aboutsummaryrefslogtreecommitdiffstats
path: root/docs/wireless.tex
diff options
context:
space:
mode:
Diffstat (limited to 'docs/wireless.tex')
-rw-r--r--docs/wireless.tex492
1 files changed, 492 insertions, 0 deletions
diff --git a/docs/wireless.tex b/docs/wireless.tex
new file mode 100644
index 0000000..efb07ea
--- /dev/null
+++ b/docs/wireless.tex
@@ -0,0 +1,492 @@
+The WiFi settings are configured in the file \texttt{/etc/config/wireless}
+(currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
+it should detect your card and create a sample configuration file. By default '\texttt{option network lan}' is
+commented. This prevents unsecured sharing of the network over the wireless interface.
+
+Each wireless driver has its own configuration script in \texttt{/lib/wifi/driver\_name.sh} which handles
+driver specific options and configurations. This script is also calling driver specific binaries like wlc for
+Broadcom, or hostapd and wpa\_supplicant for atheros and mac80211.
+
+The reason for using such architecture, is that it abstracts the driver configuration.
+
+\paragraph{Generic Broadcom wireless config:}
+
+\begin{Verbatim}
+config wifi-device "wl0"
+ option type "broadcom"
+ option channel "5"
+
+config wifi-iface
+ option device "wl0"
+# option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+\end{Verbatim}
+
+\paragraph{Generic Atheros wireless config:}
+
+\begin{Verbatim}
+config wifi-device "wifi0"
+ option type "atheros"
+ option channel "5"
+ option hwmode "11g"
+
+config wifi-iface
+ option device "wifi0"
+# option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+\end{Verbatim}
+
+\paragraph{Generic mac80211 wireless config:}
+
+\begin{Verbatim}
+config wifi-device "wifi0"
+ option type "mac80211"
+ option channel "5"
+
+config wifi-iface
+ option device "wlan0"
+# option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+\end{Verbatim}
+
+\paragraph{Generic multi-radio Atheros wireless config:}
+
+\begin{Verbatim}
+config wifi-device wifi0
+ option type atheros
+ option channel 1
+
+config wifi-iface
+ option device wifi0
+# option network lan
+ option mode ap
+ option ssid OpenWrt_private
+ option hidden 0
+ option encryption none
+
+config wifi-device wifi1
+ option type atheros
+ option channel 11
+
+config wifi-iface
+ option device wifi1
+# option network lan
+ option mode ap
+ option ssid OpenWrt_public
+ option hidden 1
+ option encryption none
+\end{Verbatim}
+
+There are two types of config sections in this file. The '\texttt{wifi-device}' refers to
+the physical wifi interface and '\texttt{wifi-iface}' configures a virtual interface on top
+of that (if supported by the driver).
+
+A full outline of the wireless configuration file with description of each field:
+
+\begin{Verbatim}
+config wifi-device wifi device name
+ option type broadcom, atheros, mac80211
+ option country us, uk, fr, de, etc.
+ option channel 1-14
+ option maxassoc 1-128 (broadcom only)
+ option distance 1-n (meters)
+ option hwmode 11b, 11g, 11a, 11bg (atheros, mac80211)
+ option rxantenna 0,1,2 (atheros, broadcom)
+ option txantenna 0,1,2 (atheros, broadcom)
+ option txpower transmission power in dBm
+
+config wifi-iface
+ option network the interface you want wifi to bridge with
+ option device wifi0, wifi1, wifi2, wifiN
+ option mode ap, sta, adhoc, monitor, mesh, or wds
+ option txpower (deprecated) transmission power in dBm
+ option ssid ssid name
+ option bssid bssid address
+ option encryption none, wep, psk, psk2, wpa, wpa2
+ option key encryption key
+ option key1 key 1
+ option key2 key 2
+ option key3 key 3
+ option key4 key 4
+ option passphrase 0,1
+ option server ip address
+ option port port
+ option hidden 0,1
+ option isolate 0,1 (broadcom)
+ option doth 0,1 (atheros, broadcom)
+ option wmm 0,1 (atheros, broadcom)
+\end{Verbatim}
+
+\paragraph{Options for the \texttt{wifi-device}:}
+
+\begin{itemize}
+ \item \texttt{type} \\
+ The driver to use for this interface.
+
+ \item \texttt{country} \\
+ The country code used to determine the regulatory settings.
+
+ \item \texttt{channel} \\
+ The wifi channel (e.g. 1-14, depending on your country setting).
+
+ \item \texttt{maxassoc} \\
+ Optional: Maximum number of associated clients. This feature is supported only on the Broadcom chipsets.
+
+ \item \texttt{distance} \\
+ Optional: Distance between the ap and the furthest client in meters. This feature is supported only on the Atheros chipsets.
+
+ \item \texttt{mode} \\
+ The frequency band (\texttt{b}, \texttt{g}, \texttt{bg}, \texttt{a}). This feature is only supported on the Atheros chipsets.
