dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ##### IEEE 802.11 related configuration ####################################### # SSID to be used in IEEE 802.11 management frames ssid=MySSID country_code=US hw_mode=g channel=1 beacon_int=100 dtim_period=2 max_num_sta=255 rts_threshold=2347 fragm_threshold=2346 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 # Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): # for 802.11a or 802.11g networks # These parameters are sent to WMM clients when they associate. # The parameters will be used by WMM clients for frames transmitted to the # access point. # # note - txop_limit is in units of 32microseconds # note - acm is admission control mandatory flag. 0 = admission control not # required, 1 = mandatory # note - here cwMin and cmMax are in exponent form. the actual cw value used # will be (2^n)-1 where n is the value given here # wmm_enabled=1 # # WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD] # Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver) #uapsd_advertisement_enabled=1 # # Low priority / AC_BK = background wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 wmm_ac_bk_aifs=7 wmm_ac_bk_txop_limit=0 wmm_ac_bk_acm=0 # Note: for IEEE 802.11b mode: cWmin=5 cWmax=10 # # Normal priority / AC_BE = best effort wmm_ac_be_aifs=3 wmm_ac_be_cwmin=4 wmm_ac_be_cwmax=10 wmm_ac_be_txop_limit=0 wmm_ac_be_acm=0 # Note: for IEEE 802.11b mode: cWmin=5 cWmax=7 # # High priority / AC_VI = video wmm_ac_vi_aifs=2 wmm_ac_vi_cwmin=3 wmm_ac_vi_cwmax=4 wmm_ac_vi_txop_limit=94 wmm_ac_vi_acm=0 # Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188 # # Highest priority / AC_VO = voice wmm_ac_vo_aifs=2 wmm_ac_vo_cwmin=2 wmm_ac_vo_cwmax=3 wmm_ac_vo_txop_limit=47 wmm_ac_vo_acm=0 ##### IEEE 802.1X-2004 related configuration ################################## # EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if # only broadcast keys are used) eapol_key_index_workaround=0 ##### Integrated EAP server ################################################### # Optionally, hostapd can be configured to use an integrated EAP server # to process EAP authentication locally without need for an external RADIUS # server. This functionality can be used both as a local authentication server # for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. # Use integrated EAP server instead of external RADIUS authentication # server. This is also needed if hostapd is configured to act as a RADIUS # authentication server. eap_server=0 ##### RADIUS client configuration ############################################# # for IEEE 802.1X with external Authentication Server, IEEE 802.11 # authentication with external ACL for MAC addresses, and accounting # The own IP address of the access point (used as NAS-IP-Address) own_ip_addr=127.0.0.1 ##### WPA/IEEE 802.11i configuration ########################################## # Enable WPA. Setting this variable configures the AP to require WPA (either # WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either # wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. # Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice. # For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), # RADIUS authentication server must be configured, and WPA-EAP must be included # in wpa_key_mgmt. # This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) # and/or WPA2 (full IEEE 802.11i/RSN): # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) wpa=2 # WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase # (8..63 characters) that will be converted to PSK. This conversion uses SSID # so the PSK changes when ASCII passphrase is used and the SSID is changed. # wpa_psk (dot11RSNAConfigPSKValue) # wpa_passphrase (dot11RSNAConfigPSKPassPhrase) #wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef wpa_passphrase=My_Password # Optionally, WPA PSKs can be read from a separate text file (containing list # of (PSK,MAC address) pairs. This allows more than one PSK to be configured. # Use absolute path name to make sure that the files can be read on SIGHUP # configuration