Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Cognitive Psychology

Hostapd_Configuration - Yeungnam Univ. Adavanced Networking

advertisement 
2014 YU-ANTL Seminal
Integrated Congnitive
Management System-Hostapd
Hyun dong Hwang
Advanced Networking Technology Lab. (YU-ANTL)
Dept. of Information & Comm. Eng, Graduate School,
Yeungnam University, KOREA
(Tel : +82-53-810-3940; Fax : +82-53-810-4742
http://antl.yu.ac.kr/; E-mail : mch2d@hotmail.com)
Outline






Integrated Cognitive Management System
Hostapd & Wpa_Supplicant
802.11r Fast transition
Current procedure
Hostapd configuration
Reference
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
2
YU-ANTL Lab Seminal
Hyun dong Hwang
Integrated Cognitive Management System
 Integrated Cognitive Management System Topology
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
3
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd & Wpa_Supplicant
 Hostapd
 hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management,
 IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server,
and RADIUS authentication server.
 The current version supports Linux (Host AP, madwifi, mac80211-based
drivers) and FreeBSD (net80211).
 hostapd is designed to be a "daemon" program that runs in the
background and acts as the backend component controlling
authentication.
 hostapd supports separate frontend programs and an example textbased frontend, hostapd_cli, is included with hostapd.
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
4
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd & Wpa_Supplicant
 Hostapd features
 WPA-PSK (WIFI protected Access)
 WPA with EAP (with integrated EAP server or an external RADIUS
backend authentication server) ("WPA-Enterprise")
 key management for CCMP, TKIP, WEP104, WEP40
 WPA and full IEEE 802.11i/RSN/WPA2
 RSN: PMKSA caching, pre-authentication
 IEEE 802.11r
 IEEE 802.11w
 RADIUS accounting
 RADIUS authentication server with EAP
 Wi-Fi Protected Setup (WPS)
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
5
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd & Wpa_Supplicant
 Wpa_supplicant
 wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and
Windows with support for WPA and WPA2 (IEEE 802.11i / RSN).
 Supplicant is the IEEE 802.1X/WPA component that is used in the client
stations.
 It implements key negotiation with a WPA Authenticator and it controls
the roaming and IEEE 802.11 authentication/association of the wlan
driver.
 wpa_supplicant is designed to be a "daemon" program that runs in the
background and acts as the backend component controlling the wireless
connection.
 wpa_supplicant supports separate frontend programs and a text-based
frontend (wpa_cli) and a GUI (wpa_gui) are included with
wpa_supplicant.
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
6
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd & Wpa_Supplicant
 Wpa_supplicant features
 WPA-PSK ("WPA-Personal")
 WPA with EAP (e.g., with RADIUS authentication server) ("WPAEnterprise")
 key management for CCMP, TKIP, WEP104, WEP40
 WPA and full IEEE 802.11i/RSN/WPA2
 RSN: PMKSA caching, pre-authentication
 IEEE 802.11r
 IEEE 802.11w
 Wi-Fi Protected Setup (WPS)
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
7
YU-ANTL Lab Seminal
Hyun dong Hwang
Current procedure
 Current Problem
 If do not using Bridge port, Wpa_cli command ft_ds(run the Fast BSS
Transition) is not transport to target AP
 If using Bridge port, network DNS server not working
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
8
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast transition
 802.11 Key Hierarchy
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
9
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast transition
 802.11r Action Frame
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
10
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast trasition
 802.11r FT Request Frame
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
11
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast trasition
 802.11r FT Respone Frame
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
12
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast transition
 FT Confirm frame
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
13
YU-ANTL Lab Seminal
Hyun dong Hwang
802.11r Fast transition
 FT ACK frame
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
14
YU-ANTL Lab Seminal
Hyun dong Hwang
Over-the-DS FT Protocol authentication in
an RSN
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
15
YU-ANTL Lab Seminal
Hyun dong Hwang
Over-the-DS FT Protocol authentication in
an RSN
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
16
YU-ANTL Lab Seminal
Hyun dong Hwang
Current procedure
 Test Topology
AP
Hostapd
_cli
Hostapd
Bridge port
Ethernet