+
+ \item \texttt{diversity} \\
+ Optional: Enable diversity for the Wi-Fi device. This feature is supported only on the Atheros chipsets.
+
+ \item \texttt{rxantenna} \\
+ Optional: Antenna identifier (0, 1 or 2) for reception. This feature is supported by Atheros and some Broadcom chipsets.
+
+ \item \texttt{txantenna} \\
+ Optional: Antenna identifier (0, 1 or 2) for emission. This feature is supported by Atheros and some Broadcom chipsets.
+
+ \item \texttt{txpower}
+ Set the transmission power to be used. The amount is specified in dBm.
+
+\end{itemize}
+
+\paragraph{Options for the \texttt{wifi-iface}:}
+
+\begin{itemize}
+ \item \texttt{network} \\
+ Selects the interface section from \texttt{/etc/config/network} to be
+ used with this interface
+
+ \item \texttt{device} \\
+ Set the wifi device name.
+
+ \item \texttt{mode} \\
+ Operating mode:
+
+ \begin{itemize}
+ \item \texttt{ap} \\
+ Access point mode
+
+ \item \texttt{sta} \\
+ Client mode
+
+ \item \texttt{adhoc} \\
+ Ad-Hoc mode
+
+ \item \texttt{monitor} \\
+ Monitor mode
+
+ \item \texttt{mesh} \\
+ Mesh Point mode (802.11s)
+
+ \item \texttt{wds} \\
+ WDS point-to-point link
+
+ \end{itemize}
+
+ \item \texttt{ssid}
+ Set the SSID to be used on the wifi device.
+
+ \item \texttt{bssid}
+ Set the BSSID address to be used for wds to set the mac address of the other wds unit.
+
+ \item \texttt{txpower}
+ (Deprecated, set in wifi-device) Set the transmission power to be used. The amount is specified in dBm.
+
+ \item \texttt{encryption} \\
+ Encryption setting. Accepts the following values:
+
+ \begin{itemize}
+ \item \texttt{none}
+ \item \texttt{wep}
+ \item \texttt{psk}, \texttt{psk2} \\
+ WPA(2) Pre-shared Key
+
+ \item \texttt{wpa}, \texttt{wpa2} \\
+ WPA(2) RADIUS
+ \end{itemize}
+
+ \item \texttt{key, key1, key2, key3, key4} (wep, wpa and psk) \\
+ WEP key, WPA key (PSK mode) or the RADIUS shared secret (WPA RADIUS mode)
+
+ \item \texttt{passphrase} (wpa) \\
+ 0 treats the wpa psk as a text passphrase; 1 treats wpa psk as
+ encoded passphrase. You can generate an encoded passphrase with
+ the wpa\_passphrase utility. This is especially useful if your
+ passphrase contains special characters. This option only works
+ when using mac80211 or atheros type devices.
+
+ \item \texttt{server} (wpa) \\
+ The RADIUS server ip address
+
+ \item \texttt{port} (wpa) \\
+ The RADIUS server port (defaults to 1812)
+
+ \item \texttt{hidden} \\
+ 0 broadcasts the ssid; 1 disables broadcasting of the ssid
+
+ \item \texttt{isolate} \\
+ Optional: Isolation is a mode usually set on hotspots that limits the clients to communicate only with the AP and not with other wireless clients.
+ 0 disables ap isolation (default); 1 enables ap isolation.
+
+ \item \texttt{doth} \\
+ Optional: Toggle 802.11h mode.
+ 0 disables 802.11h (default); 1 enables it.
+
+ \item \texttt{wmm} \\
+ Optional: Toggle 802.11e mode.
+ 0 disables 802.11e (default); 1 enables it.
+
+\end{itemize}
+
+\paragraph{Mesh Point}
+
+Mesh Point (802.11s) is only supported by some mac80211 drivers. It requires the iw package
+to be installed to setup mesh links. OpenWrt creates mshN mesh point interfaces. A sample
+configuration looks like this:
+
+\begin{Verbatim}
+config wifi-device "wlan0"
+ option type "mac80211"
+ option channel "5"
+
+config wifi-iface
+ option device "wlan0"
+ option network lan
+ option mode "mesh"
+ option mesh_id "OpenWrt"
+\end{Verbatim}
+
+\paragraph{Wireless Distribution System}
+
+WDS is a non-standard mode which will be working between two Broadcom devices for instance
+but not between a Broadcom and Atheros device.
+
+\subparagraph{Unencrypted WDS connections}
+
+This configuration example shows you how to setup unencrypted WDS connections.
+We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
+and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).
+
+\begin{Verbatim}
+config wifi-device "wl0"
+ option type "broadcom"
+ option channel "5"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option ssid "OpenWrt WDS"
+ option bssid "ca:fe:ba:be:00:02"
+\end{Verbatim}
+
+\subparagraph{Encrypted WDS connections}
+
+It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
+\texttt{psk+psk2} modes are supported. Configuration below is an example
+configuration using Pre-Shared-Keys with AES algorithm.
