WPA, Xen and other problems
Today I finally encrypted my wi-fi link. It’s always been locked down by MAC address, but that’s pretty weak really.
This unfortunately has been rather involved, firstly the changes to hostap (which I use to turn my wireless card into a wireless hostspot:
# WPA (0×1) and WPA2 (0×2)
wpa=3
wpa_passphrase=not in my blog
wpa_key_mgmt=WPA-PSK
#wpa_pairwise=TKIP CCMP
Easy enough, though it seemed much happier after a reboot (I’m doing this on Xen and sometimes hostap seems to get confused with interfaces, bridges and udev).
My desktop I then found out will not do WPA since the prism2 chipset (very old) does not support it. I therefore swapped from the “orinoco” to the “hostap” driver (but _not_ running hostapd as that would turn it into a wifi access point!):
apt-get install hostap-utils
recompiled kernel with hostap support!
checked that hostap_plx kernel module was loaded instead of orinoco_plx
I flashed the firmware on my wifi card too using the instructions from here. My primary firmware was 0.3.0 still, but the station firmware was upgraded from 1.3.4 to 1.7.1.
However, network-manager still only prompted me for WEP or None as encryption types - no WPA 
I therefore ran this by hand:
wpa_supplicant -g /tmp/wpa -d -i wlan0 -Dhostap -C /tmp/wpa2
wpa_cli -p /tmp/wpa -i wlan0
(now in wpa_cli)
add_network
set_network 0 ssid “mywifi”
set_network 0 key_mgmt WPA-PSK
set_network 0 psk “not in my blog”
set_network 0 pairwise TKIP
set_network 0 group TKIP
set_network 0 proto WPA
enable_network 0
(back on the command line)
dhclient wlan0
network manager kept popping up though and I’ve lost wi-fi several times, although it currently seems to be associated with my wifi. I suspect it’s because wpa_supplicant needs to be told to use the hostap driver not the normal wext one.
I’m also getting lots of errors on the hostap box (which is xen and stuck at 2.6.18):
wifi0: TX - encryption failed
Invalid packet for Michael MIC add (tailroom=6 hdr_len=24 skb->len=60)
This will hopefully be resolved by this patch but being a xen kernel it’s a bit of a PITA to compile.
Thanks to this link I recompiled the kernel. For reference
- download and unpack linux-2.6_2.6.18.dfsg.1-18etch1.dsc etc
- apply patch
- fakeroot debian/rules debian/build debian/stamps
- fakeroot make -f debian/rules.gen setup-i386-xen-686
- fakeroot make -f debian/rules.gen binary-arch-i386-xen-686
I think this might be the cause of a wierd problem I see - where box A and box B can both see google but not each other. I can see all the ARP requests on the bridge, but they don’t make it back out on the wifi to the other box. If the ARP request is for any VM on the hostap box (my Xen Dom0 runs hostap) then it works fine.
We’ll see how this goes.
Update: That new kernel has fixed both the “Invalid packet for Michael MIC add” errors and the “no ARPs” problem. So things are looking much better. The problem of the desktops disconnecting all the time is still happening, I’m putting that down to network-manager being crap given that I’ve been in _way_ too many situations where it fails with my (previous open) network when a simple “iwconfig wlan0 essid foo; dhclient wlan0″ works just fine.
Also found this post saying to add “bridge=intbr0″ to hostap.conf which I’ve now done.
Posted: March 24th, 2008 under Linux, My setup.
Comments: none
Write a comment