reloads. #wpa_psk_file=/etc/hostapd.wpa_psk # Optionally, WPA passphrase can be received from RADIUS authentication server # This requires macaddr_acl to be set to 2 (RADIUS) # 0 = disabled (default) # 1 = optional; use default passphrase/psk if RADIUS server does not include # Tunnel-Password # 2 = required; reject authentication if RADIUS server does not include # Tunnel-Password #wpa_psk_radius=0 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. # (dot11RSNAConfigAuthenticationSuitesTable) #wpa_key_mgmt=WPA-PSK WPA-EAP wpa_key_mgmt=WPA-PSK # Set of accepted cipher suites (encryption algorithms) for pairwise keys # (unicast packets). This is a space separated list of algorithms: # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] # Group cipher suite (encryption algorithm for broadcast and multicast frames) # is automatically selected based on this configuration. If only CCMP is # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, # TKIP will be used as the group cipher. # (dot11RSNAConfigPairwiseCiphersTable) # Pairwise cipher for WPA (v1) (default: TKIP) wpa_pairwise=TKIP CCMP # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) rsn_pairwise=CCMP
Кофигурирую dhcpd
Редактирую или создаю /etc/dhcp/dhcpd.conf
# See dhcpd.conf(5) for further configuration ddns-update-style none; subnet 192.168.133.0 netmask 255.255.255.0 { option routers 192.168.133.1; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.133.1, 8.8.8.8; range dynamic-bootp 192.168.133.128 192.168.133.254; default-lease-time 21600; max-lease-time 43200; }
Указываю, что wlan0, используется как мост
Через acc для интерфейса wlan0 указываю, что он используется как мост, управляется etcnet и имеет адрес 192.168.133.1,
Указываю, что компьютер работает, как шлюз
Там-же в асс (Внешние сети) указываю, что компьютер работает как шлюз, и указаю внешний интерфейс (у меня сейчас это ppp0).
Получившиеся конфиги в /etc/net:
# cat /etc/net/ifaces/wlan0/options TYPE=eth BOOTPROTO=static # cat /etc/net/ifaces/brwlan0/ipv4address 192.168.133.1/24 # cat /etc/net/ifaces/brwlan0/options TYPE=bri BOOTPROTO=static CONFIG_WIRELESS=yes CONFIG_IPV4=yes DISABLED=no NM_CONTROLLED=no HOST=wlan0
Предположение
Возможно в конфиге hostapd можно прописать ip адрес интерфейса, там в комментариях что-то такое есть :
.... ##### RADIUS client configuration ############################################# # for IEEE 802.1X with external Authentication Server, IEEE 802.11 # authentication with external ACL for MAC addresses, and accounting # The own IP address of the access point (used as NAS-IP-Address) own_ip_addr=127.0.0.1 ..... # Network Authentication Type # This parameter indicates what type of network authentication is used in the # network. # format: <network auth type indicator (1-octet hex str)> [redirect URL] # Network Authentication Type Indicator values: # 00 = Acceptance of terms and conditions # 01 = On-line enrollment supported # 02 = http/https redirection # 03 = DNS redirection #network_auth_type=00 #network_auth_type=02http://www.example.com/redirect/me/here/ # IP Address Type Availability # format: <1-octet encoded value as hex str> # (ipv4_type & 0x3f) << 2 | (ipv6_type & 0x3) # ipv4_type: # 0 = Address type not available # 1 = Public IPv4 address available # 2 = Port-restricted IPv4 address available # 3 = Single NATed private IPv4 address available # 4 = Double NATed private IPv4 address available # 5 = Port-restricted IPv4 address and single NATed IPv4 address available # 6 = Port-restricted IPv4 address and double NATed IPv4 address available # 7 = Availability of the address type is not known # ipv6_type: # 0 = Address type not available # 1 = Address type available # 2 = Availability of the address type not known #ipaddr_type_availability=14 # Domain Name # format: <variable-octet str>[,<variable-octet str>] #domain_name=example.com,another.example.com,yet-another.example.com
но я с этим не разбирался.
Другие варианты настройки
- Создание точки доступа с помощью NetworkManager
- Настройка программной точки доступа с нуля для ALT Linux KDesktop 6.0.2 на ноутбуке Acer Aspire 7540G-304G32Mi.