+
+\begin{Verbatim}
+config wifi-device wl0
+ option type broadcom
+ option channel 5
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode ap
+ option ssid "OpenWrt"
+ option encryption psk2
+ option key "<key for clients>"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option bssid ca:fe:ba:be:00:02
+ option ssid "OpenWrt WDS"
+ option encryption psk2
+ option key "<psk for WDS>"
+\end{Verbatim}
+
+\paragraph{802.1x configurations}
+
+OpenWrt supports both 802.1x client and Access Point
+configurations. 802.1x client is only working with
+drivers supported by wpa-supplicant. Configuration
+only supports EAP types TLS, TTLS or PEAP.
+
+\subparagraph{EAP-TLS}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type tls
+ option ca_cert "/etc/config/certs/ca.crt"
+ option priv_key "/etc/config/certs/priv.crt"
+ option priv_key_pwd "PKCS#12 passphrase"
+\end{Verbatim}
+
+\subparagraph{EAP-PEAP}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type peap
+ option ca_cert "/etc/config/certs/ca.crt"
+ option auth MSCHAPV2
+ option identity username
+ option password password
+\end{Verbatim}
+
+\paragraph{Limitations:}
+
+There are certain limitations when combining modes.
+Only the following mode combinations are supported:
+
+\begin{itemize}
+ \item \textbf{Broadcom}: \\
+ \begin{itemize}
+ \item 1x \texttt{sta}, 0-3x \texttt{ap}
+ \item 1-4x \texttt{ap}
+ \item 1x \texttt{adhoc}
+ \item 1x \texttt{monitor}
+ \end{itemize}
+
+ WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
+ settings with the master interface, which is done automatically).
+
+ \item \textbf{Atheros}: \\
+ \begin{itemize}
+ \item 1x \texttt{sta}, 0-Nx \texttt{ap}
+ \item 1-Nx \texttt{ap}
+ \item 1x \texttt{adhoc}
+ \end{itemize}
+
+ N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
+ changed by loading the module with the maxvaps=N parameter.
+\end{itemize}
+
+\paragraph{Adding a new driver configuration}
+
+Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
+you might be interested in adding support for another driver like Ralink RT2x00,
+Texas Instruments ACX100/111.
+
+The driver specific script should be placed in \texttt{/lib/wifi/<driver>.sh} and has to
+include several functions providing :
+
+\begin{itemize}
+ \item detection of the driver presence
+ \item enabling/disabling the wifi interface(s)
+ \item configuration reading and setting
+ \item third-party programs calling (nas, supplicant)
+\end{itemize}
+
+Each driver script should append the driver to a global DRIVERS variable :
+
+\begin{Verbatim}
+append DRIVERS "driver name"
+\end{Verbatim}
+
+\subparagraph{\texttt{scan\_<driver>}}
+
+This function will parse the \texttt{/etc/config/wireless} and make sure there
+are no configuration incompatibilities, like enabling hidden SSIDS with ad-hoc mode
+for instance. This can be more complex if your driver supports a lof of configuration
+options. It does not change the state of the interface.
+
+Example:
+\begin{Verbatim}
+scan_dummy() {
+ local device="$1"
+
+ config_get vifs "$device" vifs
+ for vif in $vifs; do
+ # check config consistency for wifi-iface sections
+ done
+ # check mode combination
+}
+\end{Verbatim}
+
+\subparagraph{\texttt{enable\_<driver>}}
+
+This function will bring up the wifi device and optionally create application specific
+configuration files, e.g. for the WPA authenticator or supplicant.
+
+Example:
+\begin{Verbatim}
+enable_dummy() {
+ local device="$1"
+
+ config_get vifs "$device" vifs
+ for vif in $vifs; do
+ # bring up virtual interface belonging to
+ # the wifi-device "$device"
+ done
+}
+\end{Verbatim}
+
+\subparagraph{\texttt{disable\_<driver>}}
+
+This function will bring down the wifi device and all its virtual interfaces (if supported).
+
+Example:
+\begin{Verbatim}
+disable_dummy() {
+ local device="$1"
+
+ # bring down virtual interfaces belonging to
+ # "$device" regardless of whether they are
+ # configured or not. Don't rely on the vifs
+ # variable at this point
+}
+\end{Verbatim}
+
+\subparagraph{\texttt{detect\_<driver>}}
+
+This function looks for interfaces that are usable with the driver. Template config sections
+for new devices should be written to stdout. Must check for already existing config sections
+belonging to the interfaces before creating new templates.
+
+Example:
+\begin{Verbatim}
+detect_dummy() {
+ [ wifi-device = "$(config_get dummydev type)" ] && return 0
+ cat <<EOF
+config wifi-device dummydev
+ option type dummy
+ # REMOVE THIS LINE TO ENABLE WIFI:
+ option disabled 1
+
+config wifi-iface
+ option device dummydev
+ option mode ap
+ option ssid OpenWrt
+EOF
+}
+\end{Verbatim}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 07:11:45 +0000