ZOTAC ZBOX Nano A10 – Make a Wireless Access Point With hostapd

ZOTAC ZBOX Nano A10 – Create A Filtering Wireless Gateway

Wireless Access Point
DNS Proxy
DHCP
Gateway/Firewall
HTTP Proxy
Content/List based HTTP filtering

The Linux device driver which gets installed on this hardware for wireless network device is called ath9k. Unfortunately, it does not currently support the “Managed” mode (or the chip-set does not) and therefore as such cannot turn the Nano-box wireless network interface as an access point, hot-spot or other. In Linux, however there is always a way out.

The answer is the hostapd-package which creates on top of the wireless device, wlan0 a virtual network device, which has the capacity to work as an access point. It contains a built-in authentication service, which allows for example the usage of WPA-PSK encryption and handshaking.

Warning, the resulting system cannot work as access point to every device that you may imagine. You need to try. I noticed, for example that Wii’s wireless and Dell Dimension D610′s wireless (Intel chipset + Windows XP SP-3) failed either to connect or failed in authentication. The latter can be sometimes fixed by using a WEP key but if the radio connection fails, like with Wii, there is nothing to do. All Linux boxes, A Canon printer and telephones connected OK.

Note, I do not believe on that sudo(8) mayhem of Ubuntu world. A part of some limited, well planned usage I consider using sudo as self-$#@&^%. Instead, I suggest that you set yourself as root in the command line using su(1) and that you assume your responsibilities.

If you do not know who the hell is the root user and even less about a command line, you can stop reading now. Sorry.

Let’s install the packages we need, hostapd and wpasupplicant (for WPA-PSK handshaking).

apt-get install wpasupplicant
apt-get install hostapd

Check that the wireless adapter is visible.

iwconfig wlan0
wlan0     IEEE 802.11bgn  Mode:Master  Frequency:2.412 GHz  Tx-Power=15 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

Configure both the eth0 and wlan0 with fixed addresses, no DHCP dependencies.

pbox network # cd /etc/network
pbox network # cat interfaces
auto lo
iface lo inet loopback

# eth0
auto eth0
iface eth0 inet static
    address 192.168.1.99
    netmask 255.255.255.0
    gateway 192.168.1.254

# wlan0
auto wlan0
iface wlan0 inet static
    address 192.168.2.99
    network 192.168.2.0
    netmask 255.255.255.0
    broadcast 192.168.2.255

# hostapd for Master mode on wlan
up /etc/init.d/hostapd restart

Configure the hostapad (without activating gateway function – we will use Firestarter instead because we need some other functions as well).
Change wpa_passphrase and country_code fields below.

pbox network # cd /etc/hostapd/
pbox hostapd # cat hostapd.conf
interface=wlan0
driver=nl80211
device_name=hostapd WLAN

logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
dump_file=/tmp/hostapd.dump

ssid=WLAN_AP-SSID
channel=1

ignore_broadcast_ssid=0

country_code=FR
ieee80211d=1

hw_mode=g
beacon_int=100
dtim_period=2

# MAC-Authentifizierung
macaddr_acl=0

ssid=pbox-wlan
max_num_sta=255
macaddr_acl=0
auth_algs=3

wme_enabled=0
ieee8021x=0

wpa=2
wpa_passphrase=MY-SECRET-CODE-3210
wpa_key_mgmt=WPA-PSK WPA-EAP
wpa_pairwise=TKIP CCMP
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400
assoc_sa_query_max_timeout=50000

Make a symbolic link for messages log file which is not used by default in Linux Mint but which will be required with some of the packages we will install here. It would be pity to lose log entries for debugging and for security reasons.

pbox etc # cd /var/log
pbox log # ln -s syslog messages

Don’t worry, later on, after the automatic log rotation the symbolic link will be replaced by a real messages log file. But we need to have the file name during the installation phase.

Restart the system

pbox etc # init 6

Check that we see now three network interfaces.

eth0      Link encap:Ethernet  HWaddr 00:01:2e:3a:d6:60
          inet addr:192.168.1.99  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::201:2ef:fe3a:d660/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3467474 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1989186 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:110424433 (110.4 MB)  TX bytes:480942424 (480.9 MB)
          Interrupt:43 Base address:0x6000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:195995 errors:0 dropped:0 overruns:0 frame:0
          TX packets:195995 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:342676099 (342.6 MB)  TX bytes:342676099 (342.6 MB)

mon.wlan0 Link encap:UNSPEC  HWaddr 74-2F-68-AF-CC-22-30-30-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32440 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4580204 (4.5 MB)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 74:2f:68:af:cc:22
          inet addr:192.168.2.99  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::762f:68ff:feaf:cc22/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41319 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19383627 (19.3 MB)  TX bytes:32538028 (32.5 MB)

Test. Follow the log output of hostapd, fire up an external machine and try to connect to the new access point while observing eventual problems with the connectivity.

tail -f /var/log/syslog

You cannot connect yet since you must have be recognized first by the DHCP service but you can observe the activity until the authentication failure (by now) in the syslog-file.

Next

About these ads

M.P. Says:

Sunday, June 10, 2012 at 15:22

The hostapd installation has suffered from day #1 some shaky WAP2 handshaking with various devices. Today, after some automatic Linux Mint update it stopped WAP2 handshaking with _all_ of my devices :-( . The culprit is, reportedly he ath9k wireless device driver. Since there was no fresher version available in the Linux Mint repository, I downloaded the latest source code here, compiled, installed and enjoyed seeing the problem having disappeared: http://linuxwireless.org/download/compat-wireless-2.6/

C ä n n e ‘ s N o t e b o o k