Pleeb0101
June 2nd, 2005, 04:35
I've been out looking for information about WEP/WPA and freeBSD, but all I can find is from 2000/2001, and I thought I'd just ask here if the way I THINK it is is.

As I understand it, WPA exists in 6.0-CURRENT, but not in anything else? Is there no security mechanism in 5.4 besides forcing wireless clients to log-in via a RADIUS server? Seems like a lot of work for one little laptop...

Thanks for any answers, as always!

Atlas
June 2nd, 2005, 09:38
There is WEP in 5.x but no WPA. WPA is a part of the net80211 in 6.x.

Kernel_Killer
June 2nd, 2005, 18:40
Just FYI, 802.11i only works with 802.11g. No standard was mentioned, so I'm just pointing out the obvious.

Pleeb0101
June 4th, 2005, 06:14
the Card (orinoco a/b/g gold) supports 802.11g, so no problem there...

Still not getting WEP to work right, but I noticed today that the 64 bit hex key on my AP is coming up ass 104-bit in ifconfig, is it taking it as an ASCII key? I thought you needed 26 hex characters for a 128-bit(which is actually 104-bits), so this looks like it might be "the stumbling block". I can note that the card works fine without WEP, so there's no driver/card/hardware problem...

Kernel_Killer
June 4th, 2005, 12:46
Yeah, you should need 26 hex chars for your 128-bit key, and 13 for your 64-bit key. In reality the 128 is only 104-bit, while 64-bit is 40-bit, both with a 24-bit initialization vector key. Unless it can generate a key key from a ASCII passphrase, it should be hex. Are you using wicontrol to do this, or ifconfig?

Pleeb0101
June 5th, 2005, 03:52
I'm using ifconfig. As I understand it wicontrol doesn't work with ath driver. At any rate I get a wicontrol: SIOCGWAVELAN: Device not configured when I try it. Do I perhaps have to prepend 0x in front of the number? I think I've tried it both ways without success...

---Edit---
I can add that I've also got my girlfriends winXP box on a wireless NIC and it works fine with the WEP, so I really can garuntee it SHOULD work.... :0)


---RE-edit---
0x made it say the key was 40 bits, so a step on the way, but still no contact with the AP

Pleeb0101
June 6th, 2005, 11:46
Has noone dealt with this before? A freeBSD laptop tethered to a (very short) CAT 6 is very no-so-useful...... Anyone with an idea?
:0(

Strog
June 6th, 2005, 12:08
I've done some playing around with FreeBSD 5.x to an OpenBSD AP. I was testing with an Orinoco Silver card so I couldn't crank the bits up. I used ascii key on both ends to set it and WEP worked great for me.

I don't trust WEP so I locked almost everything down and used authpf (http://www.openbsd.org/faq/pf/authpf.html) to allow access out to the internet but not the internal network. If someone in my neighborhood cracks the WEP then they could see my traffic but they still couldn't get on since they'd need a ssh login to get access. I was just borrowing a laptop from work and would probably setup IPSEC/OpenVPN to secure something more permanent.

Does it have to be WPA or nothing? or was WPA just a good looking solution to securing the connection? If you just want to secure it then you could drop WEP/WPA and run it all over ssl/ssh/ipsec.

Pleeb0101
June 7th, 2005, 04:45
That is a SEXY idea ;0) And one I plan to get rolling "eventually" like my other 600000 BSD projects... The problem right now is my "AP" is a D-LINK broadband router that only supports WEP WPA and using 802.11x to forward to RADIUS. AND I don't have a spare computer/time to set up a server right now. So really, it's a stop-gap solution, though it may be there a while....