Connecting to a Wireless (802.11) Network
| Sales of laptop computers have exploded in recent years, and with it the demand for true mobile computing using wireless Ethernet cards and base stations and the 802.11 Ethernet standard, also known as Wi-Fi. If you have installed FreeBSD on your laptop, you will likely want to know how to connect it to your wireless network at home or at work. This can be a challenging prospectthere's more subtlety to it than you might think at first, taking into account the authentication protocols and security precautions that are in place on well-maintained wireless networks. Yet while many things in the UNIX world are difficult, very little is impossible. Note This section addresses configuring your FreeBSD machine as a wireless client, using the signal from an existing access point or base station. If you want to configure your own base access point using FreeBSD, turn to Chapter 28, "Configuring an Internet Gateway," and go to the section "Configuring a Wireless Internet Access Point." Choosing a Wireless CardThe first step in making your laptop work with a wireless network is making sure the 802.11 card is supported by FreeBSD. If your wireless network uses 802.11b (the most common protocol, supporting speeds up to 11Mbps using a 2.48GHz radio signal), you're in luckalmost all common 802.11b cards are supported by FreeBSD natively. If your wireless network uses 802.11g, the successor to 802.11b that supports speeds up to 54Mbps, the situation is not so rosy. Only a few cards are explicitly supported at the time of this writing, although this is an area where many FreeBSD developersparticularly those with laptopsare focusing their efforts. However, because of standardization in the industry (and because of a few tricks such as NDIS tools that can jury-rig a Windows driver binary into FreeBSD to support certain cards), chances are that you'll be able to get an 802.11g or even an 802.11a card to work with FreeBSD. Refer to the online Handbook (http://www.freebsd.org/handbook/network-wireless.html) for instructions on how to accomplish this. Appendix B, "Hardware Compatibility Lists," contains a partial list of wireless Ethernet cards known to work with FreeBSD. Basic (Unencrypted) Wireless ConnectivityMost wireless networks these days support encryption, which requires a more complicated setup procedure for your 802.11 client than is otherwise the case. To get wireless connectivity working in its most basic case, turn off encryption and authentication (if possible and advisable) in your wireless access point or base station. You can turn it back on after getting FreeBSD to connect using a standard unencrypted signal. First, check to see whether FreeBSD has detected your wireless card, using the wi (Wireless Internet) driver: # ifconfig wi0 wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::202:2ea2:dd2d:c938%wi0 prefixlen 64 scopeid 0x7 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 ether 00:09:2d:2d:c9:50 media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps) status: no carrier ssid "" stationname "FreeBSD Wireless node" channel 10 authmode OPEN powersavemode OFF powersavesleep 100 wepmode OFF weptxkey 1The status: no carrier line means the card isn't connected, but the fact that you got output for the wi0 device means it's supported by FreeBSDa good sign. The next step is to configure the card for your wireless network, which in this example has a name, or SSID, of MyNetwork: # ifconfig wi0 inet 192.168.0.10 netmask 255.255.255.0 ssid MyNetworkUse an appropriate static IP address and netmask in place of 192.168.0.10 and 255.255.255.0 in this command line. (To see how to use DHCP to obtain an IP address automatically, see Chapter 35.) Check the output of ifconfig wi0 again, and look at the status line. If you see status: associated, it means you've successfully joined the wireless network. Also check for ssid: MyNetwork (along with some other information), indicating that you joined the correct network by name. Then, try using the ping utility (as you saw in Chapter 23) to verify that you're connected successfully to the Internet. If your wireless network normally has no encryption or authentication and this configuration works for you, you can add it permanently to your /etc/rc.conf file: ifconfig_wi0="inet 192.168.0.10 netmask 255.255.255.0 ssid MyNetwork"However, it's never advisable to run a wireless network without encryptionand most home and corporate networks do encrypt their traffic. You'll want to make sure FreeBSD works with that extra layer of security. Encrypted Wireless ConnectivityWEP, the Wired Equivalency Protocol, is an encryption scheme for wireless networks that ensures that only authorized users can join the network or intercept its packets. It's not a particularly robust protocol, and its 40-bit cipher was cracked years ago. Most wireless Ethernet cards support the stronger 128-bit (actually 102-bit) cipher standard; use this method if at all possible. Still, though, it's important to realize that WEP is called "Wired Equivalency" for a reason: it's not designed to be perfectly secure, but rather to give you about the same amount of security that you would have from a wired connection. Just as it's possible for someone to break into your house and plug an Ethernet cable into your switch, someone can crack your WEP network and eavesdrop on your communications. IPSec is a much more secure solution than WEP; however, not as many access points support it as support WEP. Because of its greater ubiquity, this chapter focuses on WEP. You can find out more about IPSec in Chapter 31, "Virtual Private Networks (VPNs)," or in the online Handbook (http://www.freebsd.org/handbook/ipsec.html). First, determine what the secret key is on your wireless access point. In most cases, this will be a regular text password that you can set in the access point's configuration. For this example, assume the password is mypassword. (Note that this is not the password for administering the access point itselfthat's usually a different password entirely.) If you had previously disabled encryption for testing purposes, turn it back on now. Next, you need to load the wlan_wep kernel module: # kldload wlan_wepIf you plan to use an encrypted wireless network frequently, you should add it to your loader.conf file or build it into a custom kernel, as described in Chapter 18, "Kernel Configuration." Now, use the ifconfig command as you did before, only with some extra commands at the end to turn on WEP and to specify the key:
Now, if you enter ifconfig wi0, you should see a line similar to the following: authmode OPEN privacy MIXED deftxkey 1 wepkey 1:104-bit txpowmax 100 Tip If you see deftxkey UNDEF in the output, you should add deftxkey 1 to your ifconfig line. If you're able to communicate with the Internet, congratulationsyou've got a fully functional encryption-enabled wireless network client! Scripts for Connecting and DisconnectingIt's a good idea to write scripts to manually bring up and tear down the wireless network, just as in configuring PPP. Unlike PPP, however, these scripts are ad-hoc in nature and aren't built into any existing architecture; you're flying by the seat of your pants here. For example, Listing 24.2 shows a sample wi-up script that you can set executable and put into /usr/local/bin so that you can join the wireless network with a simple wi-up command. Listing 24.2. A Sample wi-up Script for Bringing Up the Wireless Network
Similarly, a wi-down script (as shown in Listing 24.3) can be useful for turning off your wireless card and leaving the network, which prevents timeouts in trying to communicate over a nonexistent network and saves your laptop's battery power. Listing 24.3. A Sample wi-down Script for Leaving the Wireless Network
|
0x