This post is just a feature request/attempt at adding a wireless card/USB device and running your own WAP. The requirements include hostapd and a driver that’s already included in the kernel. I know realtek drivers can be a challenge to work with and not all are included in the kernel which means one would have to compile the module after each kernel upgrade.
So the basics would be to add wlanX to the green zone.
configure hostapd and set it up to start at boot
Adjust firewall and services appropriately
I’ve done this now on a couple RPi2’s running ubuntu/webmin. Though I’ve noticed some relevant unresolved/known issues and have had to implement workarounds. The firewall part may be tricky as I found I had to create a bridged port between eth0 and wlan on RPi2 in order for traffic to flow. If the bridged port doesn’t exist, the client just connects and is unable to get to the network. All DIY’s and HowTo’s I’ve found indicate that firewall rules with forwards and nat masquerading was required (though not true on bridged ports). But I couldn’t get those firewall rules to work write, and if they did, the connected wireless device traffic would appear to come from the WAP and not the device itself. Something I don’t think should occur in a network that should be monitored and controlled.
If I have the time I’ll attempt this myself and write a HowTo for everyone up until this is officially included? I’m hoping it makes it to the list.
I had made such experiment with my Raspi, a wireless USB dongle, and a Ethernet-USB adapter.
It was really fun to make.
I will see if I had all the bunch of link about the subject.
I suggest to add the wlan in the blue zone, all the firewall preset adjust are already done.
I commented the green zone but the blue zone may be the appropriate place. I don’t really use the firewall functionality with NS and only include the minimal stuff that I need to make it work with everything else I have running. The zone placement is really dependent on the user. Setting up the firewall is really out of scope with the topic, I’d only incldue the minimal info just to get a wireless device connected.
I’d like to have this feature, too.
Could you please open a new issue on dev.nethserver.org or give us all the details here so that I could file the issue?
Thank you.
I google’d around a bit and found a HowTo for Centos 6. Explains and guides the user what needs to be done. It’s basically what I did on debian, although on debian the hostapd packages were readily available to be installed by apt-get. In this HowTo, you’ll need to download the latest source and compile it. Which probably isn’t a bad idea since this would be a package built for NS; someone would just need to maintain it. You also need to install bridge-utils, but that may already be installed depending on what the user has installed.
The challenge would be creating the WebUI for all the different parameters, but for starters and POC, all you would need is the bare minimum. Anything accidently left out can be added to the config file using CLI.
Users may ask, why do this? The NS is located in a awkward location or too far from anyone that may actually be able to connect to it. I recently bought a USB to ethernet extension adapters that allow me to extend a USB wireless adapter from my basement up to my attic using this. So one isn’t limited to the physical location of NS.
I prefer to use packages, those are used by others and probably well tested, apart from being also quicker.
In this case the package is available from epel (it means high quality).
If you can share the list of options you had to modify in the configuration file we can work on an howto (and then on a package).
OK, Here’s what I’m using in my hostapd.conf file. It’s not every option available but these work in my case.
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
# Accept/deny lists are read from separate files (containing list of
# MAC addresses, one per line). Use absolute path name to make sure that the
# files can be read on SIGHUP configuration reloads.
# accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny
interface=wlan4
bridge=br0
#driver=nl80211
driver=rtl871xdrv
ssid=<YOUR SSID HERE>
hw_mode=g
channel=5
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<YOUR PASSPHRASE HERE>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wmm_enabled=1
#ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
This idea sounds great! I was looking for this feature too. Here is the route I’ve taken to get the job done if it helps someone:
First check that your wireless card is capable to use hostapd modinfo $(lspci -k|grep -A 3 -i network|grep in\ use|cut -d: -f2)|grep depends
I don’t know what all drivers are supported, but if you driver supports mac80211, you’re good to go.
Create bridge interface in Server Manager so WLAN and LAN traffic is identical.
Configuration > Network > New logical interface > Bridge
And select LAN and WLAN interface.
Hit Next and keep the IP address you once used for LAN interface to interface br0.
Install hostapd from epel repository and configure it: yum install hostapd cat > /etc/hostapd/hostapd.conf <<EOF
interface=wlan0 #put name of your interface here
driver=nl80211 #driver nl80211 supports mac80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=wifiAP #name your AP as you wish
hw_mode=g
channel=1 #choose a channel
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=1
wpa_passphrase=yoursecret #wifi password goes here
wpa_key_mgmt=WPA-PSK WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
EOF systemctl --now enable hostapd
Now check with your phone or laptop if you can connect to the new AP and if the internet works.
Cheers!