AP1 : Hostapd
AP2 : Hostapd
STA
Wpa_
supplicant
STA1 : WPA_Supplicant
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
Wpa_cli
STA2 : WPA_Supplicant
17
YU-ANTL Lab Seminal
Hyun dong Hwang
Current topology
 Network dirver : ath9k(NL80211)
Ethernet
Ubuntu 12.04 LTS
Kernel : 2.6.38-8-generic
Hostapd 2.0
LAN CARD : TP-LINK TL WDN4800
Ethernet
bridge
Ubuntu 12.04 LTS
Kernel : 2.6.38-8-generic
Hostapd 2.0
LAN CARD : TP-LINK TL WDN4800
Ubuntu 12.04 LTS
Kernel : 2.6.38-8-generic
Wpa_supplicant 2.0
LAN CARD : TP-LINK TL WDN4800
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
18
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd 2.0
 Ubuntu 12.04 일때 필수 설치 라이브러리
 libnl-1, libnl-2, libnl-1-dev, libnl-2-dev, bridge-utils, iw, openssl(libssl-dev)
 Compat wireless module(for ath9k driver)은 더 이상 지원 안함
 Ubuntu 11.04일때는 Compat wireless module을 이용한 ath9k
설치가 필요 하지만 Hostapd 2.0의 openssl 1.0.1f를 지원하지 안
고 드라이버에 인증서가 설치가 안됨.
 Hostapd 2.0 이상의 버전에서는 openssl 1.01f 이상의 버전 지원
이 필수
 Iptable을 통한 포트 포워딩
 dhcp3-server를 설치하여 동적 네트워크 IP를 할당 및 후에 RSN
구성
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
19
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd configuration
 /etc/network/interface
No Bridge
Using Bridge
auto lo
auto lo
iface lo inet loopback
iface lo inet loopback
auto eth0
auto eth0
iface eth0 inet static
iface eth0 inet static
auto br0
address 165.229.185.233
iface br0 inet static
netmask 255.255.255.0
address 165.229.185.233
gateway 165.229.185.1
netmask 255.255.255.0
auto wlan0
gateway 165.229.185.1
iface wlan0 inet static
bridge_ports eth0
address 10.10.0.1
bridge_fd 9
netmask 255.255.255.0
bridge_hello 2
bridge_maxage 12
bridge_stp off
auto wlan0
iface wlan0 inet static
address 10.10.0.1
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
20
netmask 255.255.255.0
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd configuration
 /etc/dhcp/dhcpd.conf : DHCP server 설정
ddns-update-style none;
ignore client-updates;
authoritative;
option local-wpad code 252 = text;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.2 10.0.0.16;
option domain-name-servers 8.8.4.4, 208.67.222.222;
option routers 10.0.0.1;
}
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
21
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd configuration
 /etc/default/isc-dhcp-server : DHCP server init script
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="wlan0"
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
22
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd configuration
 실행 Script 파일
ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0
sleep 2
if [ "$(ps -e | grep dhcpd)" == "" ]; then
dhcpd wlan0 &
fi
#########
#Enable NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUER
ADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT
sysctl -w net.ipv4.ip_forward=1
./hostapd -dd ./hostapd.conf
killall dhcpd
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
23
YU-ANTL Lab Seminal
Hyun dong Hwang
Hostapd configuration
 Hostapd.conf
interface=wlan0
driver=nl80211
#bridge=br0
ctrl_interface=/var/run/hostapd
ctrl_interface=0
hw_mode=g
channel=5
auth_algs=1
ieee80211n=1
ssid=yuantl
wpa=2
wpa_key_mgmt=FT-PSK
wpa_pairwise=CCMP TKIP
rsn_pairwise=CCMP TKIP
wpa_passphrase=12345678
wpa_group_rekey=3600
#iapp_interface=eth0
own_ip_addr=165.229.185.233
rsn_preauth=1
rsn_preauth_interfaces=eth0
okc=1
nas_identifier=nas2.kir.nu
mobility_domain=a1b2
r0_key_lifetime=10000
r1_key_holder=000102030406
reassociation_deadline=1000
pmk_r1_push=1
r0kh=64:66:b3:0b:c0:94 nas.kir.nu 000102030405060708090a0b0c0d0e0f
r0kh=64:70:02:07:ad:c4 nas2.kir.nu 0f0e0d0c0b0a09080706050403020100
r1kh=64:66:b3:0b:c0:94 00:01:02:03:04:05 0f0e0d0c0b0a09080706050403020100
r1kh=64:70:02:07:ad:c4 00:01:02:03:04:06 000102030405060708090a0b0c0d0e0f
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
24
YU-ANTL Lab Seminal
Hyun dong Hwang
Reference
[1] 김진욱, 김영탁, “IEEE 802.11환경에서 Network Initiated
Roaming 기반의 로드밸런싱을 이용한 인지형 무선 LAN 관리 시스
템”, JCCI, 2013.
[2] IEEE Standard 802.11-2007, “Wireless LAN Medium Access
Control (MAC) and Physical Layer (PHY) specification,”
June 2007.
[3] Devin Akin, David Coleman, “Robust Security
Network(RSN) Fast BSS Transition(FT)” white paper,
Setember 2008
[4] http://hostap.epitest.fi/wpa_supplicant/devel/
[5] http://wireless.kernel.org/en/users/Documentation/hostapd
Advanced Networking Tech. Lab.
Yeungnam University (YU-ANTL)
25
YU-ANTL Lab Seminal
Hyun dong Hwang
Related documents
Exercise
Exercise
頻寬分配 - RSWiki
頻寬分配 - RSWiki
THE WPA
THE WPA
SHINee - eReportz
SHINee - eReportz
如何撰寫論文 - Min-Shiang Hwang
如何撰寫論文 - Min-Shiang Hwang
WLAN Infrastructure Monitoring and Supplicants
WLAN Infrastructure Monitoring and Supplicants
Prof. Martin Miller
Prof. Martin Miller
Tactical network solutions
Tactical network solutions
Download
advertisement