Ver Feed RSS


[DICA] 18 - Tutorial para implementar Ap virtual em equipamentos Ubiquit em modo bridge

Avalie este Post de Blog

1 de novembro de 2013 às 16:28
Sharing connection through a secondary unprotected WLAN with only one station




Nowadays, our DSL connections are good enough, and most of the time the bandwidth gets wasted, as we are not using it. Sometimes we wouldn't mind in sharing our connection with our neighbours for free, but the usual way is leaving our AP unprotected, so they are able to reach it without a password. This solution is easy, but we lose the traffic protection that WPA bring us.
In this article, I'll show how to create a secondary unprotected WLAN in our AirOS APs, show we can keep on feeling good and secure, while the neighborhood can enjoy the free remaining bandwidht. After following these steps, our AP will provide the next connections:

  • WPA Protected WLAN, bridge to the DSL router
  • Unsecured WLAN, bridge to the DSL router

Both networks will operate on the same channel, as we have only one wireless device and it have to operate on a fixed channel.
But... how?

The AirOS firmware is, in essence, a customized version of Linux. In fact, we can get the SDK that includes all the source code (and some disabled extras) that make our stations work. These facts allow us to program our stations and change them in the same way we could change our favourite Linux distribution.
In this case, we won't need to get the SDK, as we'll only connect through SSH to our AP and type in some commands. We'll use the madwifi tools included in the firmware - that provide a driver for the integrated wireless hardware - to create a new virtual device. This new device will work in AP-bridge mode, just in the same way our WPA protected device can work.
I like it. Let's start!

The first step to make our new configuration work is setting WPA protection for the AP through the AirOS web interface the usual way. If you don't know how to do this, you should start reading the AirOS article before going on.
To configure the second WLAN, we need shell access to the Station. We can enable it in the Services tab, checking the "Enable SSH Server" box. Apply the changes and try the connection with your favourite SSH client. You can use PuTTY in Windows ( or 'ssh' in Linux.
If you are using Windows, open the PuTTY client and enter the station IP. If you are using Linux, open a Terminal and type in 'ssh ubnt@stationIP'. You'll have to enter the same user and password you use in the web interface.
Once we're inside the shell, we'll see something like this:

luismi@bender:~$ ssh ubnt@'s password: BusyBox v1.01 (2009.04.18-20:08+0000) Built-in shell (ash)Enter 'help' for a list of built-in commands.XS2.ar2316.v3.3.2.SDK.090418.2203#
Now we are inside the shell, and we can type in some commands. We'll start creating the new virtual device. To do this, we'll use the tool 'wlanconfig'. Let's see:

XS2.ar2316.v3.3.2.SDK.090418.2203# wlanconfigusage: wlanconfig wlanX create wlandev wifiX wlanmode [sta|adhoc|ap|monitor|wds] [bssid | -bssid] [nosbeacon]usage: wlanconfig wlanX destroyAs we can see in the syntax, we have to provide the new wlan device name, the base wifi device and the operating mode. We'll type in the next command to create the device 'ap0', attached to the physical device 'wifi0' in ap mode:

XS2.ar2316.v3.3.2.SDK.090418.2203# wlanconfig ap0 create wlandev wifi0 wlanmode ap ap0XS2.ar2316.v3.3.2.SDK.090418.2203#Now, we have a new virtual device, attached to the wireless card. Now we'll configure the essid, channel and bridge. After that, we'll bring it up:

XS2.ar2316.v3.3.2.SDK.090418.2203# iwconfig ap0 essid FreeInternet channel 8XS2.ar2316.v3.3.2.SDK.090418.2203# iwconfig ap0 key off openXS2.ar2316.v3.3.2.SDK.090418.2203# iwpriv ap0 authmode 1XS2.ar2316.v3.3.2.SDK.090418.2203# iwpriv ap0 ap_bridge 1XS2.ar2316.v3.3.2.SDK.090418.2203# brctl addif br0 ap0 XS2.ar2316.v3.3.2.SDK.090418.2203# ifconfig ap0 upWith only these small bunch of commands, the new wlan should be operating and bridging to the Internet connection, and the usual WPA protected wlan should be working as well. We can take a look to the Wireless Networks list in our laptop, and confirm everything is working connecting to it.
If everything was right, we should be enjoying Internet through the new unprotected wlan. Once we have reached this point, we have to make the changes persistent. If not, everytime we reboot the station, we'll need to configure it.
Persistent Storage

The AirOS firmware has a place where we can put our scripts, and they'll get executed everytime the station is booted. This place is located in the folder /etc/persistent, and the script that gets loaded everytime is called rc.poststart. Normally, we won't find it, as the default AirOS installation doesn't use it, but we can create it and it'll work as well.
To create the script, we'll type in the following commands:

XS2.ar2316.v3.3.2.SDK.090418.2203# cd /etc/persistentXS2.ar2316.v3.3.2.SDK.090418.2203# echo "#!/bin/sh" > rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "wlanconfig ap0 create wlandev wifi0 wlanmode ap" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "iwconfig ap0 essid FreeInternet channel 8" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "iwconfig ap0 key off open" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "iwpriv ap0 authmode 1" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "iwpriv ap0 ap_bridge 1" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "ifconfig ap0 up" >> rc.poststartXS2.ar2316.v3.3.2.SDK.090418.2203# echo "brctl addif br0 ap0" >> rc.poststartDuring my tests, I've found some reliability problems with this configuration. It seems the WLAN sometimes stop accepting connections. The situation seems to get solved with some extra tuning to the new virtual driver. If you experiment these problems, you can try to add these parameters to the script:

iwpriv ap0 ff 0iwpriv ap0 burst 0iwpriv ap0 compression 0iwpriv ap0 wmm 1iwpriv ap0 wmmlevel 0iwpriv ap0 set_roaming 1iwpriv ap0 addmtikie 1iwpriv ap0 wds 0iwpriv ap0 autowds 0iwpriv ap0 hide_ssid 0
Once this is done we should check that everything worked, checking the contents of the rc.poststart file (if you have added the extra parameters, you'll have them in the rc.poststart script as well):

XS2.ar2316.v3.3.2.SDK.090418.2203# cat /etc/persistent/rc.poststart#!/bin/shwlanconfig ap0 create wlandev wifi0 wlanmode apiwconfig ap0 essid FreeInternet channel 8iwconfig ap0 key off openiwpriv ap0 authmode 1iwpriv ap0 ap_bridge 1brctl addif br0 ap0ifconfig ap0 upXS2.ar2316.v3.3.2.SDK.090418.2203# Everything is in it's place, and the connection is working. So we only need to commit the changes, so it won't get lost after rebooting the ap. Let's type in this command:

XS2.ar2316.v3.3.2.SDK.090418.2203# cfgmtd -p /etc -wStoring Backup[2] ... [%100]Storing Active[1] ... [%100]XS2.ar2316.v3.3.2.SDK.090418.2203# After this, we are ready to reboot our AP and check that everything is working. Let's do it:

XS2.ar2316.v3.3.2.SDK.090418.2203# rebootConnection to closed by remote host.Some seconds after the reboot, we can check the Wireless Networks list in the laptop again. If everything worked, we should see the two access points that our station is providing: the WPA protected, and the unsecured one.
That's all, folks

In this article we have learned how to create a new virtual Access Point to share our connection without leaving our personal connection unprotected. In forthcoming articles we'll learn how to limit the Free AP throughput, maybe our neighbors like P2P too much, and they'll kill our connection in order to watch the last Lost chapter.

Avalie nosso Post e nos ajude a continuar escrevendo. Obrigado.

Atualizado 03-12-2013 em 16:43 por interhome



+ Enviar Comentário

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L