Summary
We have successfully created an Access Point (AP) after ten days of working at it.
Easy when you know how, but not easy if you don't.
The various all you have to do is sites over-simplify things enormously. They ass-u-me knowledge that just may not be there, even for a geek:
Keynotes:
• You need a grounding in firewalls, networks, domain name servers, dynamic host configuration protocol daemons (dhcpd), the Host Access Point Daemon (hostapd), and their configuration files. These are not trivial.
• In particular, you need to understand:
+ Internal, external, demilitarized firewall zones
+ the interaction (under operSUSE) between NetworkManager, yast2 network, and yast2 firewall.
• You need to have two separate interface devices: one, an "external" zone device to access the internet, another, an "internal" zone device, to provide the AP.
• You need to read the instructions in the various configuration (.conf) files carefully. For example, in dhcpd.conf there is a benign little entry:
# Don't forget to set the DHCPD_INTERFACE in the
# /etc/sysconfig/dhcpd file.
• You need to use the correct copy of the particular .conf file. Sometimes there are multiple versions floating around on your system. If it is a script, enter something like:
to make sure that you are running the correct version.
• You need to understand the various WiFi protocols. In particular, use only WPA-PSK, identified by setting
auth_algs=1
(not =2) in hostapd.conf.
• You need to understand that all NICs are not equal. You must select one that is AP-capable:
iw list
• Additionally, some NICs have Linux drivers, some (notably the NetGear 300 series) do not. If they do not then you have to use ndiswrapper, which introduces yet another set of unknowns and learning curves.
I have been delighted with the ΣDIMAX, which has a NIC in the base of a USB antenna.
• it is very much a step-by-step process. Get one step working before continuing to the next. For example, setting up simple test AP before getting fancy with firewalls and DHCP:
• Watch ip address carefully. Most NICs are saved by their MAC addresses as wlan0, wlan1, ..., wlann.
But then for some reason, wlan4 started being recognized as wlan1. We haven't figured that one out yet, but the bottom line is that then yo have to go back to hostapd.conf and /etc/sysconfig/dhcpd and change the NIC name.
• As a result, watch the interaction of the network setup tool and the firewall tool. They are linked under openSUSE. Once wlan4 changed to wlan1 the change was recognized by yast2 network but not by yast2 firewall. So we had to go into yast2 network, deactivate NetworkManager, delete wlan4, recognize and configure wlan1, reactivate NetworkManager, then go back into yast2 firewall to finish the firewall configuration,
• Watch dmesg for firewall drops. With 10.1.0.0/24 declared external and 192.168.7.0/24 declared internal we ass-u-me-d that 192.168.7.31 would be accepted as internal. But it wasn't, resulting in dmesg showing a series of drops of 192.168.7.31 as a Martian source. When we explicitly declared 192.168.7.31/24 as an internal source under Custom Rules the drops ceased and the AP worked.
• Bridging and masquerading are other topics that need to be understood. Ours works best with Bridging off and Masquerading on.
=====
There are zillions of sites that address one or more of these, but none I've found that address them all.
So here goes:
1. Use your distribution software manager (yast2 under openSUSE) to download and install:
hostapd
dhcpd
2. Configure them both.
a. the creator of hostapd is at
I used:
primarily to configure hostapd.conf. Their activation script (see below) seems to be more professional than some others.
was also helpful.
b. dhcpd.conf setup was aided by
3. Write a script to automate the process.
Easy when you know how.
No comments:
Post a Comment