Setting up an All-Linux Wireless LAN

Laptops are cheap, WiFi cards are cheap and well-supported...maybe it's time to build your own LAN.
Set up WiFi on the Client

All you should have to do is put in an extended service set ID (ESSID) that matches the one on the base station.

Set up the DHCP Server on the Base Station

To make the base station work as a DHCP server, you also will need to add a route to 255.255.255.255, which is the destination address for DHCP traffic. Unless the 255.255.255.255 route exists, DHCP packets will take the default route instead of the WiFi interface, which is not what you want. You can add this route to the dhcp init script. While you're editing this script, make dhcpd run it only on the WiFi interface (in the case of solanum, eth0). You don't want the base station spewing DHCP traffic to places it isn't wanted. So replace

/usr/sbin/dhcpd

with

route add -host 255.255.255.255 dev eth0
/usr/sbin/dhcpd eth0
Set up a dhcpd.conf file on the base station to give out IP addresses only to your own systems:
# /etc/dhcpd.conf for solanum
# run the DHCP server on the WiFi interface only!
default-lease-time 1800;
max-lease-time 7200;
subnet 10.2.0.0 netmask 255.255.0.0 {
}
subnet 198.144.202.0 netmask 255.255.255.0 {
}
host cannabis {
    hardware ethernet 00:02:2d:2e:56:df;
    fixed-address 10.2.0.2;
}
This is not a security measure, but it will keep your DHCP server from wasting time on any of your neighbors who set up their clients incorrectly.

At this point you should be able to ping the base station from the client over WiFi.

VPN

There are many virtual private network (VPN) options for Linux, and you might have one installed already for a different reason. If so, you can skip installing a separate VPN just for WiFi, and simply configure IP masquerading on the base station to allow traffic only from the WiFi network to the VPN server and vice versa, and you're done. If you need to set up a VPN between several locations for travelers or for home offices, and you also need VPNs for WiFi at each location, save time by picking one VPN that works for both.

Otherwise, choose and install a VPN just for WiFi. For this article, I chose vpnd (see Resources), which has the advantages of working with an “out-of-the-box” kernel, being available as a Debian package and being simple to configure.

The kernels of clients and the server will need to have the kernel random number generator and SLIP support as a module. The stock kernels that come with distributions have this, but if you built your own kernel and didn't compile any modules you didn't need then, you'll have to go back, make menuconfig, choose SLIP and then do:

make modules && make modules_install.

The good news is that you don't have to reboot to do this if you're running a modular kernel and still have the kernel source and kernel .config that you built from. If you took out kernel random number generator support, shame on you—put it back in, as not only vpnd but much other fine crypto software depends on it.

To set up keys for vpnd, run vpnd -m on the base station, then copy the resulting /etc/vpnd/vpnd.key to the client. Configuration files for vpnd are pretty simple; Listing 2 shows an example.

Listing 2. /etc/vpnd/vpnd.conf

At this point you should be able to ping the base station's virtual address (10.3.0.1 in this case) from the client, and vice versa. If not, check the logs for vpnd errors, and use ifconfig and route at both ends to make sure the IP address and routing information are correct.

IP Masquerading

Every distribution has its own IP masquerading setup tool, and IP masquerading articles are as common as pig tracks, so turn it on however it says in the book. You will need to make sure that the WiFi network (10.2.0.0/16 in our example) doesn't get masqueraded—just the VPN. To test that masquerading is set up correctly, don't only surf the Web and send mail from the client—temporarily change the default route on the client to go over the WiFi directly instead of the VPN, and make sure that you can't.

Many exciting future developments in wireless networking are on the way. Future security protocols should make the VPN dance unnecessary, and community networks such as NoCatNet are working out protocols to let you share your access point with neighbors without opening yourself up to abuse. But, today's 802.11b cards are going to be common and serviceable for a long time.

Resources

email: dmarti@zgp.org

Don Marti is technical editor of Linux Journal and editor in chief of Embedded Linux Journal.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Setting Up Wi-Fi under Linux

Andrii Iarmolatii's picture

I wish such articled were less filled with extra words, but thanks for his, part about DHCP might be helpful.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState